Jump to content
zappe

certcollection.org

Recommended Posts

No offence, but were you actually looking at that properly?

Still there;

http://certcollection.org/forum/topic/15010-microsoft-windows-7-ultimate-final-x64-retail-original-iso-from-technet/
http://certcollection.org/forum/topic/19945-vmwareviewv400210939inclkeymaker/
http://certcollection.org/forum/topic/17136-dvd-ms-exchange-2007-serial/
http://certcollection.org/forum/topic/14259-windows-7-ultimate-x32-genuine-oem-activator/
http://certcollection.org/forum/topic/15011-operating-system-microsoft-windows-7-ultimate-n-1-x86-retail-22-october-2/
http://certcollection.org/forum/topic/14999-windows-7-ultimate-oem-x86-x64-activated-multilanguage-34gb/

And that's just a quick scan of the first few threads listed on the first page alone, and without even getting started on the piracy of CERT related items.

Share this post


Link to post
Share on other sites

You'll have to do better than that I'm afraid. With all due respect, you need to go through and get rid of ALL piracy related stuff there, we shouldn't need to point it out to you. Only then, will the block be removed.

Share this post


Link to post
Share on other sites

With all due respect Steve, all piracy related stuff are not malwares, and I believe malwarebytes blocks IPs that spread malwares.

Share this post


Link to post
Share on other sites

This issue is now moot at the site is moving to a different ASN and as such, a different IP.

Share this post


Link to post
Share on other sites

Dear Steven, the site was on a VPS before, and now on a Dedicated Server, that's why a different IP. Now the site is blocked only because it is hosted on WorldStream?

Share this post


Link to post
Share on other sites

What's the new IP? (DNS obviously hasn't propogated if it's already been changed as I'm still seeing the IP mentioned previously (217.23.5.195), as is OpenDNS)

Share this post


Link to post
Share on other sites

Dear Steven,

Thank you for swift reply. Yes the IP is still 217.23.5.195. The site is working on my end though.

Share this post


Link to post
Share on other sites

Isn't that exactly the same as the old IP?

Share this post


Link to post
Share on other sites

I thought you were talking about 193.200.164.19, which was the old IP when site was hosted on VPS.

Share this post


Link to post
Share on other sites

I'm looking into this a little further and will get back to you.

Share this post


Link to post
Share on other sites

Can someone point me on where I can get information on what exactly the role of "malwarebytes" here is in coming between users and a site in such a fascist way?

Share this post


Link to post
Share on other sites

Can someone point me on where I can get information on what exactly the role of "malwarebytes" here is in coming between users and a site in such a fascist way?

I wish people would stop attempting to inject politics into this.

As the lead researcher I get to make the final say and here is my opinion.

Cracks and keygen sites have a long and well documented history of malicious content and due to threat consolidation these are high risk locations no different than adult IP ranges typically loaded with fake codecs and exploits.

That being said we are exploring ways of splitting our IP block list up allowing the user to select additional protection and cracks/keygen sites will without question be something the user will have the option of blocking due to threat consolidation.

I do not in any way care about the content on any site, I only care about its malicious potential and if it is elevated beyond an acceptable average this is grounds for inclusion on a block list.

Share this post


Link to post
Share on other sites

I'm not injecting any politics whatsoever. I want to know about the technical aspects of this, and what malware's role is as the "middle man" blocking my access.... beyond any legal issues and right or wrong of the site being up, if the site owner has the domain registered in "x" country, poiting to "y" dns server, and that should be enough for me to access their site, what exactly is malwarebytes role from a technical perspective to be blocking this? in other words, where do you sit in the traffic path?

Share this post


Link to post
Share on other sites

Our traffic blocking is bidirectional IP based protection. You cannot receive or send packets to IPs on our black list.

To get on this list there needs to record of direct threats or an unreasonable elevation of risk of malware or malicious activities.

For example a dump server where stolen credit card info is deposited would make our list even though there is no actual malware there.

Share this post


Link to post
Share on other sites

Our traffic blocking is bidirectional IP based protection. You cannot receive or send packets to IPs on our black list.

To get on this list there needs to record of direct threats or an unreasonable elevation of risk of malware or malicious activities.

For example a dump server where stolen credit card info is deposited would make our list even though there is no actual malware there.

