Jump to content

Mistakenly blocking all subdomains of a public web host


Go to solution Solved by Zynthesist,

Recommended Posts

Hi Malwarebytes,

I'm an engineer at Render (https://render.com), a cloud provider hosting tens of thousands of websites, each with its own onrender.com subdomain. It has come to our attention that Malwarebytes is indiscriminately blocking legitimate onrender.com websites with a message about suspected phishing. Non-Render domains that have CNAME records to onrender.com domains are also being blocked mistakenly. It's worth pointing out that onrender.com has been validated as a "public suffix" by Mozilla (see https://publicsuffix.org/). This means that if, say, foo.onrender.com is being used for a phishing attack, there's no reason to believe that other onrender.com domains are being used for phishing as well. When we are made aware of people using Render for phishing we block them right away. We also have methods of proactively detecting and blocking abuse of this nature.

Please consider making the changes necessary to treat onrender.com as a public suffix going forward. If your systems detect phishing on an onrender.com subdomain please block only that subdomain (e.g. foo.onrender.com) and notify us so we can take the site down. It's damaging to our many legitimate customers and their businesses when their websites get blocked by Malwarebytes with a message about suspected phishing. It's also a bad experience for your premium users trying to access legitimate websites.

Thank you,

David Mauskop

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.