Jump to content

Will subdomains containing bad files cause other subdomains to be blocked?


ljwagerfield

Recommended Posts

Hi,

I'm interested to learn how Malwarebytes handles services like AWS S3, AWS CloudFront, and so forth, who give separate subdomains to each account holder.

Specifically, will Malwarebytes block the root domain or only the subdomain?

For example:

If a bad user owns "bad.s3.us-east-1amazonaws.com" and a good user owns "good.s3.us-east-1amazonaws.com", then will Malwarebytes potentially block all subdomains of "*.s3.us-east-1amazonaws.com", or does it strictly limit blocks to only subdomain where bad files are detected?

I'm asking because we run a file hosting service similar to AWS S3, and I'm keen to isolate the reputation scores of our users' files, such that a "bad account" doesn't cause all other good accounts to become blocked.

Thanks in advance!

Link to post
Share on other sites

  • Staff

Hello,

If it's a domain where 90% of its subdomains host malware, then we prefer to block that instead of the subdomains (to block parent domain and all subdomains). Otherwise we detect on the malicious subdomains only, which won't detect the parent domain.

Thank you.

  • Like 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.