Jump to content

Recommended Posts

malware bytes is blocking my website and also my hosts when i go to my site when using malwarebytes i get:

malwarebytes' anti-malware has successfully blocked access to malicious ip: 89.149.242.120 = kingdom-kvcd.net

when i go to my hosts site i get

malwarebytes' anti-malware has successfully blocked access to malicious ip: 89.149.209.211 = jmhservices.com

i would think mb has blocked all jmhservices servers can you take mine off this list because your software is stopping people reaching my site

again the ip i need unblocking 89.149.242.120 = kingdom-kvcd.net

can you please help in this matter

Link to post
Share on other sites

I've finally had someone from Netdirekt get in touch, albeit via my blog, but until the issues within their network are resolved, the only suggestion I can give is to temporarily disable IP Protection whilst accessing your sites, as there's far too much malicious activity within their IP space, to allow unblocking at this time.

Link to post
Share on other sites

With all due respect I don't think you did your research on this matter. the add on that blocks whole networks wholesale without the ability to whitelist specific ip's or ranges is going to cause major customer discontent. You may find your users will drop the product because of this module. Maybe a warning system with a proceed or not option would have been a smarter choice. While I understand the reasons and the issues not all networks within their system is at fault. If you research the alleged abuse cases you will find that the vast majority of the complaints are not valid as they have been removed.

You should look at networks like FDC, leaseweb and others that have become a haven for hackers and malware. There are so many networks infested with these users doing this malicious activity that you may find yourself blocking so many networks that your program will become useless.

I do hope this can be resolved soon before any legal action is involved as blocking a network where only a small percent of issues compared to the number of ip's in the range is not a smart decision.

Link to post
Share on other sites

I believe a whitelist is slated for a future release, but have no confirmation or ETA on this at present.

In saying this, research most certainly was done, as it is done for all IP's blocked (and indeed, even for thousands that aren't eventually blocked for one reason or another). NetDirekt has a history going back years, for everything from phishing to malware to exploits and more besides. Had the abuse been restricted to a certain segment of their network, I wouldn't have blocked all of their ranges. As it is, we've seen abuse across their entire network.

As far as other networks, Leaseweb is already blocked (and has been since the IPBL was introduced), and parts of the FDC, along with many others. As I've said before, I do not like blocking entire ranges, but when the activity reaches a certain point, we must simply say "enough", we must draw a line, else it will simply continue, just as it has done for years.

As already mentioned, I've had contact finally, from NetDirekt's CEO, and am correlating all of the malicious IP's and domains on their network, to send to them, just as I've been doing since Leaseweb contacted me, and if we see a drastic reduction in the amount of activity within their networks, they'll be removed.

I do understand the frustration that IP blocking can cause, and have spoken on this issue many times before. Sadly, IP blocking provides a much greater range than host blocking, and just like host blocking, has it's downsides.

Link to post
Share on other sites

Thank you for your reply

We do hope that soon there is a whitelist script added so users of your program can add ip's of their choice allowing them to connect. I understand fully that the malware and malicious activity is widespread across so many networks. Sadly many users of dedicated servers and hosting space are not greatly experienced in securing their scripts or servers and are subject to exploits that are running that they are not even aware of. Such as the recent roundcube exploit that allowed hackers to install scripts to send malware and such.

There will always be this problem and the larger networks are more visible because of the shear number of ip's. In reality the number of cases compared to the total number of ip's and domains may be less than smaller networks in percentage but they stick out because of their large size.

IP blocking or host blocking both have faults but the main issue is the lists are not checked timely and as sites and ip's are cleaned they are not removed form these sites in a timely manner. There is no good way to do this I know but its frustrating to have someone tell you that a IP you gave them is on some blacklist or blocklist and you check it and that domain or user has been removed over 2 years ago.

Good luck with this as its a balancing act between your customers satisfaction with your program and dissatisfaction because of the blocking of their popular sites. It could effect this in a negative way very easy.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.