Epic Posted December 11, 2021 ID:1492529 Share Posted December 11, 2021 Hello, All of the websites on our new server have been marked as scam, ip address 31.7.2.113. I'm sure this is not valid, can you please remove the block. Lots of our users are affected by this issue. Thanks in advance. Link to post
Epic Posted December 11, 2021 Author ID:1492531 Share Posted December 11, 2021 example URLS: koalabedding.nl peuterdekbedsjop.nl Link to post
Epic Posted December 13, 2021 Author ID:1492721 Share Posted December 13, 2021 Can someone please pick this up? Link to post
1PW Posted December 13, 2021 ID:1492730 Share Posted December 13, 2021 (edited) Hello @Epic: At this time, no MBG blocks seem to be present for either the above IP address or the URLs. Would you please attach a screenshot of the above Malwarebytes Browser Guard block in your next reply to this topic? Thank you. @gonzo Edited December 13, 2021 by 1PW Link to post
Epic Posted December 13, 2021 Author ID:1492743 Share Posted December 13, 2021 Is there a way i can manually check a website, with an online tool or something? Link to post
alvarnell Posted December 13, 2021 ID:1492750 Share Posted December 13, 2021 6 hours ago, Epic said: Can someone please pick this up? Only the staff can remove a block and they aren't normally in on weekends, but should be with you in an hour or so. Still waiting on a screen-shot so the staff can tell what type of block you are seeing. 17 minutes ago, Epic said: Is there a way i can manually check a website, with an online tool or something? You can check a reputation block by uploading it toVirusTotal using the URL tab, which is actually a requirement outlined in the instructions for this forum, but there isn't a site to specifically test against a Malwarebytes product. Link to post
gonzo Posted December 13, 2021 ID:1492768 Share Posted December 13, 2021 I can get to either one of the named websites without encountering any problems. Accessing http://31.7.2.113 shows me that access to the server's root directory (could be used for exploitation) is possible, but you have disabled directory displays (not a problem). Attempts to access https://31.7.2.113 are met with an error message which indicates that you do not have a valid certificate, and I am offered the option to fall back to http access or abandon efforts (problem if you are a commercial site UNLESS each named site has its own certificate when accessing them directly). Link to post
Epic Posted December 14, 2021 Author ID:1492871 Share Posted December 14, 2021 We make use of postmark for sending emails, urls in mailtemplates send by postmark are replaced by:https://click.pstmrk.it/2s/********* When i click links like this i get the scam notification, see attached screenshot. Can this be fixed? Thanks in advance. Link to post
Solution gonzo Posted December 14, 2021 Solution ID:1492934 Share Posted December 14, 2021 I am assuming you attempted to provide a printscreen of the "postmark," but it is a blank page. If you read our block message, you will see the name of the site that is being blocked and the reason why it was blocked. The reason indicates that the offending site was causing too much chatter between the browser API and the user, which is often indicative of an infected site attempting to make the user behave in a certain way. Because it is poor coding practice and possibly suspicious, we blocked it. Inspecting further, while the site has no relevance to a commercial site offering bedding for children, I cannot block the "postmark" without reason to do so. The blocked site has been whitelisted. Please allow 15-30 minutes for changes to take effect. Link to post
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now