Jump to content
igor51

IP Blocked : 213.186.33.2

Recommended Posts

Can-you explain how MysteryFCM can leave my post "all OVH IPs(France) seems blocked " unanswered since 4 AM ?

 

It went unanswered because I'd not seen it (only woke up an hour ago).

Share this post


Link to post
Share on other sites

I've pushed out an update that corrects this. Sorry for the inconvenience folks.

 

Hi MysteryFCM,

 

I read through this thread and have a question.  Every time I start chrome malwarebytes alerts me  "blocking 213.186.33.19".  I understand some IPs close to this are ok and some are suspect, but I am unsure why Chrome would try to connect to this address at start up.  Is there a acceptable reason or should I be concerned?

 

TIA 

Share this post


Link to post
Share on other sites

Update : v2013.07.03.08 is now out and I'm connecting to S-X and sosvirus without a problem.

 

That was quick team, considering. Thanks :-)

 

 

Cheers,

Share this post


Link to post
Share on other sites

Hi MysteryFCM,

 

I read through this thread and have a question.  Every time I start chrome malwarebytes alerts me  "blocking 213.186.33.19".  I understand some IPs close to this are ok and some are suspect, but I am unsure why Chrome would try to connect to this address at start up.  Is there a acceptable reason or should I be concerned?

 

TIA 

 

It's likely it's loading webmail.ovh.net

Share this post


Link to post
Share on other sites

Update : v2013.07.03.08 is now out and I'm connecting to S-X and sosvirus without a problem.

 

That was quick team, considering. Thanks :-)

Reinstalled MBAM to verify: Database v2013.07.03.08,

My website and forum: www.street-photo.fr (IP: 213.186.33.4) still blocked and tagged as dangerous.

STOP THAT, please, the joke had lasted long enough !!!

Share this post


Link to post
Share on other sites

v2013.07.03.10 is 6 updates out of date, please check again and report back.

Share this post


Link to post
Share on other sites

hi, Bruce

v201.3.07.04.06 looks OK on the sites i manage.

 

Till the use of IPV6 generalized, may-be it would be time to think to a better version, using urls ?

IPv4 is nothing usable: omho, shared hostings, floating Ips with DYN DNS can induce thousands of false positive, as it happened.

With a big prejudice for innocent websites, multiplied by the success of your software.

I understand why you can prefer databases of Ips for speed, but, at least, an heuristic analyses of those supposed dangerous Ips could slow only those, without blocking our clean web sites ?

This is an old story, as well known websites had to suffer in the past the same story with other protective softwares (like http://www.choozen.com/ tagged as malicious  by McAfee during several weeks as an example).

No protection is preferable to any false positive, on my point of view.

Share this post


Link to post
Share on other sites
Hi guys

OVH IP adress 213.186.33.4 is still blocked.

Did I miss something?

I uninstalled et installed again Malwarebytes, updated the definitions. Still blocked.

I have the Pro version.

Thanks for the replies and info.

Share this post


Link to post
Share on other sites

Again ??!!

2014/02/08 10:48:14 +0100 XXX XXX IP-BLOCK 213.186.33.2 (Type: outgoing, Port: 52609, Process: avwebgrd.exe)

Share this post


Link to post
Share on other sites

Same here I am seeing the site 213.186.33.3 blocked by Malwarebytes. This site is a gaming site that has not had any malware issues at all. You may not callit a false positive but it is. If the site does not have any malware then it is in fact a false positive - taken from wikipedia:

 

A false positive error, or in short false positive, commonly called a "false alarm", is a result that indicates a given condition has been fulfilled, when it actually has not been fulfilled. I.e. erroneously a positive effect has been assumed. In the case of "crying wolf" – the condition tested for was "is there a wolf near the herd?", the actual result was that there had not been a wolf near the herd. The shepherd wrongly indicated there was one, by calling "Wolf, wolf!".

