Jump to content

my outbound website is being blocked


Recommended Posts

I am all of a sudden getting a pop up error on my 2019 server where I have Mailwarebytes premium running 

Error is outbound website blocked due to trojan the file its blocking is my php-cgi.exe 

Php executes on that site to gather some outside data

I now have a partially broken site, I have made sure Mailwarebytes is up to date, rebooted the server still getting the popup I have tested by turning off mailwarebytes and turning it back on and the data then does indeed update on that site

I exported and attached the detection

 

mailwarebytes_block.txt

Link to post
Share on other sites

 

First some info for you.

I am sorry to inform you that Malwarebytes Premium (stand alone) is not supported on any server OS and is also against the EULA as well.

 

(b) Paid License.

If you purchased a license to the Software from Malwarebytes or from a Malwarebytes authorized reseller, then conditioned upon your compliance with the terms and conditions of this Agreement, Malwarebytes grants you a non-exclusive and non-transferable license to Execute the number of copies of the Software for which you have paid solely in executable form on the corresponding number of Devices owned or used by you. Furthermore, you may not Execute the Software on any Device(s) running a server operating system unless it is a Malwarebytes server product as reflected in its official product name and official release notes. You agree that your purchases are not contingent on the delivery of any future functionality or features (including future availability of any Software beyond the current license term or any new releases), or dependent on any oral or written public comments made by Malwarebytes regarding future functionality or features.

https://www.malwarebytes.com/eula/

The proper version is this. https://www.malwarebytes.com/business/ep-server-security/

 

System requirements

https://support.malwarebytes.com/hc/en-us/articles/360038984713-System-requirements-for-Malwarebytes-for-Windows-v4

Next, If the blocked site (hurricanepub.com) is yours you have other issues to work on.

https://www.virustotal.com/gui/url/7ac53272dbe1ecc77a0e192919f4e990ebaa685f40f473827d2ed2ae540ab92d?nocache=1

  • Like 1
Link to post
Share on other sites

Ok was not aware of that been running on my workstations for a couple years and just thru it on that server

Yes I knew in the past there was a issue with that domain and I have been monitoring it for a month now I have not seen any new issues Essett has been run on it many times along with others 

I have found multiple file,s in the past that was compromised and have since removed them I also have a script running there to monitor for any new files or folders being added

not sure if the server version is any different, but I will put the trail on and upgrade it for that server I will also let Eset run overnight

Link to post
Share on other sites

I opened a ticket with Mailwarebytes a while ago when I stuck this on this server to be able to get a detailed log that could be read, and was told there was only the json files which opening one file at a time was unacceptable. I was trying to obtain this info for the cyber division of the FBI, so yes I knew it was a issue, Just a note there are 100's of sites that have been attacked by what is believed to be N Korea. I did write a php script that I could scrub the data needed and add to a spread sheet. If this server is still compromised it is definitly burried. there are 4 domains on that server

Link to post
Share on other sites

Thank you

I am going to be on the cautious side and run multiple vendor virus softwares on the server first 

I have been using only eset online till now 

I see there is no trail mailwarebytes for server, so I guess I will have to wait to see what its cost is, I am retired and dont run these sites for profit. 

Link to post
Share on other sites

  • Root Admin

Was just blocked 14 hours ago. Site will need to be cleaned in order to have us remove the block
 

hurricanepub.com

 

 

Posted internally to review
 

aquaprographix.com

https://www.virustotal.com/gui/url/cf2df734c72ea15c9d114ca6c2c2ba87dbdc01601d7e4ef9a18af144dc1e5740?nocache=1

 


Posted internally to review

colasprint.com

https://www.virustotal.com/gui/url/4a06d475a5565afb062bd01cbf1e4329d2e24aa0f0e317abbed3ac3f0a330d2a?nocache=1

 

 

Link to post
Share on other sites

  • Root Admin

You may want to consider a site like this one for Website security.

https://sitecheck.sucuri.net/

I'm not endorsing nor is the Malwarebytes company endorsing this company, but companies like this help people to clean up and protect websites. Websites are attacked by all kinds of tricks and methods that are not necessarily malware.

Thank you and good luck

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.