Jump to content

MalwareBytes IP Protection


Recommended Posts

It's gotten so ridiculous that I've disabled it. I receive these "IP Infected" pop-up warnings on far to many sites I visit regularly (including several times on THIS forum). AllMusic.com, RateYourMusic, Amazon, eBay, LastFM forums, Get Satisfaction (the bug-reporting service) and a slew of others. All respected sites that have never shown a problem.

Hopefully tweaking this new feature is of utmost importance.

Link to post
Share on other sites

Please try to bear with us, as this is our first implementation of a new technology. Yes, it will get better in time. We are hoping to make it more customizable and more user friendly in future versions, and it will be a focus area in new versions in the near future.

Link to post
Share on other sites

Please try to bear with us, as this is our first implementation of a new technology. Yes, it will get better in time. We are hoping to make it more customizable and more user friendly in future versions, and it will be a focus area in new versions in the near future.

so its mean somebody want to attack my pc?? is my pc protected??

thanks

Link to post
Share on other sites

  • Staff
so its mean somebody want to attack my pc?? is my pc protected??

thanks

No, there is no one attacking your pc, it is protected. The alert means you were blocked from going to that IP which may have linked to by another site which you accessed.
Link to post
Share on other sites

No, there is no one attacking your pc, it is protected. The alert means you were blocked from going to that IP which may have linked to by another site which you accessed.

still not sure clear about what you means..... sorry about that......

can you explain more about it??

thanks

Link to post
Share on other sites

still not sure clear about what you means..... sorry about that......

can you explain more about it??

thanks

When you visit a random website, various images and scripts will load, and sometimes these images and scripts will load from untrustworthy sites. When such a thing happens, we block the untrustworthy sites, so that they cannot harm your computer. It's actually a proactive form of protection, attempting to make sure that your computer does not load any files from malicious websites.

Link to post
Share on other sites

  • 2 weeks later...

The problem with this is... it blocks every website on a shared hosting server (including clean/innocent sites). I get the IP protection bubble, for example, when I try to go to a web site that I administer on Bluehost (which I then cannot reach with a web browser or even a tracert.

When I do an nslookup on the IP address it gives me bluebox123.bluehost.com (where 123 is my box number). So just because somebody who hosts on the same box as we do is a problem, we all are considered problems and blocked. Not very discriminating technology. In fact it makes me want to tell EVERYONE to turn off IP Protection, because as of right now it keeps people from getting to our site (making it look like our site is down, when it is NOT).

This is a rather significant problem.

Link to post
Share on other sites

I have the same problem where sites i visit regularly I cant visit-- one of them is including my own email (hotmail!)

For the past week I have not been able to check my hotmail at home, nor one of my most fave blogs...

any idea how to make exceptions instead of be blocked from everything???

Link to post
Share on other sites

Hello hkaurk22 :) .

At the moment there is no exceptions option for the IP Protection module, but I do believe this feature is coming in a future release. If you believe this is a false positive then please follow the instructions here and create a new topic here so the individuals in charge of the IP database can take a look and hopefully correct it for you in the next definitions update.

Link to post
Share on other sites

Like many other Malwarebytes users I recently noticed the nifty new IP protection feature when the yellow balloons started popping up. It caused me to wonder and perform a few extra scans, though my son's past surfing habits have also been a good cause for being cautious.

I decided to check my firewall log for inbound events and noticed the same displayed IPs showed up. None of the IPs belonged to any of the websites I had visited, attempted to visit or any of their associated content.

A trace of some of the various IPs showed they came from Asia and Canada.

Some that I happened to see while I was working recently.

218.6.15.146

218.9.71.66

218.9.148.118

218.6.15.146

218.6.15.138

219.146.142.21

I think this suggests that what I am experiencing is the unsolicited intrusion by a foreign computer and Malwarebytes IP Protection activating and protecting my computer from a real threat. Or, IP Protection is acknowledging the same thing my firewall noticed somehow, that someone wants in but they don't belong and neither my firewall nor Malwarebytes wants to let them in. Either way, so far so good.

Here is a screen shot of a page from my firewall's log. Most of the infection detections seem to be hitting that 2697(2967?-typing from memory) port.

Link to post
Share on other sites

Those ranges are indeed malicious, and are presently known for exploits and malware;

http://hosts-file.net/?s=218.6.&direct=1

http://hosts-file.net/?s=218.9.&direct=1

I can't find any evidence for 219.146.142.21 at present, however, the 219.146.* range is known for malware and spam.

All ranges are currently tracing back to networks in China.

Link to post
Share on other sites

I only posted one of the 19 pages from todays logfile of inbound events (so far) and that was mainly to show which port the IP events seemed to be drawn to. The 218 and 219 range were just the IPs that I wrote down earlier in the day before I began investigating the subject fully. Other IPs have traced to Calgary, Thailand and China. I haven't bothered tracing them all because it seems pointless after a while, mainly an exercise in curiosity.

So now I wonder if the Malwarebytes IP Protection is designed to act this way in concert with my firewall or was it intended to solely protect me from content on sites I landed on through my own direction? Everything I have read would seem to suggest the latter, an active form of protection from harmful web sites rather than unknown malicious cyber-stalkers quietly attempting to make unsolicited connections to my computer.

Not that I'm complaining if it's working. :)

I'd really just like to be sure it's doing what it's supposed to do and these "threats" are not actually invading my system.

Link to post
Share on other sites

  • Staff
I only posted one of the 19 pages from todays logfile of inbound events (so far) and that was mainly to show which port the IP events seemed to be drawn to. The 218 and 219 range were just the IPs that I wrote down earlier in the day before I began investigating the subject fully. Other IPs have traced to Calgary, Thailand and China. I haven't bothered tracing them all because it seems pointless after a while, mainly an exercise in curiosity.
No need to write them down:

To view a list of blocked IPs navigate to the following folder and look for a file called 'protection-log':

XP path:

C:\Documents and Settings\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs<<<<<<---look in this folder

Vista path:

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs<<<<<<---look in this folder

Link to post
Share on other sites

  • 6 months later...
Please try to bear with us, as this is our first implementation of a new technology. Yes, it will get better in time. We are hoping to make it more customizable and more user friendly in future versions, and it will be a focus area in new versions in the near future.

Please advise us members, possible by group email, when such a specific update is finalized as I agree the IP protection "popup" is really annoying and I also have disabled.

Thanks

Link to post
Share on other sites

Greetings darell and welcome to Malwarebytes :(

You're in luck. This feature is to be implemented in the next release of Malwarebytes' Anti-Malware (version 1.45). Details on many of the planned features for the upcoming version can be found here

4. Integration of IP blocking options and other customizable policies into the main program interface as requested.

If you require anthing further please post or contact support@malwarebytes.org.

Thanks :)

Link to post
Share on other sites

Greetings darell and welcome to Malwarebytes :(

You're in luck. This feature is to be implemented in the next release of Malwarebytes' Anti-Malware (version 1.45). Details on many of the planned features for the upcoming version can be found here

If you require anthing further please post or contact support@malwarebytes.org.

Thanks :)

Great that is something that was getting really annoying....

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.