Jump to content

False Positives.. [Previous thread deleted?] IP Block


MegaManSec

Recommended Posts

Hey there..

My website is being blocked by Malwarebytes, Not sure why.

Here are the list of the IP address's:

addr:109.163.230.8

addr:109.163.230.31

addr:109.163.230.9

addr:93.114.45.91

addr:93.114.45.92

addr:93.114.45.93

addr:93.114.45.95

addr:93.114.45.96

We are a white-hat hacking website, which doesn't supply any blackhat tools, and we only talk about whitehat hacking.

Example of how we are whitehat, and don't do blackhat stuff: http://www.internot....highlight=white

Thanks..

Link to post
Share on other sites

Hi,

FWIW, your previous thread was not deleted -- there was a technical problem at the forum yesterday that caused loss of several days' worth of posts: Recent Downtime and Loss of Posts.

I'm sure the MBAM staff will look into your possible IP False Positives as soon as possible.

Thanks for your patience,

daledoc1

Aye, I read that just after I posted this.

Thanks, though.

Link to post
Share on other sites

This isn't an F/P, for two specific reasons;

1. The IPs belong to Voxility. An ASN with a very long history of housing malicious content, and refusing to deal with such when notified

2. Your site, whilst claimed to be whitehat, has content showing it is actually anything but (i.e. completely irresponsible activities regarding exploits/vulnerabilities on this party sites, being posted, and in public no less! That is FAR from "white hat"). You made this explicitly clear yourself, via posts such as this;

hxxp://www.internot.info/forum/showthread.php?t=84

Link to post
Share on other sites

hey hey hey now..

we use secure disclosure methods, and encourage the use of them.(To anything useful)

Refer to; http://www.internot.info/blog/

http://www.internot.info/forum/showthread.php?t=2078&goto=newpost

http://www.internot.info/forum/showthread.php?t=83

http://www.internot.info/forum/showthread.php?t=2077

http://www.internot.info/forum/showthread.php?t=2105

I would highly appreciate if these were unblocked, as the website they host cause no harm, and show no danger to the public.

Link to post
Share on other sites

hey hey hey now..

we use secure disclosure methods, and encourage the use of them.(To anything useful)

Refer to; http://www.internot.info/blog/

http://www.internot....78&goto=newpost

http://www.internot....thread.php?t=83

http://www.internot....read.php?t=2077

http://www.internot....read.php?t=2105

I would highly appreciate if these were unblocked, as the website they host cause no harm, and show no danger to the public.

Oh by the way, if I were to post something that is 'unethical'(but not illegal) on THIS website and it wasn't deleted, that means that this website would be blacklisted? Humph. Seems legit.

Link to post
Share on other sites

If it were whitehat and responsible, yourself and your users, wouldn't be posting vulnerable sites (in the case of the thread I referenced, your own thread indicated you did it for no other reason than "I don't like SuperMicro"), or other such things, until such were fixed - simple as that. Nor would you be permitting things such as this;

hxxp://www.internot.info/forum/showthread.php?t=369

Oh by the way, if I were to post something that is 'unethical'(but not illegal) on THIS website and it wasn't deleted, that means that this website would be blacklisted? Humph. Seems legit.

Hardly a good argument, for a start, this isn't YOUR forum. If such were found, it would be removed, and the user first warned, then banned if done a second time.

Link to post
Share on other sites

If it were whitehat and responsible, yourself and your users, wouldn't be posting vulnerable sites (in the case of the thread I referenced, your own thread indicated you did it for no other reason than "I don't like SuperMicro"), or other such things, until such were fixed - simple as that. Nor would you be permitting things such as this;

hxxp://www.internot.info/forum/showthread.php?t=369

Hardly a good argument, for a start, this isn't YOUR forum. If such were found, it would be removed, and the user first warned, then banned if done a second time.

"wouldn't be posting vulnerable sites"

People are free to report these types of things.

As has happened before; http://www.internot....8;p=471#post471

If I found a vulnerability in ipboard, and I contacted the support team, they patched it and I waited a week to release it publically, are you going to cry because at least one website is using the outdated code? Hmm, there are disclosures everywhere, better block the whole internet! Only allow malwarebytes.org and google.co- OH wait!! OMFG GUIEZ GOOGLE IS SHOWING US VULNERABLE WEBSITES LETS BLOCK GOOGLE.COM!1!!!!!!!!!!!!!!!!!!!!1111111111!!!!!!!!!!!!!!!!!!!@@@@@@@@@@@@@@@@@222222111!!1!1!1

https://www.google.com/search?client=ubuntu&channel=fs&q=%22you+have+an+error+in+your+SQL+syntax%3B+check+the+manual+that+corresponds+to+your+MySQL+server%22+%22union+select%22&ie=utf-8&oe=utf-8

And as per the T&S of signing up to the website, it states that anything posted on the forum is of the posters, NOT by the admins.

