Jump to content

Clients complaining of website blocked, Malwarebytes blocked shared hosting


Recommended Posts

Hi, you've blocked one of our shared hosting servers, would you care to provide some means of private communication so we can provide the IP and you can inform us the reason?

Why are false positive reports supposed to be filed in a public forum?

You can contact me through my account's email address if you'd like. Thank you.

Dan

Link to post
Share on other sites

3 minutes ago, DanFerreira said:

Why are false positive reports supposed to be filed in a public forum?

The staff that do false positives work from here.

You can place the info in a text file and attach it here. Only you and the people that can deal with this can access attachments here.

 

Edited by Porthos
Link to post
Share on other sites

Thank you, Porthos. I'm sure you agree that reputation is to be taken seriously for some kinds of services, and since many things on the internet are "forever", one must be very careful about abuse reports related to an IP address laying around in public forums. This is specially troublesome when we aren't aware of the nature of the abuse that was reported or which third party service was used to assess our reputation.

We have clear channels for abuse reports on our data center, our website, and abuse@ email address. We take pride in addressing any and all reports swiftly and responsibly. We use malware detection at the server level, and monitor our servers' reputations in 100+ blacklists.

So it's pretty surprising when this particular antimalware blocks an IP that hosts thousands of our websites. I'm sure your can imagine it's also pretty upsetting for many of our clients to be greeted with a warning of "Website blocked due to malware" based on IP address (an overly broad criteria if you ask me).

If you could provide any details privately, I'd be more than happy to look into the issue, and take the necessary actions. You can also contact me through my account's email.

Link to post
Share on other sites

Hello miekiemoes, thank you so much for looking into this. So it wasn't an IP wide ban, just a specific domain. That means I blew it out of proportion judging by the malware warning, thinking it applied to the entire IP (even though I couldn't get it to show for other domains), so I apologize for my original complaint.

I checked and we did get malware alerts for that account last year on March 16th and December 15th, both dealt with. It's currently malware free, but I can't argue that the warning isn't justified.

Going forward, it would be nice if the warning stated that the threat pertains to the domain. In any case, I'm sorry for the mixup, and really appreciate the support and prompt response from the staff. Thank you!

Link to post
Share on other sites

  • Staff

Hi,

Yes, we were blocking the centersoftinfo.com.br domain only. It used to host "tee/index.php?qbot.zip" (mid December) under there, which is QBot/Qakbot. But that has been cleaned up after reviewing. Some other Antivirus are still flagging that domain, so it seems, according to Virustotal: https://www.virustotal.com/gui/domain/centersoftinfo.com.br/detection

We get this information because we are actively monitoring this Qbot (and other campaigns) and where their downloads are. :)

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.