Results 1 to 11 of 11
  1. #1
    2 Star Lounger
    Join Date
    May 2003
    Location
    Chicago, Illinois, USA
    Posts
    159
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Malicious Web-site contact repeatedly blocked

    Every few minutes I've been getting a message that Malwarebytes Anti-Malware has successfully blocked access to a potentially malicious web site at 208.73.210.28.

    I'm glad the software is doing its job.

    Can anyone tell me what's going on and what else I can do to protect my system from this attack?

    Thanks.

    Neal

  2. #2
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 933 Times in 853 Posts
    Quote Originally Posted by NealNYC View Post
    Every few minutes I've been getting a message that Malwarebytes Anti-Malware has successfully blocked access to a potentially malicious web site at 208.73.210.28.

    I'm glad the software is doing its job.

    Can anyone tell me what's going on and what else I can do to protect my system from this attack?

    Thanks.

    Neal
    A Google search for this address does indeed show it to be a high risk site in LA, Ca. You can add this site to the blocked sites. In IE, Tools, Internet Options, Security tab, restricted sites, Sites and add the site as http:// then add the web site URL (I did not want to actually add the site here because it would automatically create a link which I do not wish to do). In this manner the site should be blocked by IE.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  3. #3
    2 Star Lounger
    Join Date
    May 2003
    Location
    Chicago, Illinois, USA
    Posts
    159
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thank you for the research and the advice.

    How do I block it with Firefox?

    Thanks.

  4. #4
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 933 Times in 853 Posts
    Quote Originally Posted by NealNYC View Post
    Thank you for the research and the advice.

    How do I block it with Firefox?

    Thanks.
    I'l have to check when I get home from work. Do not have FF at work.

    Checked FF at home, not sure, sorry.

    Edit after more research: It appears you have to use an add on to block sites in FF. I would open the FF add ons tool and search for site blocker add ons.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  5. #5
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,846
    Thanks
    7
    Thanked 253 Times in 238 Posts
    I would be worried that your machine is attempting to access that site. Time for a complete AV scan methinks.

    cheers, Paul

  6. #6
    New Lounger
    Join Date
    Jun 2010
    Location
    NM
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You should first subscribe to the FREE OpenDNS service. Read the features of the Basic edition. I have never been hacked. It's easy and it will block malicious web sites. Also, you should download the mywot plugin add-on. It will warn you of the integrity of all malicious web sites. Use the NoScript plugin as well. Both add-ons protect you and NoScript has a learning mode for each web site you visit so you don't have to restrict the same scripts all the time. Another useful add-on is Greasemonkey. Many free add-ons are useful. Congratulations on choosing Firefox.

  7. #7
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,329
    Thanks
    140
    Thanked 117 Times in 100 Posts
    I would use a firewall in addition to Malwarebytes, so that you could get alerts as to what process is trying to connect to that IP Address. You really need both the destination and the originating process to track down what's going on in these cases. The objective is not to block the outbound traffic, but to track down which process spawns the traffic. That would be the best way to stop the problem, if indeed it is a problem, and not normal behavior for some program or process on your computer.

    Comodo Firewall with Defense Plus will tell you the information about the process. PC Tools Threatfire could also probably track down the process. Both programs are free, and would not conflict with Malwarebytes. Then you could find out what on the local computer is trying to access this IP Address. Right now you only have about half the data you need to know anything for sure.
    -- Bob Primak --

  8. #8
    2 Star Lounger
    Join Date
    Feb 2010
    Location
    U.K.
    Posts
    108
    Thanks
    0
    Thanked 17 Times in 13 Posts
    Quote Originally Posted by P T View Post
    I would be worried that your machine is attempting to access that site. Time for a complete AV scan methinks.

    cheers, Paul
    I fully agree.

    There is a BIG danger that if malware is attempting to access what Malwarebytes knows is bad for you,
    it could also access a hundred other sites that Malwarebytes and WOT etc. have yet to identify.

    Follow Bob's advice.
    If you have a good firewall it will warn of unexpected outgoings without waiting to know if the destination is harmful,
    and this should also protect against keyloggers etc. from phoning home.

  9. #9
    New Lounger
    Join Date
    Jan 2010
    Location
    sw virginia
    Posts
    19
    Thanks
    1
    Thanked 1 Time in 1 Post
    From the message, it sounds like MBAM is blocking an attempt to get to the site, which could be malware phoning home, OR a redirect in the page you are viewing. Either way, if you put it in your HOSTS file, you should not see the message again for that URL.

  10. #10
    Lounger
    Join Date
    Jun 2010
    Location
    A Texas State of Mind
    Posts
    44
    Thanks
    0
    Thanked 0 Times in 0 Posts
    options to consider
    In Firefox, click on the Tools Tab > Options... > Privacy Tab.
    Then, in the Cookies Pane, ensure the Accept Cookies box is checked. Click on the Exceptions Button and type in the URL of the website you want to block, and click close, close and done.

    use an add on for firefox
    https://addons.mozilla.org/en-US/firefox/addon/3145/


    add the url to your HOST file or add a good well known HOST file
    http://www.mvps.org/winhelp2002/hosts.htm
    http://www.bleepingcomputer.com/tuto...utorial51.html

    a little tutorial I found on how to use the Windows HOST file and add the url to it
    "1.Go to your HOSTS file which is located at:
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC for windows Vista and XP
    C:\WINNT\SYSTEM32\DRIVERS\ETC for Windows 2k
    C:\WINDOWS for Windows 98 and ME

    2. Open HOSTS with Notepad.

    The default Windows HOSTS looks like this:
    ______________________

    # Copyright © 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a "#" symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host
    #
    127.0.0.1 localhost
    _____________________________

    3. Directly under the line that says 127.0.0.1 Localhost, you will want to type:

    127.0.0.1 name of the URL you want to block

    For example to block the MySpace.com homepage (highly recommended!), simply type:

    127.0.0.1 myspace.com
    127.0.0.1 www.myspace.com

    Other parts of MySpace could be blocked in a similar way:

    127.0.0.1 search.myspace.com
    127.0.0.1 profile.myspace.com
    etc etc etc...

    You may need to add sites with both with and without the "www.". Test after blocking to make sure you got it right.

    You can add as many sites as you wish to block in this fashion.

    4. Close Notepad and answer "Yes" when prompted.

    5. Reboot your computer and attempt to access your now blocked website. You should see a Cannot find server or DNS Error saying: "The page cannot be displayed".

    edit to add I would also install the free spywareblaster which you update weekly and then enable all protection so the shield is green, no scans to run it just helps protect you from certain known bad sites.
    http://www.javacoolsoftware.com/spywareblaster.html

  11. #11
    New Lounger rdanner3's Avatar
    Join Date
    May 2010
    Location
    AL
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by R-C View Post
    I would also install the free spywareblaster which you update weekly and then enable all protection so the shield is green, no scans to run it just helps protect you from certain known bad sites.
    http://www.javacoolsoftware.com/spywareblaster.html
    Had lost the URL. Thanks, R-C.
    Quote Originally Posted by R-C View Post
    1.Go to your HOSTS file which is located at:
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC for windows Vista and XP
    C:\WINNT\SYSTEM32\DRIVERS\ETC for Windows 2k
    C:\WINDOWS for Windows 98 and ME

    2. Open HOSTS with Notepad.
    Won't work in Windows 7 at all. For Win7 (and probably Vista and XP as well), you must run Notepad in Administrator mode. (tap the Windows key, type Notepad, R-click "notepad.exe", select "run as administrator", respond to UAC) or you can't save the resulting file where it needs to be.
    Mr. Raymond Danner III

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •