MPGH.net -> 93.190.140.127

[Dave84311]

When I use malwarebytes, why is it that every time I visit my website I get an error about it being malicious. The only way of getting around it is turning IP protection off. Is there a reason my website or ip is blacklisted?

[MysteryFCM]

It's not your site that's being targetted. Unfortunately, you apparently have a very poor choice of hosting company (though looking at your site, I'm not really surprised).

[Dave84311]

My site has nothing to do with malware.

Is there any way of getting it removed?

[MysteryFCM]

Again, it's not your site that's being blocked, it's the IP that your site resides on, and until the level of malicious activity either decreases dramatically, or disappears, there's no hope of it's being removed.

[Dave84311]

The IP is hosted on a dedicated server, with 5 other ips and 5 other websites. I manage this server and have been had been renting this server out for around 4 months. If it was previous activity on the IP address, we can't be held accountable for... If you can explain what you mean by "malicious activity" and give specific examples, then maybe I can figure out what is going on and stop it (since its apparently on going?).

[MysteryFCM]

It's not *you* that needs to do anything, it's the ISP (KABELFOON CAIW Autonomous System) that owns the IP range that your sites IP lies within. This ISP has a history of malicious activity within their network, and they've done absolutely bugger all to stop it, that I've seen. An example of malicious sites that have been seen on this range, can be found at;

http://hosts-file.net/?s=93.190.140.&view=history

I'd strongly urge you move hosting companies, as this IP range is not going to be removed any time soon.

[Dave84311]

According to that list, there are 100+ sites, the majority seem to be on 2-3 servers. You have to keep in mind that each server generally has no more then 5 IPs. Just ban the IP addresses, there is no reason to ban an entire IP range unless all the IP addresses are involved with malicious activity.

[MysteryFCM]

You've missed the point unfortunately.

I generally only block the offending IP's unless;

1. There are a considerable amount of IP's within the range, containing malicious activity

2. The ISP that owns the range fails to respond to abuse reports and/or fails to take action against [1]

[Dave84311]

Bumping a 6 month old topic..

Well the host I am using, WorldStream, does take action against botnets and the works.

Recently my server was nullrouted for apparently having a botnet that I didn't have... http://maliciousnetworks.org/ipinfo.php?as...date=2010-05-10 (This was the URL that they supplied).

Since WorldStream owns the data center, and effect uses that ISP for their datacenter... I think ruling them out of your #2 point, and effectively #1.

[MysteryFCM]

If you've got a contact at WorldStream that will deal with abuse reports, I'll gladly take it, as they've never responded to anything I've sent.

I've got a ridiculous amount of malicious content on their AS, in my database. You'll also find they're in HostExploits Top 50 bad hosts (they've got the number 5 spot).

[Dave84311]

If you've got a contact at WorldStream that will deal with abuse reports, I'll gladly take it, as they've never responded to anything I've sent.

I've got a ridiculous amount of malicious content on their AS, in my database. You'll also find they're in HostExploits Top 50 bad hosts (they've got the number 5 spot).

I private message: http://www.webhostingtalk.com/member.php?u=164868, hes a manager or something. There are 3 other people on the website working at WorldStream.

If I need some one to directly talk to I call the number on their site and press pound.

What do you mean by malicious content? Botnets? I know for a certain that malicious things such as botnets, host controllers, spam and malware, they will shut down your server within 15 minutes of notification...

I got 3 for no reason even though there were no botnets on my server and my IRC server was taken down:

Dear xxxx,

This e-mail is to inform you that IP 93.190.140.127 will be blocked within 15 minutes if you do not respond to this e-mail message. This action has been taken because of the following abuse report:

C&C Server: http://maliciousnetworks.org/ipinfo.php?as...date=2010-05-10

Please respond ASAP (as soon as possible) by replying on this e-mail to avoid a block of this IP!

Kind regards,

The WorldStream Abuse system

[This message has been sent automatically]

Seems like reporting IP's on this site gets their attention, that would be your best best instead of directly doing so.

[MysteryFCM]

I'm afraid, reporting such via the forum/website you referenced, isn't really viable, but thanks for the info.