I see, but how exactly is that done from a technical perspective? Right now for example, my dns servers resolve that entry, so what exactly are you doing to prevent me from connecting to their server directly as per any mormal http connection? Do you have something to do with their hosting? Are you in the traffic path somehow? That the techincal part I'd like to learn.

Thanks.

Share this post


Link to post
Share on other sites

For the record after seeing a comment like "such a fascist way" you have to understand that you have not exactly set the stage for an open and friendly dialog.

The protection is not HOSTS based, DNS based or anything else to do with domian resolution. Connections in any form to blacklist IPs are simply denied. it does not matter in which form these connections take place. Pages loading, downloads and uploads are all blocked by the same mechanism.

Share this post


Link to post
Share on other sites

For the record after seeing a comment like "such a fascist way" you have to understand that you have not exactly set the stage for an open and friendly dialog.

The protection is not HOSTS based, DNS based or anything else to do with domian resolution. Connections in any form to blacklist IPs are simply denied. it does not matter in which form these connections take place. Pages loading, downloads and uploads are all blocked by the same mechanism.

Ok, you're right.. sorry... :S

I understand it not having to do with name resolution, just thinking for some ppl it didn't resolve, just putting it out there as that not being a problem.

The question is who denies the packets and how?? Let's say (for the sake of saying a number) that bewteen my pc and their server there are 20 routers. How can you block packets going from my computer to their server? Are you in control (or able to request at least) any of those devices in the path of the traffic? That is what I meant. Because if not, I just don't see any other way as to how you can block traffic between 2 hosts :S

Share this post


Link to post
Share on other sites

Ok, you're right.. sorry... :S

I understand it not having to do with name resolution, just thinking for some ppl it didn't resolve, just putting it out there as that not being a problem.

The question is who denies the packets and how?? Let's say (for the sake of saying a number) that bewteen my pc and their server there are 20 routers. How can you block packets going from my computer to their server? Are you in control (or able to request at least) any of those devices in the path of the traffic? That is what I meant. Because if not, I just don't see any other way as to how you can block traffic between 2 hosts :S

Edit: just for the record, I'm interested in all this stuff because I work in Network Security.

Share this post


Link to post
Share on other sites
Guest Bugen

Here is some info about certcollection.org

Link 1

Link 2

Also the current ip address, 95.215.63.82, is located in Spain :unsure:

Share this post


Link to post
Share on other sites

No offence, but were you actually looking at that properly?

Still there;

http://certcollection.org/forum/topic/15010-microsoft-windows-7-ultimate-final-x64-retail-original-iso-from-technet/
http://certcollection.org/forum/topic/19945-vmwareviewv400210939inclkeymaker/
http://certcollection.org/forum/topic/17136-dvd-ms-exchange-2007-serial/
http://certcollection.org/forum/topic/14259-windows-7-ultimate-x32-genuine-oem-activator/
http://certcollection.org/forum/topic/15011-operating-system-microsoft-windows-7-ultimate-n-1-x86-retail-22-october-2/
http://certcollection.org/forum/topic/14999-windows-7-ultimate-oem-x86-x64-activated-multilanguage-34gb/

And that's just a quick scan of the first few threads listed on the first page alone, and without even getting started on the piracy of CERT related items.

Dear Steven,

I see Certcollection.org is back up. Unfortunately, I also see continued use of piracy in the "Training Offers and Requests" subforums, linked here http://certcollection.org/forum/forum/1-training-offers-requests/

Detailed examples, just from the first two messages:

http://certcollection.org/forum/topic/117570-0527-last-version-testinside-ccna-v218590q/ links to pirated software here

http://certcollection.org/forum/topic/64966-cbt-nuggets-ccna-640-816-640-822-rapidshare/ links to pirated software here

I could go on, but I think you should get the point. It is clear to me that certcollection.org has not met your conditions.

Edited by shadowwar
Removed direct pirate links.

Share this post


Link to post
Share on other sites

Thanks for the info. I'm aware of the current status and am continuing investigations.

Share this post


Link to post
Share on other sites

WingTip

Those links might be containing "pirated software", but in no way they are related in distributing malware / spyware or any stuff like that.

Steve please let me know if I can be of any help with your investigations.

Thank you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.