Malwarebytes Anti-Malware blocking website

Discussion in 'other anti-malware software' started by beethoven, Apr 10, 2012.

Thread Status:
Not open for further replies.
  1. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    I noticed that my Malwarebytes Anti-Malware is blocking access to two "suspicious" websites: 199.27.135.184 and 141.101.124.185.
    Right clicking the icon until a few minutes ago, I could still see these ip addresses and was able to add them to the ignore list. They now don't show up anymore. I suppose this "add to ignore function" is only available within a short time frame after the original blocking.

    I checked out the addresses and they both lead to CloudFlare.

    Is there any function with Mbam to allow me to see what program tried to access these ip addresses or can it only be a browser? At the time, the only site on my browser that was open was my banking site. According to Wikipedia
    Does that mean my bank is using this technology but Mbam thinks the site is suspicious? Any info would be greatly appreciated.
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. damoncloudflare

    damoncloudflare Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    7

    What were the two websites?

    The issue here is that CloudFlare has lots of sites tied to those IPs, so if malwarebytes blocked access to those ips because of one site, then it is going to impact all of the other sites under those ips. We're trying to work with malwarebytes about this issue (it doesn't *mean* that the sites you're visiting actually have malware).
     
  4. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Damon - the site in question is http://www.anz.com.au/personal/
     
  5. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Wow thats weird because I was getting the same thing today after I updated to the new version 1400.I was in here at wilders when I first got the popup of blocking outgoing connection to the IPs you listed on port something.

    I never visited any such site or is MBAM a Firewall so why that behavior is beyond me. I find this very odd and confusing,but I have since uninstalled and reinstalled a fresh copy and has not done it since.
     
  6. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    @ Beethoven do you have Fanboy tracking protection,because I just replicated the problem.. When adding FanBoy on the tracking list for IE9 is when I am getting the IPS being blocked..In my case it was something with the update and Fanboy on the tracking list.I have since removed the tracking list and MBAM no longer gets the outgoing IP blocks.

    See Here screen shots.
     

    Attached Files:

    Last edited: Apr 11, 2012
  7. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Guys,

    I followed Cudni's good advice and went to the mbam forum where i found that this has been lodged yesterday
    http://forums.malwarebytes.org/index.php?showtopic=108447

    As for the background to this IP checking, here is some explanation:
    http://forums.malwarebytes.org//index.php?showtopic=21076

    So, for me this came "out of the box" - no Fanboy tracking protection necessary for this.
     
  8. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Well that explains a lot.:thumb:
     
  9. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    thats reason why people write help files or the online help - using windows press F1 to open the online help for the programm:

    open mbam.chm

    tab=content
    click "features and functions"
    click "protection"
    ofc - not that long - but as an essential information absolutely usefull

    :rolleyes:
     
  10. damoncloudflare

    damoncloudflare Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    7

    Thanks for the additional info. Including what is basically happening relative to CloudFlare and interim fix...


    Our only recommendation we can make right now is to disable the "malicious website blocking" module in the software http://cl.ly/23260l28330F110Q082c . Here's the problem:

    -- Say one site on CloudFlare has an issue (according to Malwarebytes).

    -- This site is on CloudFlare's IPs.

    -- In addition to that one site being on CloudFlare's IPs, there are also potentially hundreds (or more) sites on those same IPs. If Malwarebytes blocks those ips with their software, they are blocking every site on the CloudFlare network with those IPs (in other words, they are blocking tons of domains because of an issue with one domain).

    It doesn't look like this is an issue we can easily resolve with Malwarebytes right now. We have offered to block malware URLs from sites they report an issue with, since we have the capability to do so, but the stance of Malwarebytes is that we have to take down the site. We can't take a site down for two primary reasons:

    -- We're not a hosting provider.

    -- The site owner may have unknowingly been hacked and is unwittingly distributing malware.

    We will continue to see where our discussions with Malwarebytes goes & we hope this will change in the future.
     
  11. m0use0ver

    m0use0ver Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    81

    Sorry Damon you are on a security forum and to suggest something as wholesale like that as a solution is akin to suggesting switching off your AV inorder to run a keygen.

    Adding individual IP's to ignore list would be a more secure and sensible approach:thumb:


    Reading their IP guide they say there is around a 50% cut off rate for blacklisting shared IP's.

    Methinks the lady does decry her innocence too much or at least there must be some systemic abuse going on at those IP's inorder for them to be blocked in the first place.Are you really being blacklisted for just 1 bad website ?
    .
    Please remember Malwarebytes are doing their best to clean up the malicious code on the internet and protect computers users.If you have no malicious code being distributed from thoses IP's then they would have no reason to block them in the first place.

    Goodluck to both of you where the end result is less malious code being distributed on the www
     
Loading...
Thread Status:
Not open for further replies.