Jump to content
GarFin

64.191.89.101 false positive (i hope)

Recommended Posts

64.191.89.101 used by ebgo.net to register/unlock their software @ startup. Could this be removed from database, or, is there a way for end users to add ip addresses into 'ignore list' ??

Regards

Share this post


Link to post
Share on other sites

So the whole 65,534 or thereabouts possible hosts are all banned, because of a few 200-odd rotten eggs in that class-b subnet ?

Ouch, that's harsh.

So back to my question - Is there a way for end users to add ip addresses into the ignore list ?

Share this post


Link to post
Share on other sites
So the whole 65,534 or thereabouts possible hosts are all banned, because of a few 200-odd rotten eggs in that class-b subnet ?

Ouch, that's harsh.

So back to my question - Is there a way for end users to add ip addresses into the ignore list ?

No, not at this time, but there may be an option in the future.

Share this post


Link to post
Share on other sites

Now I know why you have blocked my server as my IP falls into this range, well thanks for nothing, this is disgusting behaviour, from a so called reputable company such as yourselves. Maybe you should concentrate on only blocking the IP's that pose a threat and not take out a whole IP range.

Imagine if the American government were to say theirs a handfull of terrorists in Afghanistan lets kill everybody that lives there.

This is effectively what you have done. Damaging peoples reputations ad revenue ect is surely illegal, I have always recommended Malwarebytes to people as a reliable piece of security software, but I will never do that again.

Has your company ever thought this could have a damaging effect on those websites whose servers fall into that IP range?

Share this post


Link to post
Share on other sites

Believe me, blocking an entire range is not something we do lightly. If the owner of the IP range had taken action to remove the malicious sites they're hosting, they'd not have been blocked. Sadly, all reports have gone ignored and all sites are still active, which is why it continues to be blocked (if there'd only been a handful of sites, we'd have blocked the IP's themselves)

Share this post


Link to post
Share on other sites
Believe me, blocking an entire range is not something we do lightly. If the owner of the IP range had taken action to remove the malicious sites they're hosting, they'd not have been blocked. Sadly, all reports have gone ignored and all sites are still active, which is why it continues to be blocked (if there'd only been a handful of sites, we'd have blocked the IP's themselves)

Well I let a friend use some space on my server, without my knowledge he used a nulled version of VBulletin. Piracy reports contacted the host who took a very dim view of me having nulled software on my server and the site was removed immediately, so why would they act so harshly for piracy and not for threats?

None of this adds up.

So are you telling me I need to move host? I have been with my host for around 2 years and have always regarded them as very helpfull and give good value for money.

Is it the data center itself or my hosting company?

Can I ask them to swap my server IP?

My Google Adsence account was banned today and after around 2 years of being on the Adsence program the only reason I can attribute this to is this IP blocking. Google are notoriously unforgiving when it comes to reinstating a publisher and unless my appeal is successful I will have lost approx $300 for this month.

Share this post


Link to post
Share on other sites

As far as I'm aware, Google don't base decisions on what we block (only way they'd be able to find that out is to contact us, which is something they've not done), so whatever they've based their decision on, is unrelated.

As far as your hosting company, if someones managed to get them to respond, great, but I've been trying since at least last year and have not had so much as an auto-response (indeed, I've been seeing more and more sites popping up since). If you can get them to remove the sites listed at the following with the EMD/FSA classification, I'll hapilly unblock them.

http://hosts-file.net/?s=64.191.&view=matches

You can ask them to move your site to an IP that's not on the 64.191 range, but depending on the ranges they use, they'll likely not be able to.

If your hosting company is the same company that's listed in the netblock WhoIs, then it's your hosting company, otherwise, it's the datacenter owners.

http://hosts-file.net/?s=64.191.0.0

Share this post


Link to post
Share on other sites

Just an addendum btw, there's actually alot more than 200 malicious sites on the range, there's actually over 300;

http://hosts-file.net/pest.asp?show=64.191

There's a bug in the hpHosts code at present, so the correct number isn't always displayed when using the "normal" viewing options (i.e. /?s={IP}), you can use the above to view the actual number.

Share this post


Link to post
Share on other sites

NOTE: I am speculating.

Well I let a friend use some space on my server, without my knowledge he used a nulled version of VBulletin. Piracy reports contacted the host who took a very dim view of me having nulled software on my server and the site was removed immediately

Perhaps this is the incident that led to Google pulling your site from its AdSense program. :rolleyes: Have you contacted Google to find out?

==========

, so why would they act so harshly for piracy and not for threats?

I suspect your hosting provider that owns IP 64.191.53.56 (ref.) wants to avoid legal/financial action Jelsoft Enterprises Ltd. (producers of vBulletin) might pursue against them for knowingly allowing pirated software to be hosted (and USED) on servers under their control. I suspect Jelsoft has the means to aggressively pursue legal/financial action if necessary. I also suspect Jelsoft WILL pursue legal/financial action if the matter cannot be resolved otherwise.

On the other hand, I suspect the same hosting provider gets money from the vulnerability exploiters and malware pushers it apparently provides hosting services for in the same IP range. Therefore, it seems, the hosting provider would be less likely to pursue corrective action against the exploiters/malware pushers because the hosting provider's income would be negatively affected.

I suspect comparatively few people have the ability/knowledge/patience/finances/etc. to aggressively pursue against the host for knowingly hosting malicious web sites.

I also suspect many "legitimate" web site owners with IP addresses in the same IP range as malicious sites don't care whether or not their host also provides services to malicious domains (as long as the "legitimate" site owner gets "good value for money").

==========

Perhaps enough people who maintain "legitimate" web sites will complain to their hosting providers about their sites being hosted on the same IP address range (in some cases, even on the same IP address) as malicious sites that the hosts will begin to take appropriate actions. If the issue becomes a headache for the host personnel, (especially if enough legitimate web site owners move their sites to other hosts that have established positive, proactive reputations), then the "questionable" host personnel might begin to take the actions that Steven, and probably may other people, have been trying to get them to take. Then perhaps the online community, as a whole, will benefit.

I suspect many (most?) of the people who use Malwarebytes' Anti-Malware WELCOME the "IP Protection" feature even though the feature is currently in its "first version" and can probably use some description/functionality tweaks (such as a less threatening alert message and the end-user's ablity to easily "whitelist" certain IP addresses/ranges).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.