Jump to content
DougCuk

173.244.198.143

Recommended Posts

Running v1.46 with database version 4207

Attempts to update the spyware blocking program SpywareBlaster (javacoolsoftware.com) trigger an IP block on 173.244.198.143

This appears to one of the servers hosting the update files for this security software.

This IP has been blacklisted from at least database version 4201.

Share this post


Link to post
Share on other sites

Just installed SB and it's updating fine from here? Can you give me the hostname of the update server it's using please?

I can't unblock this one for two primary reasons, one being the sites on the range, and the second being it's SoftLayer, an ISP known for allowing criminals on their network.

Share this post


Link to post
Share on other sites

@MysteryFCM

Having the same issue here also. I have posted this at the Wilders Security Forum to see if we can get this resolved

Link to Wilders HERE

Regards

Wide Glide

Share this post


Link to post
Share on other sites

I need to know the server hostname involved as I can't reproduce it on either my primary machine, or my test machine.

/edit

Only update server I can get SB to use (I've no choice in the matter) is update1.*, there doesn't seem to be an option to change it that I can find.

Share this post


Link to post
Share on other sites

You can use either your firewalls log, or Wireshark, to identify it :)

Share this post


Link to post
Share on other sites

All that is beyond my technical ability. Going to bed. Maybe it will all come out in the wash

Regards

Wide Glide

Share this post


Link to post
Share on other sites

No issues here downloading SpywareBlaster updates with 4208 db

Share this post


Link to post
Share on other sites

Sadly, yep. Others have done testing and they've noticed it's blocking one minute, and not the next, which suggests SB is using a CDN that's using geo-tracking and load balancing. Still not been able to reproduce it myself though.

Share this post


Link to post
Share on other sites

Seems this is dependant on geographic location and load balancing server allocation.

However I have not had any successful update from London UK

I am seeing two server names for this IP

An IP trace shows the name as - 173.244.198.143.static.midphase.com

The SpywareBlaster program (Manual Update - Free version) shows - updates1.spywareblaster.net

Share this post


Link to post
Share on other sites

Just had a successfull update!!

So something must have swapped me to a different server.

The address updates1.spywareblaster.net has a totally different IP - so is obviously not the real server being used.

However a port monitor utility shows SpywareBlaster accessing the following address:

206-55-108-109.global11325.loc45.simplecdn.net

Not exactly sure what that means but it does include the term CDN - which was mentioned.

Share this post


Link to post
Share on other sites

Thanks for letting us know (I'm in the UK too, so it had me puzzled)

Share this post


Link to post
Share on other sites

Still getting the block here or should say was, uninstalled it(SpywareBlaster) after the comment made at Wilders

"hopefully Mbam will unblock the ip address (if possible)"

Regards

Wide Glide

Share this post


Link to post
Share on other sites

I can't unblock the IP unfortunately ;) (not until SoftLayer and Midphase get their acts into gear)

Share this post


Link to post
Share on other sites

No problem here in Canada with 4211 db ;)

Share this post


Link to post
Share on other sites

To paraphrase the response on the Wilders Forum from "Javacool" a SpywareBlaster tech:

Full posting click here

SpywareBlaster uses a CDN (content distribution network) to serve the update content from the closest of many servers distributed worldwide, to ensure the fastest possible updates. The specific IP address .... will indeed vary depending upon your geographic location, ISP, and other factors. [The blocked] .. IP address is a CDN "edge"/cache server, which caches + serves content for multiple users of our CDN provider. There's a seamless mapping from ... our update server domain name, to ... the CDN edge server that's closest to you.

Thank you for reporting this issue to MBAM. It looks like they (MBAM) mistakenly caught a CDN edge/cache server in their IP blocks. It should be simple enough for them to fix.

Best regards, -Javacool

At present I am no longer being sent to the blocked update server - not sure if it got removed from the pool - or if it's just the luck of the draw.

Both sides are obviously aware of the issue but it looks like Javacool are expecting MBAM to fix this one.

I will report back if the blocked server re-appears.

Share this post


Link to post
Share on other sites

I tried reinstalling and upon updating again received the block from Mbam. Uninstalled SpywareBlaster again and will not use it until like MysteryFCM said

"(not until SoftLayer and Midphase get their acts into gear)"

Update;

Reinstalled SpywareBlaster It did update but Mbam blocked

Windows Firewall log

Download from Cnet

2010-06-19 08:46:07 DROP TCP 216.239.122.40 192.168.1.65 80 51327 1420 A 3541684468 3518662903 29862 - - - RECEIVE

2010-06-19 08:46:07 DROP TCP 216.239.122.40 192.168.1.65 80 51327 1420 A 3541685848 3518662903 29862 - - - RECEIVE

2010-06-19 08:46:07 DROP TCP 216.239.122.40 192.168.1.65 80 51327 1420 A 3541687228 3518662903 29862 - - - RECEIVE

2010-06-19 08:46:07 DROP TCP 216.239.122.40 192.168.1.65 80 51327 1420 A 3541688608 3518662904 29862 - - - RECEIVE

Update went to a Black Hole

2010-06-19 08:46:14 ALLOW UDP 127.0.0.1 239.255.255.250 57869 1900 0 - - - - - - - RECEIVE

Share this post


Link to post
Share on other sites

Wide Glide

Maybe Louisiana, USA is covered by sludge from the BP oil disaster :P

post-100-1276990968_thumb.jpg

Share this post


Link to post
Share on other sites

mine still blocked today. I'm from Jakarta,Indonesia.

SpywareBlaster can't run updater :P

thank

Share this post


Link to post
Share on other sites

I am also being blocked again today.

We know that this IP address is in a block owned by a hosting company with a suspect reputation - midphase.com.

However this specific IP address appears to be a fixed IP for a legitimate CDN (Content Distribution Network) server.

The server name for this IP comes back as - 173.244.198.143.static.midphase.com

Browsing to the IP - http://173.244.198.143/ gives a 404 server response with the following name: SimpleCDN Upload Bucket

MBAM at present seem unlikely to remove this IP from its standard blacklist - however the program does allow you to add individual blocked IP addresses to the Ignore List - so at present I have selected that option to get around this problem. The risk posed by unblocking this single IP appears to be minimal - as it is a known CDN server used by a trusted security application.

The problem appears to be caused by a change within the network used by Javacool to supply updates - with the inclusion of a server hosted by a suspect company (midphase.com) - this is obviously not ideal for a security app designed to block suspect websites. A complaint to the CDN service would seem sensible, to get this server removed from the pool. I have posted this suggestion on the Spyware Blaster forum.

Share this post


Link to post
Share on other sites

Mine blocks as others have stated, but after several seconds, Spywareblaster switches over to updates2.spywareblaster.net (from updaes1) which then downloads the update.

I'm in North Texas using Verizon FIOS for reference.

Share this post


Link to post
Share on other sites
however the program does allow you to add individual blocked IP addresses to the Ignore List - so at present I have selected that option to get around this problem.

Sorry for my ignorance. Can someone tell me how to add blocked IP addresses to the Ignore List?

Thanks so much.

Share this post


Link to post
Share on other sites
Sorry for my ignorance. Can someone tell me how to add blocked IP addresses to the Ignore List?

Thanks so much.

To access a site that is currently blocked that you wish to view, you may add it to the IP Protection ignore list(v1.42 required) as described below:

Navigate to the page, right-click the Malwarebytes system tray icon(near clock) and select an IP or all IPs listed and they will now be added to the ignore option and listed in the 'Ignore' tab. You may need to refresh the page to access the site.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.