Jump to content

Recommended Posts

I received email from Greatis Software regarding an update to software I purchased from them called UnHackMe, so I clicked on the link to the product, which leads to unhackme.com. After checking a whois database, that appears to be a valid address owned by Greatis Software. Anti-Malware's IP Protection feature blocked the ip address of 217.70.184.38. There may be good reason for blocking this ip address - I don't know. I'm just reporting what I think is most likely a legitimate address being blocked. Please let me know why it was blocked. Thanks!

From the Mbam log file:

07:20:52 ZenAgainPC IP-BLOCK 217.70.184.38

This was Eastern Standard Time, US

ZenAgainPC

Link to post
Share on other sites
I received email from Greatis Software regarding an update to software I purchased from them called UnHackMe, so I clicked on the link to the product, which leads to unhackme.com. After checking a whois database, that appears to be a valid address owned by Greatis Software. Anti-Malware's IP Protection feature blocked the ip address of 217.70.184.38. There may be good reason for blocking this ip address - I don't know. I'm just reporting what I think is most likely a legitimate address being blocked. Please let me know why it was blocked. Thanks!

From the Mbam log file:

07:20:52 ZenAgainPC IP-BLOCK 217.70.184.38

This was Eastern Standard Time, US

ZenAgainPC

I should add that the unhackme.com website never loaded in FireFox. I received a Network Timeout error. I am also using the free OpenDNS service with just the default configuration. I am not using a modified hosts file.

Link to post
Share on other sites

Thanks for the information. I still am unable to understand why 217.70.184.38 is blocked - mostly because this is something I know little about. Are you saying the website at 217.70.184.38 does not belong to Greatis Software, or are you saying Greatis Software is nothing but a phishing site? I didn't get anything from reading the "Details" at the link you gave. All I saw was a lot of hostnames associated with that ip address, mostly last year, on 12-14-2008. The most recent listing was associated with websecure32.com on Oct, 17, 2009. Websecure32.com currently has an ip address of 208.94.147.64. So I see nothing listed with a current date.

Unhackme.com was registered by Greatis Software in December 2004, and currently is redirecting to http://greatis.com/unhackme/ which currently has an ip address of 206.67.56.207. I don't know why the ip addresses are so different, but I sent email to Greatis Software hoping to get some sort of clarification as to whether 217.70.184.38 is legit or not.

Link to post
Share on other sites
Apologies for not being clear.

Whilst the site itself may be the fine, the IP address it resides at, is not.

Unfotrunately the reply from greatis Software did not clarify very much. Basically all they said was "unhackme.com is our domain and it's located in the sub-folder of the greatis.com"

Which, if I'm right, means it should have an ip address that is the same as greatis.com. How does a website get the wrong ip address assigned to it? Some DNS server somewhere is making a substitution?

By the way, thanks for protecting my computer!

Link to post
Share on other sites
The domains being owned by the same people, doesn't mean it should have the same IP, no.

Can you point me to information which would help me understand how trying to get to unhackme.com, or any other legitimate url, could possibly infect my computer? Thanks!

Link to post
Share on other sites

Any site can have a bad IP, it depends solely on the ISP that owns the IP range, and whether or not they're bothered more about profit, than the security of their customers and their customers visitors.

Link to post
Share on other sites
Any site can have a bad IP, it depends solely on the ISP that owns the IP range, and whether or not they're bothered more about profit, than the security of their customers and their customers visitors.

I found a document that helped me understand this.

http://pro-webs.net/blog/2009/06/26/shared...-bad-neighbors/

The section titled "Neighbors with Bad Content" finally got the light bulb to turned on. This is about "Shared IP Addresses". Many websites, related or unrelated to each other, share the same ip address, mainly because ip addresses are in short supply. This is setup by the ISP. And there must be some kind of mechanism (in DNS I suppose) that get's me to the correct website of say, unhackme.com. Now some of the websites that share that same ip address may be "bad neighbors". Suppose 100 websites share the same ip address, and of those 100, just one of those sites is "bad" - hosting malware or whatever. The "bad" site gets blacklisted so to speak, but since it's blacklisted by that shared ip address, everyone else who shares that address gets blacklisted as well. . Anti-Malware's IP Protection blocks that shared ip address and thereby blocks access to all 100 websites, even though just one is bad. Is that fairly accurate? I suppose if there were a better way to block a bad site, Anti-Malware would use it. So it's just something we have to deal with. So in all likelihood, unhackme.com is perfectly safe.

Link to post
Share on other sites
Any site can have a bad IP, it depends solely on the ISP that owns the IP range, and whether or not they're bothered more about profit, than the security of their customers and their customers visitors.

If my understanding is correct, can I use Anti-Malware's "Ignore List" to add unhackme.com?

Link to post
Share on other sites
If my understanding is correct, can I use Anti-Malware's "Ignore List" to add unhackme.com?

To exclude any IP from our inbuilt list of blocked addresses is done 100% at your own risk - We provide the protection in our program on the information we have from, our own, and publically available sources - That is it -

You will find if you follow the link that MysteryFCM gave, that Many sites linked to that IP are Engaged in Phishing (PSH) or Engaged in Malware Distribution (EMD) -

Link to post
Share on other sites
To exclude any IP from our inbuilt list of blocked addresses is done 100% at your own risk - We provide the protection in our program on the information we have from, our own, and publically available sources - That is it -

So the Ignore List only accepts IP addresses. OK. Too bad there isn't a better way to block bad sites. It's like using a meat cleaver when a scalpel will do.

Merry Christmas!

Link to post
Share on other sites

Hi ZenAgainPC -

The directions below shows you how to access the blocked IP - This is designed for those who know any site at the IP address is safe - From our FAQ area -

How can I add an IP so it won't be detected and can access a site I need to?

Visit the site and incur an IP block. Then right-click on the Malwarebytes system-tray icon after the block notification appears, and choose Add to Ignore List.

The real reason for the HOSTS file was that in the begining of the Internet there was no such thing as DNS:

How Domain Name Servers Work

http://www.howstuffworks.com/dns.htm

This above information may be very helpful to people with questions regarding basic IP and DNS facts -

Thank you for this enlightening discussion - :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.