False positive for Malwarebytes' own ip

[mountaintree16]

@ Sphinx

Thanks for the additional info

Hmmm so I guess what you are saying is that this page you are trying to see, currently its unfinished, so it is a parking page, and adverts are on it currently then?

I guess that one or more of these adverts then are malicious and that is why you are being blocked from seeing the site?

And what does resolves mean? Sorry, I was reading through the rest of this thread and I had no idea what these terms meant

[MysteryFCM]

When it's no longer parked, it won't resolve to that IP, so it's a moot issue. Fact is, most parking servers are malicious.

@mountaintree16,

Sole reason they have adverts on them = $$$ .... plain and simple, and they couldn't care less where it comes from.

[Sphinx]

@mountaintree16, actually the links are specialized to legal/law related and are not malicious - it's Malwarebytes' database blocking the domain NOT by domain name but by using the ip - which negatively impacts a lot of innocent web sites. When MysteryFCM says it's not by ip, I don't understand since each time it blocks and you get the alert, it plainly lists the ip as malicious - not the domain name.

[MysteryFCM]

And what does resolves mean? Sorry, I was reading through the rest of this thread and I had no idea what these terms meant

Resolves = name to address (e.g. example.com > 1.2.3.4)

[mountaintree16]

@ Mystery

Ah, okay, thanks.

Edit: Thank you for clarifying for me what resolves means

[Sphinx]

MysteryFCM: I'm sure registrars such as GoDaddy (the one with the ip at issue) would certainly be interested in such statement by you!

It is NOT moot that you are blocking a major registrar's parking server!

I'll quote you to them. Perhaps they will convince you directly it's not moot.

[MysteryFCM]

@mountaintree16, actually the links are specialized to legal/law related and are not malicious - it's Malwarebytes' database blocking the domain NOT by domain name but by using the ip - which negatively impacts a lot of innocent web sites. When MysteryFCM says it's not by ip, I don't understand since each time it blocks and you get the alert, it plainly lists the ip as malicious - not the domain name.

The fact the links are specialized to a specific subject, doesn't make it right. Go to the site and pop "spyware" into the search box, I guarantee you most of the results are infact, malicious.

Point is, a parked server with adverts that aren't filtered, is dangerous, end of story.

[mountaintree16]

@ Sphinx

Hmm, oh, okay. I'm not sure then.

[MysteryFCM]

MysteryFCM: I'm sure registrars such as GoDaddy (the one with the ip at issue) would certainly be interested in such statement by you!

It is NOT moot that you are blocking a major registrar's parking server!

I'll quote you to them. Perhaps they will convince you directly it's not moot.

If they cared about their parking servers, other than how much $$ it brings in, they'd do something about the malicious content - plain and simple. Feel free to quote me to them however, I'd love to finally get them to respond to something (lord knows i've been trying to get the likes of GoDaddy to respond to abuse reports and such for longer than I care to remember)

[Sphinx]

OK, MysteryFCM, which links at edavislaw.net are you asserting aren't filtered and/or are malicious?

Mountaintree16, sorry, I didn't mean to direct the prior to you, got distracted before continuing post and lost my place.

[MysteryFCM]

There's far too many to list, but as I said, start by popping in "spyware" into the search box on the site, and it'll take you straight to them (ignoring the obviously legit ones such as norton.com, which is why I never said ALL of the links on there were malicious)

/edit

To save some time, the following for example has 2 legit links and 2 only - norton.com and pctools.com;

http://edavislaw.net/?q=spyware&kot=Pp2-kE0TBA0KEwj_rsqs4f6cAhVRl94KHf121cEQAxgBIAAw0e-gAzgNUNHvoANQ7ayvD1CJ76gQUJnf-RBQwLe1EVC2yu8VUPXJoxs&srcht=r

This one, doesn't have a single legit link that I can see;

http://edavislaw.net/?q=Download%20Software&kot=ZsXOTOfw9SIKEwj3wtv44f6cAhWlWt4KHWAnusAQBhgBIAEw0e-gAzgNUNHvoANQ5NrECVCz-ZgPUO2srw9Qie-oEFCZ3_kQUMC3tRFQtsrvFVD1yaMb&srcht=r

[Sphinx]

I asked you which ones on edavislaw.net - not for a generic response. There aren't that many on that parked page. You throw the baby out with the bath water with such generic verbiage.

I paid for the full version of your software not realizing what little help would be given re false positives, and how many innocent web sites your organization would damage by complete disregard of fairness. Truly you're not showing your organization in any better light than your assessment of GoDaddy.

[MysteryFCM]

I'm not sure what other help can be offered. The domain is parked, so I fail to see the issue, as mentioned, it won't resolve to that IP when it's actually got real content.

As for the malicious links, I've listed examples for you, there's no more I can do.

[mountaintree16]

@ Sphinx

Try reading through this thread:

http://www.malwarebytes.org/forums/index.p...st&p=128057

It might help clear up some questions you may have, I'm not sure.

[Sphinx]

Mountaintree16, thanks for the link. Looks like Malwarebytes' position is pretty clear, and my issue is not virgininal.

[Sphinx]

Correction, make that virginal.

[mountaintree16]

@ Sphinx

You're welcome.

I hope that you're able to figure this out.

At any rate, if you so choose, you could disable the IP blocking just when visiting that site, then re-enable it when you are finished visiting that website. (and the same goes for any other website that you wish to visit that is being blocked, of course, if in doubt of its maliciousness or not, you should post a new thread in this forum about it )

I have just been informed that I should not be posting in this forum anymore unless I am making my own, new post, so this will be my last post in this thread.

Good luck