A false positive error is a Type I error where the test is checking a single condition, and results in an affirmative or negative decision usually designated as "true or false"

 

 

That is exactly what the software is doing at this moment. You should not block a full range of IP's, only block the IP itself that is in question.

Share this post


Link to post
Share on other sites

It's not the site itself that is the issue, it's the IP. This is one of 4-5 IPs blocked on the /24, due to over 600 cases. Yet another email was sent to OVH (previously, there were only 2 IPs at issue) yesterday, but there's been no reply so far.

 

 

SuMo would be well advised to move elsewhere, but yes, once the incidents are resolved, the block will be removed.

Contrary to popular belief, I actually hate having to block IPs that belong to compromised or otherwise mis-used sites, more-so when they're shared.

 

 

Such options may be available in future, but at present, only IP blocks are supported.

 

 

There's not even close to 500,000 sites on the IP, and again with all due respect, how many sites are on their IP range, are irrelevant. If there's a signficant number of incidents on the IP and they're not responsive, the IP will be blocked as I must put the protection of our users first.

 

 

 

 

That is correct. They've been sent no less than 4 emails regarding this, in the past week. Cases were re-checked by me prior to the last email being sent,so no, they're not F/P's.

I'm more than willing to accept assistance from OVH customers as far as reaching OVH to have something done, but again, this is not an F/P. Contrary to popular belief, I do not like having to block IPs, especially shared IPs, but the risks of not doing so, are far higher than doing so.

 

 

Once again, this is not an F/P, and there's no "hiding" behind anything, the problem exists because OVH are not responding, as mentioned - I'm more than willing to accept assistance from OVH customers in reaching them but so far, all responses in this and other threads, instead of offering assistance, have been insulting instead.

As for a whitelist, the simple reason for my not doing this is because MBAM does not currently support such a facility.

 

 

I'm sure you'll all be pleased to know, Bilel from OVH responded whilst I was out this afternoon, just got back and finished going through the cases causing the block. OVH have now suspended the vast majority of sites affected with only a handful still remaining live.

As there's now only a handful still live, the block will be removed on the next update.

 

 

Same here I am seeing the site 213.186.33.3 blocked by Malwarebytes. This site is a gaming site that has not had any malware issues at all. You may not callit a false positive but it is. If the site does not have any malware then it is in fact a false positive - taken from wikipedia:

 

A false positive error, or in short false positive, commonly called a "false alarm", is a result that indicates a given condition has been fulfilled, when it actually has not been fulfilled. I.e. erroneously a positive effect has been assumed. In the case of "crying wolf" – the condition tested for was "is there a wolf near the herd?", the actual result was that there had not been a wolf near the herd. The shepherd wrongly indicated there was one, by calling "Wolf, wolf!".

A false positive error is a Type I error where the test is checking a single condition, and results in an affirmative or negative decision usually designated as "true or false"

 

 

That is exactly what the software is doing at this moment. You should not block a full range of IP's, only block the IP itself that is in question.

 

Above, I've quoted the relevant replies that MysteryFCM placed in this entire thread.

 

Unfortunately, what you're not realizing is that that IP that you've listed is not just  a gaming site.  It is a shared IP - meaning that multiple domains could easily be linked to a specific site.

 

As stated above, the only mechanism currently available is IP blocking.  If there are multiple domains associated wit ha single IP, let's say 10, and 3 are malicious and 7 are not, it is in the company's best interests to protect people from the 3 that are malicious until the hosting company (In the examples above, OVH, and in your IP example, from http://www.ip-tracker.org/locator/ip-lookup.php?ip=213.186.33.3 is also OVH.net.

Share this post


Link to post
Share on other sites

As usual, any news from the staff ?

I really don't care to know if it's the OVH fault or not. There are some other ways to protect users agaisnt the Internet threats (-_-'), but it seems that MBAM doesn't want to study them.

Can we except a real solution from such professionals in order not to block several clean websites ?

For now, our users have to disable the protection to go on our Website because they know that the website is clean.