If you, or anybody else has any problems with the content, they can email the webmaster and the webmaster(me) will try and get it sorted.

just because YOU don't like something that is on a website, doesn't mean that it could be anywhere near dangerous for a regular, or irregular user.

:)

Link to post
Share on other sites

With all due respect, your last reply is childish at best.

Responsible disclosure means waiting for such to be fixed before making it public, at least 7 days would be the norm. To give an example of a post you made, you posted it 3 days after claiming to have discovered it, giving nowhere near enough time to allow for verification, fixing, testing, pushing to users etc. Indeed, even allowing for publicizing to inform users (whether you publicize it, or the affected vendor does) it had been patched and they needed to update, 3 days is nowhere near enough time in most cases.

Instead, some of the posts on your forum are no different to posts I've seen on other supposedly "white hat" forums, that are far from being white hat. You can claim whatever you like in the ToS, indeed, others do too, but that doesn't make the blindest bit of difference when the posts on the forums or majority of posts, are intentionally malicious or at best, "grey hat" at best.

To give another example from your last reply, if you gave them a week to verify and patch it, then that's a completely different matter, as you'd have given them a responsible amount of time to verify and patch it, and similarly, if you report it and they don't fix it within 7 days, then again, that's a completely different matter, but your own posts on your own forum, shows you've not done that. It is this that makes the difference here, and this that shows the difference as far as any "hat colour".

To give the benefit of the doubt, if it is indeed a white hat forum, then at best, it is a seriously irresponsible one.

Link to post
Share on other sites

With all due respect, your last reply is childish at best.

Responsible disclosure means waiting for such to be fixed before making it public, at least 7 days would be the norm. To give an example of a post you made, you posted it 3 days after claiming to have discovered it, giving nowhere near enough time to allow for verification, fixing, testing, pushing to users etc. Indeed, even allowing for publicizing to inform users (whether you publicize it, or the affected vendor does) it had been patched and they needed to update, 3 days is nowhere near enough time in most cases.

Instead, some of the posts on your forum are no different to posts I've seen on other supposedly "white hat" forums, that are far from being white hat. You can claim whatever you like in the ToS, indeed, others do too, but that doesn't make the blindest bit of difference when the posts on the forums or majority of posts, are intentionally malicious or at best, "grey hat" at best.

To give another example from your last reply, if you gave them a week to verify and patch it, then that's a completely different matter, as you'd have given them a responsible amount of time to verify and patch it, and similarly, if you report it and they don't fix it within 7 days, then again, that's a completely different matter, but your own posts on your own forum, shows you've not done that. It is this that makes the difference here, and this that shows the difference as far as any "hat colour".

To give the benefit of the doubt, if it is indeed a white hat forum, then at best, it is a seriously irresponsible one.

Childish?

Nah,

Just have to prove a point.

Also, refer to the last part of my forum.

==next==

Hm, let's see what I've been given permission to disclose.

http://www.internot.info/forum/showthread.php?t=434

http://www.internot.info/forum/showthread.php?t=86

http://www.internot.info/forum/showthread.php?t=381

http://www.internot.info/forum/showthread.php?t=383

http://www.internot.info/forum/showthread.php?t=104

http://www.internot.info/forum/showthread.php?t=252

http://www.internot.info/forum/showthread.php?t=408

http://www.internot.info/forum/showthread.php?t=297

http://www.internot.info/forum/showthread.php?t=344

more 'whitehat' stuff

http://www.internot.info/forum/showthread.php?t=158

http://www.internot.info/forum/showthread.php?t=127

If you, or anybody else has any problems with the content, they can email the webmaster and the webmaster(me) will try and get it sorted.

just because YOU don't like something that is on a website, doesn't mean that it could be anywhere near dangerous for a regular, or irregular user.

:)

Link to post
Share on other sites

One or two of the posts may indeed, be borderline responsible (and I say borderline, because you both mentioned you'd emailed them and they'd failed to respond, but you also failed to mention how long you gave them to respond to and fix the problem, before posting it - very important bit of information), but then you've got other links you've posted, which are clearly targetting the installations on third party sites, which again, is not the act of a white hat.

You don't need to post the URL for a third party site, for a proof of concept, you know that as well as I do.

Any supposedly "white hat" posts, are irrelevant, it's those that are clearly not, that are the problem, and because of such, pose a problem for the sites you've decided to post the URLs to (again, had you at least masked the domain of such third party site, that would've been a different matter - neither yourself nor any of your forums users, need to attempt to exploit innocent sites, just to "prove a point" as it were - you're more than capable, or should be, of testing it on your own installations).

Link to post
Share on other sites

One or two of the posts may indeed, be borderline responsible (and I say borderline, because you both mentioned you'd emailed them and they'd failed to respond, but you also failed to mention how long you gave them to respond to and fix the problem, before posting it - very important bit of information), but then you've got other links you've posted, which are clearly targetting the installations on third party sites, which again, is not the act of a white hat.

