44 replies to this topic

[Jay12]

My users have reported that malware bytes is blocking my website , the site uses cloudflare

ips reported are :

199.27.135.14

173.245.60.80

[Somethngcreative]

Hi,

I also got the same IP Block, the Ip's that were blocked were:

199.27.135.184

141.101.124.185

I did reversedns on the IP's and they were linked to cloudflare.

[JordanElliott]

same ips above being blocked here. and another cloudflare one 141.101.124.136

[Jay12]

Heres a full list of the ip ranges:


IPv4

204.93.240.0/24
204.93.177.0/24
199.27.128.0/21
173.245.48.0/20
103.22.200.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
Also available as a IPv4 text list.
IPv6

2400:cb00::/32
2606:4700::/32
2803:f800::/32
Also available as a IPv6 text list.

[craigb]

Somethngcreative, on 10 April 2012 - 03:57 PM, said:

Hi,

I also got the same IP Block, the Ip's that were blocked were:

199.27.135.184

141.101.124.185

I did reversedns on the IP's and they were linked to cloudflare.

Im also recieving the exact same two IP's in my alerts, what services are using cloudflare ?

[MysteryFCM]

This is being worked on, thank you.

[Jay12]

Will you update this thread when this has been resolved, thankyou.

[JordanElliott]

here is some more cloudflare ip's still being blocked:

199.27.135.243
141.101.124.244
199.27.135.22
141.101.124.232
173.245.60.121
141.101.124.136

[MysteryFCM]

You don't need to post these, I'm already aware of them and am awaiting a response from CloudFlare.

[MysteryFCM]

Jay12, on 11 April 2012 - 10:27 AM, said:

Will you update this thread when this has been resolved, thankyou.

I will, yes.

[Jay12]

MysteryFCM, on 11 April 2012 - 11:12 AM, said:

I will, yes.

Much appreciated. Any kind of timescale i can tell my members that use Malware bytes or do we wait......

[_Rich]

Hello Malwarebytes
It's been a while since my last visit here. Just wanted to confirm that I am getting the same blocks.

[MysteryFCM]

This is still being worked on (no time frame yet).

[Karim]

We have the same problem malwaresbytes is detecting the CDN cloudflare as a suspected malware and our visitors are claiming about this

here is our ips :
141.101.124.119
199.27.135.118

thank you

[MysteryFCM]

Please do not post duplicate posts (your other post has been removed).

I am aware of this and trying to work with CloudFlare to resolve the matter.

[alan_oldstudent]

I'm getting a similar message. I'm one of the website administrators for www (dot) occupytacoma (dot) org, and not so long ago, we were recently hacked in an attempt to take us off line. It took us nearly a couple of weeks to get back on line. Perhaps a bit of my mystery is that www (dot) occupytacoma (dot) org now redirects to a temporary mirror at www (dot) occupy-tacoma (dot) org while we're cleaning up the old SQL database. As far as I know, our ISP does not use CloudFlare, so I'm really puzzled.

I am using the "(dot)" in my messages because this is my first posting on this forum, and I did not want to look like a spammer

Here are some of the IPs:

173.245.60.81
199.27.135.15

Regards,
Alan OldStudent

[gerardwil]

MysteryFCM, on 11 April 2012 - 10:20 PM, said:

Please do not post duplicate posts (your other post has been removed).

I am aware of this and trying to work with CloudFlare to resolve the matter.

There is some sort of answer at Wilders: http://www.wildersse...ad.php?t=321912 (#10)

[Jay12]

alan_oldstudent, on 13 April 2012 - 02:28 PM, said:

I'm getting a similar message. I'm one of the website administrators for www (dot) occupytacoma (dot) org, and not so long ago, we were recently hacked in an attempt to take us off line. It took us nearly a couple of weeks to get back on line. Perhaps a bit of my mystery is that www (dot) occupytacoma (dot) org now redirects to a temporary mirror at www (dot) occupy-tacoma (dot) org while we're cleaning up the old SQL database. As far as I know, our ISP does not use CloudFlare, so I'm really puzzled.

I am using the "(dot)" in my messages because this is my first posting on this forum, and I did not want to look like a spammer

Here are some of the IPs:

173.245.60.81
199.27.135.15

Regards,
Alan OldStudent

With the greatest of respect this thread is for reporting cloudflare related issues.

If you have issues that are not cloudflare related as yours appear not to be, then maybe you should start a new thread.

[MysteryFCM]

gerardwil, on 13 April 2012 - 02:37 PM, said:

There is some sort of answer at Wilders: http://www.wildersse...ad.php?t=321912 (#10)

Yep, basically, as far as they're concerned, they're not the host so aren't responsible for whatever their "customers" get up to (the argument being it just pushes the problem to someone else's lap). However, it is their service being mis-used, which whether they like it or not, makes them responsible too, and means they need to enforce their AUP/ToS.

Yes, they did block a few URLs (and even then, not until after the IPs were blocked - they refused to do anything prior to that, regardless of the fact they'd been given evidence to show what was happening in those cases), but again, that's not good enough as all the bad guys need to do is change the filenames or stick the malicious code in other files - something they've already done, and are in the process of doing in two on-going cases (dedicated drive-by sites).

And this is just a small part of a much larger issue with them (not going into that yet however).

Their last e-mail to me was Thu 12/04/2012 00:07, and whilst I've replied, there's been nothing from them since. Put simply, unless their attitude towards abuse changes, it is highly unlikely they'll be unblocked any time soon.

[MysteryFCM]

Jay12, on 13 April 2012 - 02:37 PM, said:

With the greatest of respect this thread is for reporting cloudflare related issues.

If you have issues that are not cloudflare related as yours appear not to be, then maybe you should start a new thread.

It is related.