Jump to content

Possible false positive? Ip block


Evolvingdoor

Recommended Posts

Hello,

I sent this request to MB's support contact and they said I need to post this in the forum, so here I am.

Since I started using MB in real time (as opposed to occasional scans), I've been getting warning messages that a "malicious" IP has been blocked from an outgoing call from my browser (it happened for all different browsers I tried it with, so it's not browser-specific). Here is a sample line of a log for this with the actual IP (although it tries many different port numbers):

2012/05/09 18:54:50 -0400 MYCOMPUTER Owner IP-BLOCK 109.163.230.92 (Type: outgoing, Port: 55152, Process: firefox.exe)

This was only happening when I accessed my own website, and after a lot of time and effort I finally found out where this was coming from. It was from a widget that I created at buttonshut.com, and the code was pulling in an image from their website.

I did some research into these guys and they seem to be a conglomerate of "hut" sites on a variety of topics. The domain is held by GoDaddy, the company that owns it seems to be in the UK, and it seems their servers are located in Moscow.

I haven't found anything online about problems with this IP address when I've searched about it, so I'm wondering why MB has it on their list of malicious websites? I found one site that listed several domains hosted at that IP address, and it included at least one X-rated site. Could this be why MB considers that IP to be "malicious?"

I would like to know the basis for this IP's designation as malicious. It just seems a bit strange that if it's so malicious, I wasn't able to find any reports about this from other webmasters complaining about problems with them. Has anyone else heard of problems with this IP? I'm wondering if it might be a false positive, or possibly some over-caution on MB's part, or if there really is a concrete threat that has been traced back to this IP address?

Thanks very much for your help.

Link to post
Share on other sites

Nothing to do with any other sites listing anything on the range - it's blocked due to a plethora of malicious content across Voxility/Limehost IP space, and their deciding they don't want to deal with it, and deciding they don't want to boot blackhat hosts reselling their space to criminals.

Link to post
Share on other sites

Not quite, no. It's not a case of being painted with the same brush - it's a case of the ASN refusing to deal with abuse, and the risks of not blocking, being far out weighed by the benefits of a blanket block, plain and simple.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.