Jump to content
Dave84311

MPGH.net -> 93.190.140.127

Recommended Posts

When I use malwarebytes, why is it that every time I visit my website I get an error about it being malicious. The only way of getting around it is turning IP protection off. Is there a reason my website or ip is blacklisted?

Share this post


Link to post
Share on other sites

It's not your site that's being targetted. Unfortunately, you apparently have a very poor choice of hosting company (though looking at your site, I'm not really surprised).

Share this post


Link to post
Share on other sites

Again, it's not your site that's being blocked, it's the IP that your site resides on, and until the level of malicious activity either decreases dramatically, or disappears, there's no hope of it's being removed.

Share this post


Link to post
Share on other sites

The IP is hosted on a dedicated server, with 5 other ips and 5 other websites. I manage this server and have been had been renting this server out for around 4 months. If it was previous activity on the IP address, we can't be held accountable for... If you can explain what you mean by "malicious activity" and give specific examples, then maybe I can figure out what is going on and stop it (since its apparently on going?).

Share this post


Link to post
Share on other sites

It's not *you* that needs to do anything, it's the ISP (KABELFOON CAIW Autonomous System) that owns the IP range that your sites IP lies within. This ISP has a history of malicious activity within their network, and they've done absolutely bugger all to stop it, that I've seen. An example of malicious sites that have been seen on this range, can be found at;

http://hosts-file.net/?s=93.190.140.&view=history

I'd strongly urge you move hosting companies, as this IP range is not going to be removed any time soon.

Share this post


Link to post
Share on other sites

According to that list, there are 100+ sites, the majority seem to be on 2-3 servers. You have to keep in mind that each server generally has no more then 5 IPs. Just ban the IP addresses, there is no reason to ban an entire IP range unless all the IP addresses are involved with malicious activity.

Share this post


Link to post
Share on other sites

You've missed the point unfortunately.

I generally only block the offending IP's unless;

1. There are a considerable amount of IP's within the range, containing malicious activity

2. The ISP that owns the range fails to respond to abuse reports and/or fails to take action against [1]

Share this post


Link to post
Share on other sites

Bumping a 6 month old topic..

Well the host I am using, WorldStream, does take action against botnets and the works.

Recently my server was nullrouted for apparently having a botnet that I didn't have... http://maliciousnetworks.org/ipinfo.php?as...date=2010-05-10 (This was the URL that they supplied).

Since WorldStream owns the data center, and effect uses that ISP for their datacenter... I think ruling them out of your #2 point, and effectively #1.

Share this post


Link to post
Share on other sites

If you've got a contact at WorldStream that will deal with abuse reports, I'll gladly take it, as they've never responded to anything I've sent.

I've got a ridiculous amount of malicious content on their AS, in my database. You'll also find they're in HostExploits Top 50 bad hosts (they've got the number 5 spot).

Share this post


Link to post
Share on other sites
If you've got a contact at WorldStream that will deal with abuse reports, I'll gladly take it, as they've never responded to anything I've sent.

I've got a ridiculous amount of malicious content on their AS, in my database. You'll also find they're in HostExploits Top 50 bad hosts (they've got the number 5 spot).

I private message: http://www.webhostingtalk.com/member.php?u=164868, hes a manager or something. There are 3 other people on the website working at WorldStream.

If I need some one to directly talk to I call the number on their site and press pound.

What do you mean by malicious content? Botnets? I know for a certain that malicious things such as botnets, host controllers, spam and malware, they will shut down your server within 15 minutes of notification...

I got 3 for no reason even though there were no botnets on my server and my IRC server was taken down:

Dear xxxx,

This e-mail is to inform you that IP 93.190.140.127 will be blocked within 15 minutes if you do not respond to this e-mail message. This action has been taken because of the following abuse report:

C&C Server: http://maliciousnetworks.org/ipinfo.php?as...date=2010-05-10

Please respond ASAP (as soon as possible) by replying on this e-mail to avoid a block of this IP!

Kind regards,

The WorldStream Abuse system

[This message has been sent automatically]

Seems like reporting IP's on this site gets their attention, that would be your best best instead of directly doing so.

Share this post


Link to post
Share on other sites

I'm afraid, reporting such via the forum/website you referenced, isn't really viable, but thanks for the info.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.