CROSs.vg Posted January 22, 2010 ID:187676 Share Posted January 22, 2010 68.168.212.218 http://vogon.vg/95.154.244.37 http://vogonhq.com/Any help getting them removed would be greatly appreciated. I am a mod at Vogonhq.com and vogon.vg is a server status page for Quake 3 excessive. Thank youCROSs.vg Link to post Share on other sites More sharing options...
MysteryFCM Posted January 23, 2010 ID:187828 Share Posted January 23, 2010 It's not the sites being targetted, it's the IP addresses. Sadly, they're both on well known malicious ranges, which is why they're blocked. Link to post Share on other sites More sharing options...
CROSs.vg Posted January 23, 2010 Author ID:187833 Share Posted January 23, 2010 It's not the sites being targetted, it's the IP addresses. Sadly, they're both on well known malicious ranges, which is why they're blocked.Thank you for your reply MysterFCM. How do we get removed from the block list? I hope the case isn't that our sites our blocked due to being just in a range? It would make sense if we were scanned by an AV and determined malicious, but to be blocked because we fall w/in a range seems to deem Vogon malicious automatically. Google I believe scans sites not ranges and blocks accordingly. I have been a mod at Vogon for a few years and using Malwarebytes for about a year now and appreciate the ability offered by Malwarebytes to remove malware easily. May I ask how we were placed on this list? Some of us, mods and owner, find it strange how two sites were blocked the same day that use two totally different ranges.Any help would be greatly appreciated.Thank youCROSs.vg Link to post Share on other sites More sharing options...
MysteryFCM Posted January 23, 2010 ID:187847 Share Posted January 23, 2010 The methods used by MBAM doesn't allow for blocking domains I'm afraid, only IP's.In this case, it's not a case of one or two sites being a problem - it's the ISPs themselves. I'd strongly urge you move the sites to different ISP's as they're not going to be unblocked any time soon. Link to post Share on other sites More sharing options...
CROSs.vg Posted January 23, 2010 Author ID:187880 Share Posted January 23, 2010 The methods used by MBAM doesn't allow for blocking domains I'm afraid, only IP's.In this case, it's not a case of one or two sites being a problem - it's the ISPs themselves. I'd strongly urge you move the sites to different ISP's as they're not going to be unblocked any time soon.Could you possibly answer some questions?1. is it possible to whitelist IPs of legit sites, if not, why?2. was our site reported in any way -- is anything malware hosted onour sites/ips?3. we are ready to work with both ISP in UK and US, would you specifywhich IPs hosted malware so they can resolve this?4. how do you determine which range is considered "bad" -- can this beused by others to block legit sites? for example if someone hostsmalware intentionally next to legit business site, would you blockentire range and harm business of that site? What happens when malwareauthors use other ranges, you keep old ranges with legit sites stillblocked and keep blocking new ranges?5. do you as respectable company block someone just because someonereported them?Also point is "bad ranges" would maybe apply only to spam farms (multipleservers using IP blocks) from countries with relaxed laws about that.We are using US and UK ranges which are hosting legit sites, not onlyour site. In any case it is not right to block non-harmful sites, justbecause someone served malware from one IP close to them. That waysomeone can do that intentionally to harm sites from that same range,maybe business competitor and so on...Not sure if you are familiar w/robtex blacklists, we are on neither as malicious.http://www.robtex.com/dns/vogon.vg.html#blacklistshttp://www.robtex.com/dns/vogonhq.com.html#blacklists Link to post Share on other sites More sharing options...
MysteryFCM Posted January 23, 2010 ID:187884 Share Posted January 23, 2010 Could you possibly answer some questions?1. is it possible to whitelist IPs of legit sites, if not, why?You have the facility to do that, yes (right click the Malwarebytes AntiMalware icon when it blocks a site)2. was our site reported in any way -- is anything malware hosted onour sites/ips?Your site? No.3. we are ready to work with both ISP in UK and US, would you specifywhich IPs hosted malware so they can resolve this?http://hphosts.blogspot.com/2009/12/crimew...switch-ltd.htmlhttp://hphosts.blogspot.com/2009/11/crimew...euroconnex.htmlhttp://hphosts.blogspot.com/2008/09/242-re...-781291429.htmlhttp://hphosts.blogspot.com/2009/02/rapids...nvolved-in.htmlhttp://hphosts.blogspot.com/2009/03/adobe9...ions-group.htmlhttp://satellite/hphosts/?s=68.168.212.&view=history4. how do you determine which range is considered "bad" -- can this beused by others to block legit sites? for example if someone hostsmalware intentionally next to legit business site, would you blockentire range and harm business of that site? What happens when malwareauthors use other ranges, you keep old ranges with legit sites stillblocked and keep blocking new ranges?IP's are deemed to be "bad" when malicious content is present. The ISP that owns the block is notified and the IP is removed from the blacklist when they remove the malicious content (except where there are more good sites than bad, in which case the IP is not listed). An IP range is listed when there are a plethora of malicious sites, and if the ISP that owns it removes such, the range is removed from the blocklist.5. do you as respectable company block someone just because someonereported them?No. All sites and IP's are checked by myself prior to blocking.Also point is "bad ranges" would maybe apply only to spam farms (multipleservers using IP blocks) from countries with relaxed laws about that.We are using US and UK ranges which are hosting legit sites, not onlyour site. In any case it is not right to block non-harmful sites, justbecause someone served malware from one IP close to them. That waysomeone can do that intentionally to harm sites from that same range,maybe business competitor and so on...If only. Companies in the UK, US and many other countries, are just as "lax" as their counterparts in countries such as China, Russia and the Ukraine etc.As mentioned, the IP's are blocked because there's malicious content present, and in this case, the ISP's have done nothing to remove such (in the case of RapidSwitch, it's been an ongoing problem with them for years, and I've documented such to that effect).Believe it or not, we don't like blocking IP's and ranges anymore than you do, but until the ISP's responsible stop allowing this kind of activity on their networks, we're going to continue blocking them.Not sure if you are familiar w/robtex blacklists, we are on neither as malicious.http://www.robtex.com/dns/vogon.vg.html#blacklistshttp://www.robtex.com/dns/vogonhq.com.html#blacklistsI beg to differ. You've got a listing in Sorbs;http://www.robtex.com/ip/68.168.212.218.html Link to post Share on other sites More sharing options...
CROSs.vg Posted January 23, 2010 Author ID:187902 Share Posted January 23, 2010 You have the facility to do that, yes (right click the Malwarebytes AntiMalware icon when it blocks a site)...Thank you for that info. Already used that feature, but it may be useful for others.Thank you for answering the questions. I understand your position. I just don't fully agree w/the way blocks are implemented, but users do have the ability to whitelist an ip and that helps sites that are non malicious. Again thank you for taking the time to answer the questions.CROSs.vg Link to post Share on other sites More sharing options...
MysteryFCM Posted January 23, 2010 ID:188094 Share Posted January 23, 2010 No problem. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now