Share this post


Link to post
Share on other sites

Sorry for the delay. A few IPs on the /24 were re-blocked due to malicious content yet again reappearing, and OVH's abuse dept being beyond woeful.

 

However, I do now have contacts over there that whilst taking longer than I'd like, do get things done as far as removal. In saying this, this /24 (and I must stress, IT IS NOT THE ENTIRE RANGE THAT IS BLOCKED) has had constant problems with malicious content for years.

 

As far as the blocks themselves, they will be removed when the malicious content is removed.

Share this post


Link to post
Share on other sites

Hello,

 

 

Blocking will last a long time?

 

Even if Security-X is on IP 213.186.33.2, the site is healthy.

 

 

Blocking must be refined, you cannot block hundreds of websites for one or two malicious sites.
You penalise your own customers!
 
 
Thank you for your diligence .
 
@+

Share this post


Link to post
Share on other sites

Again all ovh shared hosting all blacklisted and that you still prefer locking thousand legitimate domain instead of real few compomised domains

 

Shame on you !

 

Locking domains that are not faulty looks like hijacking / malware while you clearly know that you make real damage to some domains / webmaster and make legitimate site suspicious !

 

you'r right MysteryFCM blacklisting a whole ip range is not a FP but clearly an abuse !

 

from now, i will clearly recommend to NOT buy MBAM anymore until you'll change the way you manage blacklisting

 

http://accedinfo.com/2014/02/10/malwarebytes-antimalware-mbam-mis-en-cause-pour-sa-politique-de-blocage-web-par-adresse-ip/

 

elarifr

Share this post


Link to post
Share on other sites

We've not blocked the whole range, only the offending IPs. OVH were sent an email about it again yesterday.

Share this post


Link to post
Share on other sites

 

Hello,

 

 

Blocking will last a long time?

 

Even if Security-X is on IP 213.186.33.2, the site is healthy.

 

 

Blocking must be refined, you cannot block hundreds of websites for one or two malicious sites.
You penalise your own customers!
 
 
Thank you for your diligence .
 
@+

 

 

Had it only been one or two, they wouldn't have been re-blocked.

 

/edit

 

Sorry for missing those parts of your post;

 

1. A forum being present sadly, isn't enough to whitelist the IP, especially given the sheer volume involved.

 

2. As far as how long the block will last, I'm afraid this will depend solely on how long it takes OVH to resolve the issues.

 

I realise this isn't viable for everyone, but I'd urge the Security-X site be moved elsewhere.

Share this post


Link to post
Share on other sites

Hello,

 

Security-X on IP 213.186.33.2 is always blocked by Malwarebytes.

 

The performing team Malwarebytes should find a solution to not block abusively hundreds of websites that are safe and which should not be affected by this blockage!

 

Share this post


Link to post
Share on other sites

Hello,

 


 

I realise this isn't viable for everyone, but I'd urge the Security-X site be moved elsewhere.

 

I'm sorry, but ... Is it a joke ?

 

Do you think of the other websites, or forums on this IP range ? If they don't see this topic ? (and they don't) So maybe don't have seen their website/forum was blocked ?

Their visitors, seen MBAM block, think the website/forum is a dangerous one ...

 

I understand OVH isn't a good interlocutor, but you can't blocked hundred of legitimate website like this.

 

We know MBAM team was a good team, with a good product, but this feature on MBAM pro isn't good. You have to change it.

 

Please, understand this ...

Share this post


Link to post
Share on other sites

It's not a joke, no.

 

Contrary to popular belief, I hate having to block IPs, especially shared hosting, and only do so when I have to.

 

In this case, OVH abuse dept refuses to deal with abuse. The only reason they're now working with me is because of the IP blocks currently in place. Even then, they're taking their time dealing with them (some of which, date back well over a year!) and in the case of the latest incidents, advised me they'd been dealt with when they hadn't, hence the blocks still being present.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.