Jay12 #1 Posted April 10, 2012 My users have reported that malware bytes is blocking my website , the site uses cloudflareips reported are :199.27.135.14 173.245.60.80 Share this post Link to post Share on other sites
Somethngcreative #2 Posted April 10, 2012 Hi,I also got the same IP Block, the Ip's that were blocked were:199.27.135.184 141.101.124.185 I did reversedns on the IP's and they were linked to cloudflare. Share this post Link to post Share on other sites
JordanElliott #3 Posted April 10, 2012 same ips above being blocked here. and another cloudflare one 141.101.124.136 Share this post Link to post Share on other sites
Jay12 #4 Posted April 11, 2012 Heres a full list of the ip ranges: IPv4204.93.240.0/24204.93.177.0/24199.27.128.0/21173.245.48.0/20103.22.200.0/22141.101.64.0/18108.162.192.0/18190.93.240.0/20Also available as a IPv4 text list. IPv62400:cb00::/322606:4700::/322803:f800::/32Also available as a IPv6 text list. Share this post Link to post Share on other sites
Guest #5 Posted April 11, 2012 Hi,I also got the same IP Block, the Ip's that were blocked were:199.27.135.184 141.101.124.185 I did reversedns on the IP's and they were linked to cloudflare.Im also recieving the exact same two IP's in my alerts, what services are using cloudflare ? Share this post Link to post Share on other sites
MysteryFCM #6 Posted April 11, 2012 This is being worked on, thank you. Share this post Link to post Share on other sites
Jay12 #7 Posted April 11, 2012 Will you update this thread when this has been resolved, thankyou. Share this post Link to post Share on other sites
JordanElliott #8 Posted April 11, 2012 here is some more cloudflare ip's still being blocked:199.27.135.243141.101.124.244199.27.135.22141.101.124.232173.245.60.121141.101.124.136 Share this post Link to post Share on other sites
MysteryFCM #9 Posted April 11, 2012 You don't need to post these, I'm already aware of them and am awaiting a response from CloudFlare. Share this post Link to post Share on other sites
MysteryFCM #10 Posted April 11, 2012 Will you update this thread when this has been resolved, thankyou.I will, yes. Share this post Link to post Share on other sites
Jay12 #11 Posted April 11, 2012 I will, yes.Much appreciated. Any kind of timescale i can tell my members that use Malware bytes or do we wait...... Share this post Link to post Share on other sites
_Rich #12 Posted April 11, 2012 Hello Malwarebytes It's been a while since my last visit here. Just wanted to confirm that I am getting the same blocks. Share this post Link to post Share on other sites
MysteryFCM #13 Posted April 11, 2012 This is still being worked on (no time frame yet). Share this post Link to post Share on other sites
Karim #14 Posted April 12, 2012 We have the same problem malwaresbytes is detecting the CDN cloudflare as a suspected malware and our visitors are claiming about thishere is our ips : 141.101.124.119199.27.135.118thank you Share this post Link to post Share on other sites
MysteryFCM #15 Posted April 12, 2012 Please do not post duplicate posts (your other post has been removed).I am aware of this and trying to work with CloudFlare to resolve the matter. Share this post Link to post Share on other sites
alan_oldstudent #16 Posted April 13, 2012 I'm getting a similar message. I'm one of the website administrators for www (dot) occupytacoma (dot) org, and not so long ago, we were recently hacked in an attempt to take us off line. It took us nearly a couple of weeks to get back on line. Perhaps a bit of my mystery is that www (dot) occupytacoma (dot) org now redirects to a temporary mirror at www (dot) occupy-tacoma (dot) org while we're cleaning up the old SQL database. As far as I know, our ISP does not use CloudFlare, so I'm really puzzled.I am using the "(dot)" in my messages because this is my first posting on this forum, and I did not want to look like a spammerHere are some of the IPs:173.245.60.81199.27.135.15Regards,Alan OldStudent Share this post Link to post Share on other sites
gerardwil #17 Posted April 13, 2012 Please do not post duplicate posts (your other post has been removed).I am aware of this and trying to work with CloudFlare to resolve the matter.There is some sort of answer at Wilders: http://www.wilderssecurity.com/showthread.php?t=321912 (#10) Share this post Link to post Share on other sites
Jay12 #18 Posted April 13, 2012 I'm getting a similar message. I'm one of the website administrators for www (dot) occupytacoma (dot) org, and not so long ago, we were recently hacked in an attempt to take us off line. It took us nearly a couple of weeks to get back on line. Perhaps a bit of my mystery is that www (dot) occupytacoma (dot) org now redirects to a temporary mirror at www (dot) occupy-tacoma (dot) org while we're cleaning up the old SQL database. As far as I know, our ISP does not use CloudFlare, so I'm really puzzled.I am using the "(dot)" in my messages because this is my first posting on this forum, and I did not want to look like a spammerHere are some of the IPs:173.245.60.81199.27.135.15Regards,Alan OldStudentWith the greatest of respect this thread is for reporting cloudflare related issues.If you have issues that are not cloudflare related as yours appear not to be, then maybe you should start a new thread. Share this post Link to post Share on other sites
