Jump to content

ip block


CROSs.vg

Recommended Posts

It's not the sites being targetted, it's the IP addresses. Sadly, they're both on well known malicious ranges, which is why they're blocked.

Link to post
Share on other sites
It's not the sites being targetted, it's the IP addresses. Sadly, they're both on well known malicious ranges, which is why they're blocked.

Thank you for your reply MysterFCM. How do we get removed from the block list? I hope the case isn't that our sites our blocked due to being just in a range? It would make sense if we were scanned by an AV and determined malicious, but to be blocked because we fall w/in a range seems to deem Vogon malicious automatically. Google I believe scans sites not ranges and blocks accordingly.

I have been a mod at Vogon for a few years and using Malwarebytes for about a year now and appreciate the ability offered by Malwarebytes to remove malware easily. May I ask how we were placed on this list? Some of us, mods and owner, find it strange how two sites were blocked the same day that use two totally different ranges.

Any help would be greatly appreciated.

Thank you

CROSs.vg

Link to post
Share on other sites

The methods used by MBAM doesn't allow for blocking domains I'm afraid, only IP's.

In this case, it's not a case of one or two sites being a problem - it's the ISPs themselves. I'd strongly urge you move the sites to different ISP's as they're not going to be unblocked any time soon.

Link to post
Share on other sites
The methods used by MBAM doesn't allow for blocking domains I'm afraid, only IP's.

In this case, it's not a case of one or two sites being a problem - it's the ISPs themselves. I'd strongly urge you move the sites to different ISP's as they're not going to be unblocked any time soon.

Could you possibly answer some questions?

1. is it possible to whitelist IPs of legit sites, if not, why?

2. was our site reported in any way -- is anything malware hosted on

our sites/ips?

3. we are ready to work with both ISP in UK and US, would you specify

which IPs hosted malware so they can resolve this?

4. how do you determine which range is considered "bad" -- can this be

used by others to block legit sites? for example if someone hosts

malware intentionally next to legit business site, would you block

entire range and harm business of that site? What happens when malware

authors use other ranges, you keep old ranges with legit sites still

blocked and keep blocking new ranges?

5. do you as respectable company block someone just because someone

reported them?

Also point is "bad ranges" would maybe apply only to spam farms (multiple

servers using IP blocks) from countries with relaxed laws about that.

We are using US and UK ranges which are hosting legit sites, not only

our site. In any case it is not right to block non-harmful sites, just

because someone served malware from one IP close to them. That way

someone can do that intentionally to harm sites from that same range,

maybe business competitor and so on...

Not sure if you are familiar w/robtex blacklists, we are on neither as malicious.

http://www.robtex.com/dns/vogon.vg.html#blacklists

http://www.robtex.com/dns/vogonhq.com.html#blacklists

Link to post
Share on other sites
Could you possibly answer some questions?

1. is it possible to whitelist IPs of legit sites, if not, why?

You have the facility to do that, yes (right click the Malwarebytes AntiMalware icon when it blocks a site)

2. was our site reported in any way -- is anything malware hosted on

our sites/ips?

Your site? No.

3. we are ready to work with both ISP in UK and US, would you specify

which IPs hosted malware so they can resolve this?

http://hphosts.blogspot.com/2009/12/crimew...switch-ltd.html

http://hphosts.blogspot.com/2009/11/crimew...euroconnex.html

http://hphosts.blogspot.com/2008/09/242-re...-781291429.html

http://hphosts.blogspot.com/2009/02/rapids...nvolved-in.html

http://hphosts.blogspot.com/2009/03/adobe9...ions-group.html

http://satellite/hphosts/?s=68.168.212.&view=history

4. how do you determine which range is considered "bad" -- can this be

used by others to block legit sites? for example if someone hosts

malware intentionally next to legit business site, would you block

entire range and harm business of that site? What happens when malware

authors use other ranges, you keep old ranges with legit sites still

blocked and keep blocking new ranges?

IP's are deemed to be "bad" when malicious content is present. The ISP that owns the block is notified and the IP is removed from the blacklist when they remove the malicious content (except where there are more good sites than bad, in which case the IP is not listed). An IP range is listed when there are a plethora of malicious sites, and if the ISP that owns it removes such, the range is removed from the blocklist.

5. do you as respectable company block someone just because someone

reported them?

No. All sites and IP's are checked by myself prior to blocking.

Also point is "bad ranges" would maybe apply only to spam farms (multiple

servers using IP blocks) from countries with relaxed laws about that.

We are using US and UK ranges which are hosting legit sites, not only

our site. In any case it is not right to block non-harmful sites, just

because someone served malware from one IP close to them. That way

someone can do that intentionally to harm sites from that same range,

maybe business competitor and so on...

If only. Companies in the UK, US and many other countries, are just as "lax" as their counterparts in countries such as China, Russia and the Ukraine etc.

As mentioned, the IP's are blocked because there's malicious content present, and in this case, the ISP's have done nothing to remove such (in the case of RapidSwitch, it's been an ongoing problem with them for years, and I've documented such to that effect).

Believe it or not, we don't like blocking IP's and ranges anymore than you do, but until the ISP's responsible stop allowing this kind of activity on their networks, we're going to continue blocking them.

Not sure if you are familiar w/robtex blacklists, we are on neither as malicious.

http://www.robtex.com/dns/vogon.vg.html#blacklists

http://www.robtex.com/dns/vogonhq.com.html#blacklists

I beg to differ. You've got a listing in Sorbs;

http://www.robtex.com/ip/68.168.212.218.html

Link to post
Share on other sites
You have the facility to do that, yes (right click the Malwarebytes AntiMalware icon when it blocks a site)

...

Thank you for that info. Already used that feature, but it may be useful for others.

Thank you for answering the questions. I understand your position. I just don't fully agree w/the way blocks are implemented, but users do have the ability to whitelist an ip and that helps sites that are non malicious.

Again thank you for taking the time to answer the questions.

CROSs.vg

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.