website address included

[hkw]

Eact time there are messages showing IP addresses of blocking sites which are rather confused to users and hope to add website addresses so as to give a better picture of the exact websites so users may pay more attention to those sites and take necessary action in due course. But just giving IP address, users may not know what exactly they are.

I sincerely hope that moderators and experts of this Forum can reflect this opinion to concerned sections / departments to consider as addition to your blocking library in future releases.

Many thanks!

[exile360]

Greetings

Unfortunately because of the way the malicious website blocker in Malwarebytes' Anti-Malware works, there is no way to determine what website was visited or even if a website was visited at all.

The reason is that a website (also known as a domain name, for example www.malwarebytes.org) has its own IP address, but multiple domain names can reside on a single IP address, and since our program blocks sites based on IP address and not domain name, we cannot determine which site was visited, if any.

The reason I say that you may not have visited a website is because many programs connect to IP addresses, not just internet browsers like Internet Explorer and Firefox. An example would be Peer-to-peer programs like Bittorrent clients, Skype etc. They connect to many IP addresses and if any program tries to connect to an IP address that is on our block list, it will be blocked. The same is true for incoming connections, so if an IP address in our block list attempts to connect to your computer remotely, the connection will be blocked.

I hope that clears things up for you a bit and thank you for the suggestion, I unfortunately don't see a way that we could implement such a feature though.

[hkw]

It's no way to change if your blocker works in this way. Because we users are rather confused with the IP address by not knowing what exact website it denotes.

Anyway thanks a lot for giving so clear description on the way how MBAM blocker actually works.

[exile360]

You're welcome.

Yes, our website blocker doesn't work like a HOSTS file, which does block based on domain names (i.e. website addresses), that's because we have frequently found that particular IP's will have many malicious domains on them so we block many bad sites with just one IP entry. Also, malware makers these days have begun rotating domain names to prevent blocking their infections by just blocking a particular domain name, but rotating IP's is much more difficult, costly and time consuming so it is something that they do less frequently.

Of course, false positives do happen as well and sometimes the IP addresses do get cleaned up and we remove them from our block list when they do. If you or anyone else comes across a block that you believe is a false positive please follow the instructions in this post IP Blocking False Positives and post the info here: False Positives.

One of our researchers will look into it and determine if the IP address can safely be unblocked or not.

Regardless, thank you for the suggestion. New suggestions are always welcome and we try to add the features that our users want when possible so please don't be discouraged by the outcome of this particular request as it's simply a limitation of the technology being used (IP addresses versus domain names).

Thanks.