Jump to content

To whoever is in charge with Malicious Websites Database

questions
 Share

Recommended Posts

questions

questions

Posted
Posted

Hi,

 

I found this link:

http://malwareurls.joxeankoret.com/normal.txt

 

Malware URLs generated in Sun Apr 27 08:05:19 2014
# Total of 6550 malware URL(s)


More than 85% of these are not detected by MBAM as "malicious" even though ALL of them are checked as "malicious" by Sucuri Site Check, see:

http://sitecheck.sucuri.net/results/capturephotog.com

 

 

Just an example: capturephotog.com------------> no reaction from MBAM but see attachment.

 

 

I tested several hundred of them, the result is alarming!

What is going on here?

 

post-159015-0-78149000-1398597209_thumb.

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hi, questions: :)
 
Until the staff members arrive to address your specific questions....
 
It appears that you have an essentially identical post >>here<< (and a similar one >>here<<)?
 
The forum Root Admin, AdvancedSetup, replied to your previous post:

Thank you for your opinion. We do have an FP forum for this that you're more than welcome to post to if you think we're blocking one that should not be.

https://forums.malwarebytes.org/index.php?showtopic=20806

Thank you


That same explanation would still apply. :)
Malicious IP blocking is designed to protect the user from bad content on websites.
 
If you feel that IPs being blocked should not be detected (IOW are "False Positives"), then I suggest that you please read the instructions >>here<<. Then please follow AdvancedSetup's suggestiong for reporting those possible FPs in the correct forum section >>here<<.

The MBAM researchers who manage the IP database will review the information.
 
There is also information in the MBAM User Guide about how to exclude IPs and domains: Online and PDF

Doing so without first confirming the safety of those sites/IPs could reduce your computer's security, however. ;)

 

Thank you,

 

daledoc1

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hi:

 

I'm sorry, but you are posting your opinions and concerns in the wrong area of the forum.

 

To post about website blocking FPs, for high visibility for the appropriate MBAM team members, please start here: https://forums.malwarebytes.org/index.php?showtopic=20806

Then, please post here: https://forums.malwarebytes.org/index.php?showforum=123

 

Thanks,

 

daledoc1

Link to post
Share on other sites
MysteryFCM

MysteryFCM

Posted
Posted

Hi,

 

I found this link:

http://malwareurls.joxeankoret.com/normal.txt

 

Malware URLs generated in Sun Apr 27 08:05:19 2014

# Total of 6550 malware URL(s)

More than 85% of these are not detected by MBAM as "malicious" even though ALL of them are checked as "malicious" by Sucuri Site Check, see:

http://sitecheck.sucuri.net/results/capturephotog.com

 

 

Just an example: capturephotog.com------------> no reaction from MBAM but see attachment.

 

 

I tested several hundred of them, the result is alarming!

What is going on here?

 

I'll go through the list, but to be clear;

 

1. I can't block sites I don't know about (there's only 2 of us doing this at present)

2. The website protection currently only blocks IPs (ability to block individual sites is already being worked on, but isn't due until a future release), and this is only done if sites aren't cleaned within 12 hours of reporting (depending on severity)

3. A lot of sites are on shared servers, and these are only blocked if there's a significant number of cases and/or the host/ASN is unresponsive

 

With regards to reporting malicious sites, please feel free to drop me an email.

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hi:

 

He's not talking about False Positives. He's asking about false negatives / low detection rate. The other way round, many blacklisted sites are not being blocked while he thinks they should. 

 

Thanks, yes, could be.

But this still isn't the correct area of the forum for such reporting. ;)

In the OP's other posts, it seemed he was reporting the opposite problem.

Nor is there a need to duplicate posts for the same issue. ;)

<just sayin'>

 

Having said that, it looks as if @MysteryFCM has provided the official, definitive response.

Let's hope that it answers @questions's questions. :)

 

Cheers,

 

daledoc1

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.