37.221.165.32/28 blocked (Voxility ranges)

[GEOTOR]

So my IP range is fully blocked with you guys:

37.221.165.32 - 37.221.165.47

as a matter of fact I see that ALL the voxility.com announce IP's are block. what is this all about?!

http://bgp.he.net/AS39743 they are a top Romaian hosting company.

Please unblock my IP range, would very much be appreciative

[MysteryFCM]

They may be a "top Romanian company", but they're also a very criminal friendly company. Until this position changes, they aren't being unblocked.

[GEOTOR]

They may be a "top Romanian company", but they're also a very criminal friendly company. Until this position changes, they aren't being unblocked.

Criminal friendly? Thats statement is a little ridiculous, don't you think? I had an in-depth look into their TOS, and even went to the extent of ringing them up asking several questions. They do not allow anything close to criminal or malicious on their network.

They claim to take any form of abuse very seriously.

For example:

Scam Sites (ex: Ebay/Paypal,CC/Password Scam sites)

Mailbombers or any sort of spam sites

Phishing Sites

Child Porn Sites

Spam email

Netscan / Hack programs and archives

Malicious Scripts (ex: originate DDoS attacks or hack attempts)

Botnet/Doorway/Carding

Anything than can result in Spamhaus listing

Feel free to look at any sort of RBL/spamhausing listing on their IP range, I personally could not find any black-listed IPs anywhere else but on malwarebytes... This leads me to believe that whoever set this black list on the Voxility network *might* (and this is only a suspicion) have had a personal quarrel with them. Certainly if this is the case, such conduct would be highly unprofessional on the part of Malwarebytes, and overall a terrible image for your company.

[st3reo]

I arrived here via a google search wanting to see if there's anyone else fed up with spam from Voxility clients.

I work for a university in Romania and we receive massive ammounts of spam from their IP blocks.

I have filled in numerous complaints with Voxility providing logs and evidence of the illegal activity of their clients and not even once have I even got a reply that they will investigate.

Voxility is a haven for spammers and all sorts of criminal activity. I suggest you ban all the IP blocks routed via their AS (AS39743).

As for their "TOS"..of course they have one condemning illegal activity, but I'm pretty sure that's just so they have their back covered and say "oh we had no ideea" when police come knocking.

[GEOTOR]

@st3reo, If you are so fed up just give them a call speak with someone directly to get your issues resolved, I have called Voxility a fair few times (in and out of working hours) always had my call answered with in 30seconds.

My statement above still stands. Just because malwarebytes had a bad run with a client or two that were on voxility doesn't mean its worth of banning a whole network? I hope this will be reconsidered

[MysteryFCM]

It's not "a client or two", and as already mentioned, until their position changes on abuse (I know what their ToS says, but what it says, and what they actually enforce, are two entirely different matters), they're not going to be unblocked.

[3barsfull]

I'm getting fed up with malwarebytes blocking legitimate websites. Many people I know that I have suggested using mwbs to are also getting fustrated by it. Just blanket blocking everyone is pathetic. Many people think that mwbs is blocking many websites that could be considered "suspicious" ie torrent sites even though they are safe to visit and most often legal. Why not unblock geotors IP range, since you know now that its not being used for attack websites etc.

Many people I know will stop using malwarebytes depending on how hard lined you are, this will be a perfect example. I only use mwbs free but many of the people I refer to it buy the premium version.

[siketa]

You can always turn off web protection.

[3barsfull]

You can't seriously see that as a solution siketa. That sounds like good malware detection software, having to disable it to browse the internet.

[siketa]

Of course not.

Consider it as a temporary bypass.

[3barsfull]

Tempory until what? That's the whole point in what I said, if they don't fix this (as they stated they wont), everyone leaves.

[MysteryFCM]

As mentioned, until Voxility changes their position, this will not be getting unblocked.

[merced_s]

I work in support for Voxility and a customer told us about this thread.

To whoever is interested, Malwarebytes have been contacted several times in the past year several times to provide a reason for blocking thousands of IP's. If is something wrong we would like to hear it!

In their replies, they are unable to point to anything else than "our behaviour". Since I am one of the persons that shuts down customer servers for lighter reasons than malware, I suppose their real reasons are different than what malwarebytes name says.

We thank you to those few who complained and agreed with our explanation to disable the software on their computers. This is an industry based on trust and it is sad they cannot really contribute to a safer Internet.

[Guardo]

GEOTOR: I feel for you, but your research into the issue is severely lacking. MB does not care how quickly Voxility answers their phone, nor what they "say" they will do... only the evidence speaks to them, and that evidence is fairly damning. Just the Spamhaus evidence is enough in my opinion... but there is quite a litany of garbage that has been documented as coming from Voxility. I have to ask why you would target MB as the problem here when the true culprit is Voxility and their apparent lack of control (or care) of their network.

