Malicious Web-site contact repeatedly blocked

Topic

New Reply

Every few minutes I’ve been getting a message that Malwarebytes Anti-Malware has successfully blocked access to a potentially malicious web site at 208.73.210.28.

I’m glad the software is doing its job.

Can anyone tell me what’s going on and what else I can do to protect my system from this attack?

Thanks.

Neal

Reply | Quote

Replies

Every few minutes I’ve been getting a message that Malwarebytes Anti-Malware has successfully blocked access to a potentially malicious web site at 208.73.210.28.

I’m glad the software is doing its job.

Can anyone tell me what’s going on and what else I can do to protect my system from this attack?

Thanks.

Neal

A Google searchfor this address does indeed show it to be a high risk site in LA, Ca. You can add this site to the blocked sites. In IE, Tools, Internet Options, Security tab, restricted sites, Sites and add the site as http:// then add the web site URL (I did not want to actually add the site here because it would automatically create a link which I do not wish to do). In this manner the site should be blocked by IE.

Reply | Quote

Thank you for the research and the advice.

How do I block it with Firefox?

Thanks.

Reply | Quote

Thank you for the research and the advice.

How do I block it with Firefox?

Thanks.

I’l have to check when I get home from work. Do not have FF at work.

Checked FF at home, not sure, sorry.

Edit after more research: It appears you have to use an add on to block sites in FF. I would open the FF add ons tool and search for site blocker add ons.

Reply | Quote

I would be worried that your machine is attempting to access that site. Time for a complete AV scan methinks.

cheers, Paul

Reply | Quote

I would be worried that your machine is attempting to access that site. Time for a complete AV scan methinks.

cheers, Paul

I fully agree.

There is a BIG danger that if malware is attempting to access what Malwarebytes knows is bad for you,
it could also access a hundred other sites that Malwarebytes and WOT etc. have yet to identify.

Follow Bob’s advice.
If you have a good firewall it will warn of unexpected outgoings without waiting to know if the destination is harmful,
and this should also protect against keyloggers etc. from phoning home.

Reply | Quote

You should first subscribe to the FREE OpenDNS service. Read the features of the Basic edition. I have never been hacked. It’s easy and it will block malicious web sites. Also, you should download the mywot plugin add-on. It will warn you of the integrity of all malicious web sites. Use the NoScript plugin as well. Both add-ons protect you and NoScript has a learning mode for each web site you visit so you don’t have to restrict the same scripts all the time. Another useful add-on is Greasemonkey. Many free add-ons are useful. Congratulations on choosing Firefox.

Reply | Quote

I would use a firewall in addition to Malwarebytes, so that you could get alerts as to what process is trying to connect to that IP Address. You really need both the destination and the originating process to track down what’s going on in these cases. The objective is not to block the outbound traffic, but to track down which process spawns the traffic. That would be the best way to stop the problem, if indeed it is a problem, and not normal behavior for some program or process on your computer.

Comodo Firewall with Defense Plus will tell you the information about the process. PC Tools Threatfire could also probably track down the process. Both programs are free, and would not conflict with Malwarebytes. Then you could find out what on the local computer is trying to access this IP Address. Right now you only have about half the data you need to know anything for sure.

-- rc primak

Reply | Quote

From the message, it sounds like MBAM is blocking an attempt to get to the site, which could be malware phoning home, OR a redirect in the page you are viewing. Either way, if you put it in your HOSTS file, you should not see the message again for that URL.

Reply | Quote

options to consider
In Firefox, click on the Tools Tab > Options… > Privacy Tab.
Then, in the Cookies Pane, ensure the Accept Cookies box is checked. Click on the Exceptions Button and type in the URL of the website you want to block, and click close, close and done.

use an add on for firefox
https://addons.mozilla.org/en-US/firefox/addon/3145/

add the url to your HOST file or add a good well known HOST file
http://www.mvps.org/winhelp2002/hosts.htm
http://www.bleepingcomputer.com/tutorials/tutorial51.html

a little tutorial I found on how to use the Windows HOST file and add the url to it
“1.Go to your HOSTS file which is located at:
C:WINDOWSSYSTEM32DRIVERSETC for windows Vista and XP
C:WINNTSYSTEM32DRIVERSETC for Windows 2k
C:WINDOWS for Windows 98 and ME

2. Open HOSTS with Notepad.

The default Windows HOSTS looks like this:
______________________

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a “#” symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost
_____________________________

3. Directly under the line that says 127.0.0.1 Localhost, you will want to type:

127.0.0.1 name of the URL you want to block

For example to block the MySpace.com homepage (highly recommended!), simply type:

127.0.0.1 myspace.com
127.0.0.1 http://www.myspace.com

Other parts of MySpace could be blocked in a similar way:

127.0.0.1 search.myspace.com
127.0.0.1 profile.myspace.com
etc etc etc…

You may need to add sites with both with and without the “www.”. Test after blocking to make sure you got it right.

You can add as many sites as you wish to block in this fashion.

4. Close Notepad and answer “Yes” when prompted.

5. Reboot your computer and attempt to access your now blocked website. You should see a Cannot find server or DNS Error saying: “The page cannot be displayed”.

edit to add I would also install the free spywareblaster which you update weekly and then enable all protection so the shield is green, no scans to run it just helps protect you from certain known bad sites.
http://www.javacoolsoftware.com/spywareblaster.html

Reply | Quote

I would also install the free spywareblaster which you update weekly and then enable all protection so the shield is green, no scans to run it just helps protect you from certain known bad sites.
http://www.javacoolsoftware.com/spywareblaster.html

Had lost the URL. Thanks, R-C.

1.Go to your HOSTS file which is located at:
C:WINDOWSSYSTEM32DRIVERSETC for windows Vista and XP
C:WINNTSYSTEM32DRIVERSETC for Windows 2k
C:WINDOWS for Windows 98 and ME

2. Open HOSTS with Notepad.

Won’t work in Windows 7 at all. For Win7 (and probably Vista and XP as well), you must run Notepad in Administrator mode. (tap the Windows key, type Notepad, R-click “notepad.exe”, select “run as administrator”, respond to UAC) or you can’t save the resulting file where it needs to be.

Reply | Quote