IP blocking issue

[IT Expert]

I'm a Malwarebytes reseller, one of my clients pointed out an issue to me today. Malwarebytes was blocking a few sites that aren't infected for example my website

I host the first 2 I listed below, I know for a fact they are healthy.

http://www.nicklockard.com

http://www.pchelperdesk.com

These 2 sites also seem healthy, but I do not host them so I can not be 100% on that

http://www.lacrosseplayground.com

http://www.pgigroup.com

I was foreced to disable this security feature. Malwarebytes next edition needs to have a way to allow site you know are safe.

Any other ways or ideas I can use to tell my customers how they can get around it with out turn it off?

Thanks,

Nick Lockard

[Bazza]

I could not agree more. Whilst this will no doubt end up as a great feature once it has been perfected it is currently more of a hindrance and frequently very annoying.

[MysteryFCM]

Checking the site shows the first two and the fourth, are resolving to a GoDaddy IP that currently houses well over 200 malicious sites;

http://hosts-file.net/?s=nicklockard.com

Because GoDaddy have neither responded nor taken down the malicious sites, the decision was made to block it. Because most sites redirect using an HTML frameset, I'd suggest changing the domains DNS to point to where it will be taking you to anyway.

The third site is on another GoDaddy IP with over 60 malicious sites;

http://hosts-file.net/?s=lacrosseplayground.com

Again, the owner of the IP range has failed to respond to abuse reports, leaving me no choice, given they've also not taken down the malicious sites, other than blocking the IP.

[whatmeworry?]

Malwarebytes next edition needs to have a way to allow site you know are safe.

I strongly agree! In theory, IP Protection is a valuable feature. In practice, at present, it is NOT. Users must have a way to indicate which sites they want to access regardless of what the IP Protection blocks.

I am in charge of keeping spammers off another forum's website. Probably more than half the spammers use Gmail addresses. Should I then block all people with Gmail addresses? Clearly not. GoDaddy hosts thousands of sites. If hundreds of them are malicious, that's too bad, but it doesn't mean that a huge range of legitimate GoDaddy sites should be blocked. Or block them if you wish, but give Malwarebytes users a way to override the block through a whitelist. Otherwise, many will choose to simply turn off IP Protection.

[MysteryFCM]

A whitelist is slated for the next release I believe

[IT Expert]

So even since I host my own site "the first 2" because my DNS records are using godaddy's (this is where I bought the domain name "url") the DNS is infected?

Reason I ask, my ISP is comcast Im on a public dhcp lease so my IP is dynamic and will change from time to time. I have setup DDNS to allow me to host my sites. I do not have my own DNS server so if I were to host my own or list in a different dns server would this help?

I'm just trying to figure out what I can do, it doesnt look good if the security I'm selling is telling my own customers my sites infected.. Furthermore the IP address it claims to be blocking isnt even my ip let alone an ip on my same subnet.

Thanks for any info you can share on how I can get this issue fix

[smount]

Do you really host your own domain? I don't think it's a very good idea to put your website on Comcast service and I suspect that's not what you're actually doing, but you should know.

To be sure, you can visit http://cqcounter.com/siteinfo/?query=yoursite.com

You can purchase a dedicated IP address from GoDaddy. I don't use GoDaddy, but Bluehost (which provides similar services) charges about $30 per year. You can put all of the domains you own (I have 28) on that single IP, so it can be a relatively small cost per domain name.

So even since I host my own site "the first 2" because my DNS records are using godaddy's (this is where I bought the domain name "url") the DNS is infected?

Reason I ask, my ISP is comcast Im on a public dhcp lease so my IP is dynamic and will change from time to time. I have setup DDNS to allow me to host my sites. I do not have my own DNS server so if I were to host my own or list in a different dns server would this help?

I'm just trying to figure out what I can do, it doesnt look good if the security I'm selling is telling my own customers my sites infected.. Furthermore the IP address it claims to be blocking isnt even my ip let alone an ip on my same subnet.

Thanks for any info you can share on how I can get this issue fix

[MysteryFCM]

So even since I host my own site "the first 2" because my DNS records are using godaddy's (this is where I bought the domain name "url") the DNS is infected?

The DNS and your private connections aren't the problem. The problem is, GoDaddy has certain IP's that use frameset redirects (including the IP your domain uses), that point to hundreds of malicious websites, and because GoDaddy have neither responded to abuse reports, nor taken them down, we've blocked these to prevent others being infection via them.

Sadly, the only advice I can give, is to move your site to a new hosting company, or ask GoDaddy to start responding to abuse reports.

[escapedturkey]

Who cares about client side whitelists? There needs to be an appeal process to show that your own site is not infected and to be made an exception in the actual program's database. This is very hurtful to company's where we are using a web-site and rely on access to the web-site for sales and support -- not to be accused of having malicious activity. The reliance on outside sources and not appealing to requests for exclusion are going to lead to a lot of problems in the future.

[IT Expert]

And what hosting company do you recommend thats safe and cheap, as each of my urls were only 20 bucks for 2yrs.

[IT Expert]

Do you really host your own domain? I don't think it's a very good idea to put your website on Comcast service and I suspect that's not what you're actually doing, but you should know.

To be sure, you can visit http://cqcounter.com/siteinfo/?query=yoursite.com

You can purchase a dedicated IP address from GoDaddy. I don't use GoDaddy, but Bluehost (which provides similar services) charges about $30 per year. You can put all of the domains you own (I have 28) on that single IP, so it can be a relatively small cost per domain name.

I dont understand how that would work, I have comcast home service which means im on a public dhcp lease server. I dont know how that would work if I got a static public from godaddy, I didnt even know such options existed.

The way I am able to host my sites from my home using comcast with out a static public ip is using DDNS. I do not need a static public IP, as of yet anyways.

Just because godaddy has some issues, this shouldnt effect my site, my urls are being directed to my DDNS name which is then pointed to my local router / server. Which is 100% safe and healthy.

I need malwarebytes to allow my site as it very tough to resell malwarebytes when the program claims the site is malicious.

[MysteryFCM]

I re-checked the sites a little earlier and sadly, most are still resolving to the affected IP's, and still serving malicious content, so unless GoDaddy start responding, we cannot currently unblock the IP's.

I'd strongly recommend, if you're using dynDNS, you change your domains DNS records to a CNAME, rather than a redirection (the CNAME record can be pointed directly to your dyndns hostname, which will completely bypass GoDaddy's IP's)