You don't need to post the URL for a third party site, for a proof of concept, you know that as well as I do.

Any supposedly "white hat" posts, are irrelevant, it's those that are clearly not, that are the problem, and because of such, pose a problem for the sites you've decided to post the URLs to (again, had you at least masked the domain of such third party site, that would've been a different matter - neither yourself nor any of your forums users, need to attempt to exploit innocent sites, just to "prove a point" as it were - you're more than capable, or should be, of testing it on your own installations).

Paid software

Private software

Condition of which cannot be emulated.

For example,

the dragonbyte-tech vulnerabilities, I had 100% permission to post those _links_ and the exploits by the owner.

vBSeo one was ruled as not a bug(I was using an old version)

vBGarage one the creator said it was fine to release it whenever I wanted to.

" SQL Injection in another Computer Store v2" shows just a list of tables, which are used for the proof of concept in the email.

putting "UNION%20SELECT%20%28select%20%28@%29%20from%20%28select%28@:=0x00%29,%28select%20%28@%29%20from%20%28information_schema.columns%29%20where%20%28table_schema%3E=@%29%20and%20%28@%29in%20%28@:=concat%28@,0x0a,%27%20[%20%27,table_schema,%27%20]%20%3E%27,table_name,%27%20%3E%20%27,column_name%29%29%29%29x%29,2--+" into a url will show every table name.

Without even saying which company it is, it is 'responsible disclosure'

99% of the threads on the website(non- ExploitDB-RSS feed) are to do with self-made software, not for commercial use. Made just for that one website.

Hey so I'm just going to set up a script to get every url on malwarebytes.org and email it to you, saying that this link may be vulnerable, because I'm not allowed to even put something simple in, just to test it, and if it works, I would report it to you and do nothing further.

Hey, sounds fine to me.

What I do is save companies from being hacked.

If a blackhat hacker were to hack into a website are they going to say to them 'I found a vulnerabilitity' - Nope, they're going to just steal all of the data, and probably deface the website.

People don't know that they're vulnerable, until AFTER the vulnerability has been found.

If you would rather that I let blackhat hackers steal creditcards, and other information(through other people learning about whitehatting), hey keep my website blocked.

But I'm sure that atleast one person that has been on my website has stopped some sort of information leak, by NOT testing the software in their own environment.

The content on the server is not a phisher, it doesn't host malware, it doesn't give guides how to hack and use creditcards, it isn't a C&C for some sort of botnet.

You have no real warrant for blocking the website, except for your personal views.

Link to post
Share on other sites

Sorry for the delay.

Whether what you do helps or not again, is irrelevant when put together with the fact you are doing such without authorization from the sites owners (even pen testers need site/network owners permission before legally testing anything).

Whether the sites you mentioned gave you permission or not (and I seriously doubt they did), are you going to try telling me SuperMicro gave you permission, or the owner of this site did?

hxxp://www.internot.info/forum/showthread.php?t=369

Fact is, as much as you try claiming it's purely whitehat, there's several problems;

1. You've used a known blackhat friendly ASN/hosts (major error number 1 for a supposed whitehat site)

2. You're distributing code and code snippets for malicious software (whether they can be found elsewhere is again, irrelevant)

3. You're actively engaged in attempting exploits and such, on third party sites, without their permission.

Link to post
Share on other sites

Sorry for the delay.

Whether what you do helps or not again, is irrelevant when put together with the fact you are doing such without authorization from the sites owners (even pen testers need site/network owners permission before legally testing anything).

Whether the sites you mentioned gave you permission or not (and I seriously doubt they did), are you going to try telling me SuperMicro gave you permission, or the owner of this site did?

hxxp://www.internot.info/forum/showthread.php?t=369

Fact is, as much as you try claiming it's purely whitehat, there's several problems;

1. You've used a known blackhat friendly ASN/hosts (major error number 1 for a supposed whitehat site)

2. You're distributing code and code snippets for malicious software (whether they can be found elsewhere is again, irrelevant)

3. You're actively engaged in attempting exploits and such, on third party sites, without their permission.

"hxxp://www.internot.info/forum/showthread.php?t=369"

According to that guy, the owner of the website (his school teacher) actually knows. but claims their is no sensitive data to be gotten, so it doesn't matter.

"1. You've used a known blackhat friendly ASN/hosts (major error number 1 for a supposed whitehat site)"

We use them for the following 1) GREAT support, 2) ddos protection

"2. You're distributing code and code snippets for malicious software (whether they can be found elsewhere is again, irrelevant)"

And how is that 1) illegal, or 2) violating malwarebytes terms.

"3. You're actively engaged in attempting exploits and such, on third party sites, without their permission."

Whether that is true or not, how is that any thing to do with viruses or phishers that may attack malwarebytes users?

As said before, there is no real warrant of blocking these IP addresses.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.