Jump to content
Stebby

Two IP addresses being blocked owned by Namecheap

Recommended Posts

Hello.

I have a number of domains registered with Namecheap for family and a friend's personal websites. Recently I have noted that they are being blocked by Malwarebytes when I try to load the sites.

The IP addresses being blocked are:

209.249.222.18

98.124.199.1

Please note that the first IP address listed above had an inquiry in November 2009 in this forum:

http://forums.malwarebytes.org/index.php?s...mp;hl=namecheap

Please also note that I brought this to the attention of Namecheap in their forum and that thread is located here:

http://community.namecheap.com/forums/view...?f=6&t=2676

They have indicated they haven't dealt with Malwarebytes blocks before and suggested I provide the link above for you folks.

I can send you the sites, but one is in my daughter's and the other my mother-in-law's. Both are just simple html pages coded by yours truly and some pictures. I'd rather not list them here and potentially take a hit on web traffic if there is another option. Sorry to be a baby. Can I email them to you?

Thanks in advance,

Steb

Share this post


Link to post
Share on other sites

Hi Steb,

Welcome to Malwarebytes :unsure:

The IP 209.249.222.18 is being blocked because it lies on the range (209.249.222.) from Metromedia Fiber Network that is hosting over 144 malicious sites.

The IP 98.124.199.1 is being blocked because it lies on the range (98.124.199.) from eNom, Incorporated that is hosting malicious sites as well.

Share this post


Link to post
Share on other sites

Thank you for your quick response!

So am I correct in assuming that I need Namecheap, or their parent/affiliates, to get these sites removed before the IPs are unblocked?

This seems like a tricky business.

Is there a global list available that lists which companies are clear and which have issues? I was told on the Namecheap forum that the one IP (209....) was the address of their forwarding server. Is there any likelihood of a happy ending here or is the sinking feeling I'm beginning to experience justified? ...

Share this post


Link to post
Share on other sites

Hi Steb,

The best course of action is for NameCheap to switch hosting companies.

Share this post


Link to post
Share on other sites

Well *thats* joyous news.

I'm not convinced my powers of persuasion are that keen.

To my other question though....is there a readily-available list that a lay person such as myself can consult?

Share this post


Link to post
Share on other sites

Apologies for taking so long to see this.

There's no list as such, that I'm aware of, no. But if you've got questions regarding a host, feel free to drop me a note.

As far as the IP's, there no chance of 98.124.199.1 being removed any time soon, until eNom get their behind into gear and stop allowing malicious sites to use it.

Nothing on 209.249.222.* is listed in the IPBL.

Share this post


Link to post
Share on other sites

Hello Steven,

Well, by golly, I am going to take you up on that leave a note offer, but I would like to make the following suggestions which, given that I am a novice at this business, may not be worth much, but here goes...

1) The decision to block an IP address rather than a specific URL is, I think, a bit crude. In my case, I have a handful of domains I purchased through Namecheap and use their domain forwarding service to link to my actual websites which are housed on an account I have with my internet service provider. Yeah, I could not use Namecheap's domain forwarding service, but then owning a domain such as malwareblues.com is of little use, no? Rather I end up with some 100 character internet service provider/user/file/subfile/ kind of address that even I would be too lazy to type. Besides, is it not true (and for all I know maybe it isn't) that dynamic DNS means one's IP address can change as life goes on? In other words, is it not possible that a malware-containing site's IP address today may be reassigned to some loser like me tomorrow? I would think that would generate a lot of false positive work for you folks and a lot of unhappy campers. I dunno. In this case, Namecheap uses certain IPs for their forwarding traffic, or so they claim. That means a lot of folks' sites are being blocked by Malwarebytes and that is, I would think, a problem for a number of folks which brings me to point 2....

2) If'n...(yes, if'n is a usable conversational term in certain parts of the USA) a company offers a service that blocks potentially malware-containing websites, how difficult is it to generate a list and make that list available to, if no one else, paying customers such as myself? Maybe super difficult, what do I know?, but this issue raises an interesting catch 22 issue in that I have to now either convince Namecheap to clean up some sites (hardly likely) or go find a new company to host my domain so that folks using Malwarebytes won't be steered away from my sites, but....I have no idea which domain hosts use crummy IP addresses or have a crummy record of keeping their neighborhood clean.

Life shouldn't be so hard...should it?

Thanks for reading. I feel slightly better now :)) slightly...

Share this post


Link to post
Share on other sites

I do understand the frustration, and we don't like blocking IP's if we don't have to. However, the current facilities in place, only allow the blocking of IP's, not individual URL's/domains.

On the subject of domain forwarding, depending on who the actual hosting company is, and how much control over DNS, NameCheap have given you, you'd be much better off using an A record that points directly to your websites server, rather than a forwarding service.

On the subject of dynamic IP's, these are rarely used for websites, except where;

1. It's on a fast-flux/hydra-flux botnet

2. The site is hosted on a users home PC and the user has a dynamic IP assigned by his/her ISP (in these cases, it is better to use a domain such as DynDNS, and a CNAME record to point your domain, to your every changing dynamic IP).

Given the Metrofiber IP isn't in the MBAM IPBL, I'm going to assume that the forwarder you're using is actually eNom and not NameCheap, in which case, it would've been best for NameCheap to tell you this (though that is of course, an aside and thus, irrelevant in this particular discussion).

Share this post


Link to post
Share on other sites

Thank you Steven.

You have been very kind and patient.

I appreciate your efforts.

Originally I don't think I had that A record option, but putzing around yesterday I noted that choice as well as some others. I had no idea at the time what they referred to, but will now investigate this further and give you some rest.

All the best,

Steb

P.S. For the record, a few weeks ago I bought some 10 or 12 licenses of Malwarebytes and put 'em on all our computers. Otherwise I would have never known our sites had issues. In spite of my new-found headache, I do like your product.

Share this post


Link to post
Share on other sites

Much appreciated, thank you :) .... and, you're welcome :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.