Jump to content

Malicious Website Protection - port 80 - Inbound


Recommended Posts

Until @Firefox returns....

 

195.3.144.84
 
That IP resolves to somewhere in Latvia.
 
If you are seeing a lot of IP blocks, especially outgoing and especially if no browsers are open, it could be a sign of infection.

You might want to have an expert assist you with checking your computer for malware.

That work cannot be done in this particular area of the forum.

So, for expert assistance, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
A malware analyst will assist you, for free, with looking into your issue.

 

Thanks,

 

Link to post
Share on other sites

Looking at the logs for the last three days that is the only outbound incident, all the rest are inbound.

 

I have run scans with MalwareBytes, Hitman Pro and TDS Killer and they all came up zero, so I'm inclined to think that one outbound was a false-positive.

 

It's not unusual for our website to get hits from Europe, Russia and China trying to run SQL injection scripts and I get email notifications at each attempt, and all 404 not found errors that could indicate a storm brewing - persistent offenders just get that IP range (.0/24) blocked.

 

If this (MalwareBytes) is blocking additional incoming known bad boys from hitting our servers then it's really helpful :-)

Link to post
Share on other sites

Malwarebytes version 2.0.2.1012 is the consumer version of Malwarebytes and is not intended or supported on Windows Servers.

The latest version for businesses is version 1.75

The use of the consumer version is in violation of the EULA.

Please seek help from the business side of Malwarebytes HERE and seek help from Business Sales HERE for proper licensing....

 

Thanks

Link to post
Share on other sites

Can anti-malware for business be installed and run independently on MS Servers (2008 R2 and 2012) without installing/using the management console?

 

Are there any known issues uninstalling the consumer version and then installing the business version (like reboot as an example)?

 

Because of security issues we have SQL Server Express disabled on most servers, and use a Sybase SQL for our DB requirements. If it is possible to run the clients without the management console, is this an issue?

 

Thanks

Link to post
Share on other sites

  • Staff

Yes, you can run the endpoint software (Malwarebytes Anti-Malware for business) on your endpoints without using the console. The endpoint software however is not supported on Server versions of Microsoft Windows.

More info on the system requirements of our business products can be found here under the Endpoint System Requirements section:

Hardware:

CPU: 800Mhz

RAM: 1024 MB (256 MB or more for Windows XP)

Disk space: 25 MB

Screen resolution: 800x600 or greater

Active internet connection for database and product updates

Additional Requirements for Managed Mode:

Windows Installer 4.0 (Windows XP only, already included in other Windows versions)

.NET Framework 3.5 (Windows XP only)

.NET Framework 4.0 (Windows Vista, Windows 7, Windows 8)

Software Requirements: Microsoft® Internet Explorer 6 (or newer), Firefox, Chrome, or Opera browser

Supported Operating Systems:

Windows 8.1® (32-bit, 64-bit)

Windows 8® (32-bit, 64-bit)

Windows 7® (32-bit, 64-bit)

Windows Vista® (32-bit, 64-bit)

Windows XP® (Service Pack 3 or later) (32-bit only)

If you aren't using the product in managed mode (i.e. no Management Console) then you can ignore the Additional Requirements for Managed Mode section above.
Link to post
Share on other sites

Thanks for your prompt response. I did read the pdf, and to me it looks like the endpoint software is designed to run on workstations with a management console that resides on a server and is used by an administrator to set up and monitor the software on the workstations.

 

What I can't determine is what malware product is used on the servers?

Link to post
Share on other sites

Couple of things.

 

1. There is conflicting information about running MBAM on servers (both on this forum, your site and googling in general).

 

2. Your download site at CNET (thought I once read that a lot of PUPS come from there??) quite clearly states that Server 2008 is a supported OS for version 2.0.2.1012, both paid and free flavours.

 

As I am totally unable to copy and paste (nothing happens) or insert a link or image (the dialogue freezes and refuses to do anything, even close) I have attached a pdf instead and hope that works. It is really frustrating.

 

The end-shot is this - MBAM works well in our environment. We're not out to break the terms of your licence (the CNET statement notwithstanding) and would like to resolve this.

Link to post
Share on other sites

  • Staff

Yes, it is not that our software absolutely does not run on Server versions of Windows, but we have not tested it and it wasn't designed for it (the endpoint client software, not the console which is designed for servers of course). If you are using the product in a business environment but do not have business licensing then please do contact our Business Sales department here if you need to purchase in excess of 99 seats/clients or just buy the licenses you need here if you only require 99 seats or less. You don't have to use the console at all if you do not wish and you may deploy the installer through your network using scripting and/or Active Directory (we also offer an MSI version of the installer for such purposes) or simply install the software manually.

We have several solutions for different business models and environments and I'm sure we have something that will suit all of your needs. We even have our recently released Remediation Tool which is essentially just a portable build of Malwarebytes Anti-Malware with no protection that can be used for cleanups without the hassle of installing any software on the endpoint (you just copy the zip archive over to the infected machine, extract it, have it scan and remove the malware, reboot, then delete the portable build from the system).

Link to post
Share on other sites

  • Staff

We do have a slightly unusual setup in that nearly all our hardware is server based with only a few workstations

I see, in that case I'd recommend contacting Business Sales and requesting an evaluation/trial so that you can do some testing before deciding whether or not to deploy our software in your business that way you'll be aware up front of any problems or incompatibilities which might exist (such as the one you discovered already with Malicious Website Protection).
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.