MysteryFCM #19 Posted April 13, 2012 There is some sort of answer at Wilders: http://www.wildersse...ad.php?t=321912 (#10)Yep, basically, as far as they're concerned, they're not the host so aren't responsible for whatever their "customers" get up to (the argument being it just pushes the problem to someone else's lap). However, it is their service being mis-used, which whether they like it or not, makes them responsible too, and means they need to enforce their AUP/ToS.Yes, they did block a few URLs (and even then, not until after the IPs were blocked - they refused to do anything prior to that, regardless of the fact they'd been given evidence to show what was happening in those cases), but again, that's not good enough as all the bad guys need to do is change the filenames or stick the malicious code in other files - something they've already done, and are in the process of doing in two on-going cases (dedicated drive-by sites).And this is just a small part of a much larger issue with them (not going into that yet however).Their last e-mail to me was Thu 12/04/2012 00:07, and whilst I've replied, there's been nothing from them since. Put simply, unless their attitude towards abuse changes, it is highly unlikely they'll be unblocked any time soon. Share this post Link to post Share on other sites
MysteryFCM #20 Posted April 13, 2012 With the greatest of respect this thread is for reporting cloudflare related issues.If you have issues that are not cloudflare related as yours appear not to be, then maybe you should start a new thread.It is related. Share this post Link to post Share on other sites
Jay12 #21 Posted April 13, 2012 As far as I know, our ISP does not use CloudFlare, so I'm really puzzled.Regards,Alan OldStudentI read this and assumed he meant that his hosting was not usinfg cloudflare. Share this post Link to post Share on other sites
alan_oldstudent #22 Posted April 13, 2012 With the greatest of respect this thread is for reporting cloudflare related issues.If you have issues that are not cloudflare related as yours appear not to be, then maybe you should start a new thread.I appreciate your concern and dislike off-topic posts as much as you do too. Perhaps I did not express myself as clearly as I could have.My point was that the reference to CloudFlare mystified me as I think it is not being used by either of our ISPs. So why would MWB throw up a warning about CloudFlare when one goes to my site?Regards,Alan OldStudent Share this post Link to post Share on other sites
tomoz #23 Posted April 14, 2012 Yep, basically, as far as they're concerned, they're not the host so aren't responsible for whatever their "customers" get up to (the argument being it just pushes the problem to someone else's lap). However, it is their service being mis-used, which whether they like it or not, makes them responsible too, and means they need to enforce their AUP/ToS. Put simply, unless their attitude towards abuse changes, it is highly unlikely they'll be unblocked any time soon.I understand your position but I wonder what the consequence is for the end-user? In my case I notice these alerts primarily when I go to my banking site and ignore it. However if the impression is that these alerts can pop up "nilly-willy" affecting bad sites as well as good sites, then how much am I supposed to value them? It seems to me that not due to Malwarebytes fault, the module may not be as useful or usable as originally planned. In a way it is like blocking all US sites by domain because a lot of bad sites are hosted in the US - I think that approach would not fly. Share this post Link to post Share on other sites
MysteryFCM #24 Posted April 14, 2012 Whilst I appreciate the problem, I'm actually a little concerned that a bank would be calling a site that is using CloudFlare to begin with, as this isn't something a bank should be doing.The problem here is one of risk factors, and the risk of leaving it unblocked is far higher than the potential inconveniences of blocking it. I realize this sounds harsh, and blocking CDNs is not something I do lightly, but CloudFlare were given many chances prior to the block being put in place - alot more than I'd normally give. Share this post Link to post Share on other sites
tomoz #25 Posted April 14, 2012 Interesting - so do I take it that irrespective of the lack of cooperation in this case you do not "believe" in their marketing that they are actually providing security apart from speed enhancements?https://www.cloudflare.com/features-securityI am not savvy enough to judge this but I know if I started to talk to my bank about this issue, I would get nowhere. Share this post Link to post Share on other sites