Jump to content
BlockedByMB

Malwarebytes Blocking Access to My Websites

Recommended Posts

Hi, I am a webmaster whose lost access to his own site due to installing Malwarebytes on my computer. It worked great for removing rogue security software, but now it seems to have gone rogue on its own blocking access to:

bullyingnews.com
illegalaliensarrested.com
www.biologicalterroralert.com

I've check out the home pages using SE Bot Simulator at http://www.xml-sitemaps.com/se-bot-simulator.html and don't see any evidence of script injection. The ip address being blocked is 93.174.92.215.

Share this post


Link to post
Share on other sites

I'm looking into this, thank you.

Share this post


Link to post
Share on other sites

The IP was blocked due to a plethora of fake AVs being housed here. However, they now seem to have either been finally killed or moved elsewhere. As such, the block will be removed on the next update.

Share this post


Link to post
Share on other sites

That is concerning because I have never hosted fake AVs, but some of my sites have been hacked in the past after fake AVs stole FTP credentials from Filezilla on one of my computers. They then downloaded the files for the sites before appending a script tag to all of my index pages (ex: Default.aspx, index.php, etc.) and uploading them. As a result most of my ASP.Net sites returned server runtime errors because HTML is not allowed outside of ContentPlaceHolders on index pages with master pages, but in a couple cases I was not using master pages and those sites started rendering Iframes to pages on other domains that were distributing the virus even though my sites themselves never hosted anything malicious.

Still I don't recall any of my PHP Wordpress sites getting impacted due to the fact that I was not hosting them on the computer impacted by this virus http://blog.armorize.com/2011/08/k985ytvhtm-fake-antivirus-mass.html for which two of my domains are on the list. I did get hit over a week ago by a different fake AV on the computer I use to program those sites and although I changed my password on all .Net sites used by that computer I didn't get around to the PHP ones because they are of low priority.

Was this block put on those domains over 2 months ago or recently?

Share this post


Link to post
Share on other sites

It wasn't a case of your site being compromised - the fake AV domains themselves were housed there.

Share this post


Link to post
Share on other sites

When were the AVs hosted there? I've only been using this host for a few months and I would like to know if I'm dealing with anyone shady. I would never knowingly put viruses on my own server and my IP should only have those 3 domains on it.

Have you ever had problems with sites hosted by KoDDos.com before?

It wasn't a case of your site being compromised - the fake AV domains themselves were housed there.

Share this post


Link to post
Share on other sites

Records show they were identified a few months ago, and up until last week (domains are now dead), were still there.

There's only been a handful of incidents on their IP space, but all except one (ironically, the most serious incident (far worse than malware, now moved to a new IP within the same AS)) have been within the past 6 months. Only one of the incidents is still live (different IP, but same /24).

Share this post


Link to post
Share on other sites

Thanks for the feedback. It has me wondering whether to share this with them using the support ticket system or just move on to a new host. Either way I've already posted their domain name, so it wouldn't surprise me if their brand management people find this eventually assuming they monitor Google results.

Can you tell me what incident was more serious than malware, what incident is still live, and specific dates for the ones that were on my IP?

Records show they were identified a few months ago, and up until last week (domains are now dead), were still there.

There's only been a handful of incidents on their IP space, but all except one (ironically, the most serious incident (far worse than malware, now moved to a new IP within the same AS)) have been within the past 6 months. Only one of the incidents is still live (different IP, but same /24).

Share this post


Link to post
Share on other sites

Due to their nature, I can't give details of the other incidents I'm afraid, LE (law enforcement) are handling those.

As for those on your IP, the first incident was identified around March, and the last incident was 11/11/2011 (best-protection-ever.com)

Share this post


Link to post
Share on other sites

You can't discuss it, but law enforcement is handling it. Is that the best you can do?

If can't talk about it for legal reason I understand, so I'm going to give you a list of things that I would consider worse than fake AVs. The list is as follows:

1. Phishing

2. Credit Card Fraud

3. Identity Theft

4. Terrorism

5. Child Porn

6. Human Trafficking

7. Sale of User Data

8. Rootkits

9. Password Stealers

10. Randsomwear

I don't have time to go on, but you get the idea. Just pick which numbers from the list that the other incident was about so that I can rule out my random guesses.

Share this post


Link to post
Share on other sites

The last sentence above should have read "Just pick which numbers from the list that the other incident was not about so that I can rule out my random guesses." Pardon the spelling, but I'm quite tired.

You can't discuss it, but law enforcement is handling it. Is that the best you can do?

If can't talk about it for legal reason I understand, so I'm going to give you a list of things that I would consider worse than fake AVs. The list is as follows:

1. Phishing

2. Credit Card Fraud

3. Identity Theft

4. Terrorism

5. Child Porn

6. Human Trafficking

7. Sale of User Data

8. Rootkits

9. Password Stealers

10. Randsomwear

I don't have time to go on, but you get the idea. Just pick which numbers from the list that the other incident was about so that I can rule out my random guesses.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.