Jump to content keepsthelightson.vpsboard.com

Recommended Posts

It appears that malwarebytes is triggering a false positive on our ad-server, keepsthelightson.vpsboard.com . No malware has been detected and information regarding the warning as provided to me by a forum member is less than helpful.


You are correct on being blocked. VT scan shows 0/63 *but* NoScript has a hissy fit along with MBPro.. Plus you are on 3 DNS Blacklists as a SPAMMER. (This is only research I did; I don't work here so don't yell at me ;))


See attachments:










Just an FYI,


Link to post
Share on other sites

Strange, the server in question doesn't send mail.


It appears that MB has a blind/blanket ban on the IP range in question. You'll see the Crissic submission in this same forum and him and I are on the same IP range.


I ran maldet on the machine anyhow just to double check, even though I was sure it was a false positive, the results were as expected from the server-side:

maldet(1738): {scan} signatures loaded: 10795 (8882 MD5 / 1913 HEX)maldet(1738): {scan} building file list for /srv/adserver, this might take awhile...maldet(1738): {scan} file list completed, found 7788 files...maldet(1738): {scan} 7788/7788 files scanned: 0 hits 0 cleanedmaldet(1738): {scan} scan completed on /srv/adserver: files 7788, malware hits 0, cleaned hits 0maldet(1738): {scan} scan report saved, to view run: maldet --report 080415-1004.1738

MalwareBytes appears to have done a blanket ban on particular IP ranges instead of doing anything properly, as such it appears innocent sites are getting false positives as a result.



Wednesday, 22 July 2015
Malwarebytes Block Torrent Sites Because IP Range
The anti-virus software company Malwarebytes blocking various torrent sites like Isohunt and Lime Torrents because they are located in the vicinity of suspicious IP addresses. Users of the paid solution Malwarebytes can not visit the torrent sites, unless they are removed from the blocklist manually.
The torrent sites themselves are not considered harmful by the anti-virus company. "We block the IP addresses because there are plenty of other IP addresses on the same network are containing all sorts malvertising and fraud sites," said Steven Burn Malwarebytes opposite TorrentFreak . The party behind the IP range would not respond to reports of Malwarebytes, which it was decided to block all IP addresses from the hosting provider.


My server provider has been notified and has mentioned that he has received no such notification from malwarebytes regarding their blacklisting of this particular (or any) IP range. Very unprofessional way for MB to go about doing this. It's resulted in me stopping my work to address and investigate the issue when it was reported to me by a forum member on my website and took some time to figure out it was a false positive.


I hope the removal from the list is prompt. In the meantime I am now swapping the server to a new IP and am waiting for the update to take hold to so my visitors don't see this false positive.

Link to post
Share on other sites

Weird.. since you changed the server IP,  putting keepsthelightson.vpsboard.com in VT to do an analysis takes one to the admin page of the server (keepsthelightson.vpsboard.com) for login.?


I'll stay out of this as I haven't a clue.. I just showed what the user that originally complained to you was seeing.. Which is no longer the case.


Sorry for any insinuations my original research showed. 


Malwarebytes actually is fairly fast in resolving these problems.



Who may one day learn to stay out of other peoples' business. :(

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.