3barsfull: I too recomend MB to my clients, and many of them purchase the full version (as I myself did). Not once have I or my clients evidenced any issues with false positives. The 'problem' is that MB does know that Voxility is a constant source of garbage, and are treating it accordingly. I, for one, purchased MB for just that reason.

merced_s: "This is an industry based on trust and it is sad they cannot really contribute to a safer Internet."... now that's the pot calling the kettle black! MB saves millions of computers every year, and your network is well-known as the source of malware and other garbage. Who's the one "not contributing" here? Trust is EARNED my friend. And considering I just today received a phishing email that directs people to a host on your network to "update my Windows installation records"... you guys aren't winning any trust points with me.

I have seen and heard it all over the years, the excuses, the rationale, the flat-out lies. The words are pretty, but the stench still comes through. Maybe you do take action against abuse, but if those abusers can simply open another account under a different name and continue their abuse... that's not a solution. And until you do implement an effective policy to reduce the abuse, you will run into issues just such as this.

Just my 2 cents.

[pointtx]

This came up second on my Google search for voxility abuse. I was searching to see if it was worth reporting spam from a voxility server (coming through a captaa-protected submission form, and I wrote the captaa myself, using the "solve this english equation" technique, so it's not easily prone to a bot attack based on existing code).

Sounds like it isn't.

For verification, the offending IP was 37.221.174.111.

[Russiandude212]

Why not give users the ability to manually add an "unblock url" ability, sort of what you do with the "Ignore List" tab? I have a list of websites that are blocked on malware which I KNOW are legit, and so I have to disable web protection every time I use them.

[MysteryFCM]

Why not give users the ability to manually add an "unblock url" ability, sort of what you do with the "Ignore List" tab? I have a list of websites that are blocked on malware which I KNOW are legit, and so I have to disable web protection every time I use them.

This facility is currently available on a per IP basis. To do so, right click the tray icon when the block occurs, and select "Add to ignore list".

[AnonymousOne]

I keep receiving spam links in my contact forms and prayer requests forms on my website from two VOXILITY/ROMANIA employees:
SIRBU SILVIU
AMALIA TOMA
They are from Romania, and there is no way to contact them directly! This is an abuse of my site, as they
are posting wips.com links from a bogus email account:

"barny182@hotmail.com"
My site is for people in need of PRAYER, not to have links inserted. They wont stop even after I've asked them to.
 

[edendom]

I have a server and yesterday I underwent a DOS attack from an IP hosted voxility.com

I've noticed quickly and I blocked their IP address in the firewall on my server but I find that I am not alone in this.

 

Not forgetting that there was a time that my server has been hacked and malware was injected through ip also voxility.com. Definitively banish!

[Yrai]

We (a small B2C site) have recently been seeing low-level attacks from 37.221.173.229 and 37.221.175.38, both assigned to voxility.com.

 

According to whatismyipaddress.com, these are both confirmed proxies:

http://whatismyipaddress.com/ip/37.221.173.229

http://whatismyipaddress.com/ip/37.221.175.38

 

They have been supportive of open proxies in the past:

http://www.torservers.net/wiki/hoster/experience#voxility_ro

[Boberoo]

My windows 8 PC has been uploading at full speed to 5.254.103.113 for most of the morning.

 

ping -a says that IP belongs to lh25488.voxility.net 

 

Does that mean my PC is being used as a spambot, or do I have some legitimate app doing something.

 

I don't have much installed at all, and am based in South Africa, so I find this very suspicious.

[MysteryFCM]

Chances are you've got an infection onboard. Please follow the instructions at;

 

https://forums.malwarebytes.org/index.php?showtopic=9573

 

As an aside, that IP belongs to legalrc.biz.

[Guarana]

Voxility is the hosting of choice for a big part of the criminals on the internet. That their website looks more like a booter than a company website, is not a coincidence. MBAM blocking it is one of the best security features on the software.

[David H. Lipman]

Guarana:

Please reference: Important: Please Read Before Reporting A False Positive
 
Post #2

If you are not a member of Staff or Experts group please do not reply to other users posts in either the File or Web Blocking forums.

 
Thank you for understanding.

[leo3487]

I will break a few the rule (or if preffer say me where is the indicated forum) to say:

 

Why Malwarebytes Anti Malware make than good sites pay for bad sites?

I know than there is the forum for false positive report, but when IP is shared with bad sites, stuff members only limit to say "It is not a F/P" or "It's not a F/P. IP is housing RAT's" and similar answers.

 

If stuff members when one post only the IP, ask for URL, then it is for they chech the site, right? Then why no use a white list, than work after the IP blacklist?