Jump to content

frequent IP blocking when browsing Google Images?


Recommended Posts

I'm trying to figure out why Malwarebytes blocks so many IPs when browsing through Google Images, it's a hotbed for IP blocks. I understand the pics all lead to different sites, but why does Malwarebytes block an IP address if the website hasn't even been visited yet??? I haven't tried Bing or Yahoo's images search engines, but I'd imagine they act the same.

 

If you go to http://www.google.com/imghp, search for something and open up a preview on some photo, you've literally got a 25-50% chance of receiving an IP block. It's that ridiculous.

Link to post
Share on other sites

Hi, Double: :)
 
Please post a recent protection log (attached to your next reply) showing the blocks.
Also, please run the tool below and attach both logs, as well.

The staff will review the logs and advise you further.
 
FWIW, if you are seeing a lot of these, then it could be a sign of infection.
You might wish to follow the advice in this pinned topic: Available Assistance for Possibly Infected Computers.

A malware expert will assist you with looking into the issue.
 
Thanks,
 
daledoc1
----------------------------


Please run the FRST tool and send back both logs as attachments to your next reply.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. The one that runs will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your next reply.
Link to post
Share on other sites

I tried what you wanted. Did a search for random stuff, cars, buildings, computers, landscapes, animals. Did a preview on about 30 pics on each of those searches and didn't get any blocks at all

 

Searching for adult content related to sexy women or those hard-to-find images, or even high resolution images are the biggest triggers. 

 

 

Hi, Double: :)

 

Please post a recent protection log (attached to your next reply) showing the blocks.

Also, please run the tool below and attach both logs, as well.

The staff will review the logs and advise you further.

 

FWIW, if you are seeing a lot of these, then it could be a sign of infection.

You might wish to follow the advice in this pinned topic: Available Assistance for Possibly Infected Computers.

A malware expert will assist you with looking into the issue.

 

Thanks,

 

daledoc1

----------------------------

Please run the FRST tool and send back both logs as attachments to your next reply.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. The one that runs will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your next reply.

 

 

I'm not infected, a full scan in safemode normally says I'm clean. Aside from a couple random webpages, the IP blocks I receive have only ever happened inside Google Images, I hardly get them anywhere else, and I'm generally a safe surfer--only sticking to sites I know can be trusted using Web Of Trust (WOT). Will post a log, but I'm gonna wait until I come across another IP block, I'm trying to avoid them.

Link to post
Share on other sites

Searching for adult content related to sexy women or those hard-to-find images, or even high resolution images are the biggest triggers. 

re-wording this..

  • adult content/women/etc
  • hard-to-find, rarities
  • high resolution (usually up in the 2000x1500px range and higher)
Link to post
Share on other sites

The reason it blocks is simple.  Google is not hosting those images, it is linking to them - so when you view those images  you are, for all intents and purposes, already visiting the site.

 

Google recently made changes to Gmail, they now host content sent from every email. It's probably impossible for them to host every image on Google Images, considering how expansive the World Wide Web is.

 

Another thing worth noting, pictures of all kinds can trigger these IP blocks, but you've got to know where to look, and it helps to be specific (e.g. 'Siberian Husky' instead of 'Husky'). Using the sites' Reverse Image technique on a local image on your computer can reveal sites that trigger IP blocks too.

Link to post
Share on other sites

Again, because it is displaying images from all sites, with very little blocking on their end, particularly if you have safe search filter disabled.

 

This is my Google Image search for the Nissan GT-R: 

https://www.google.com/search?safe=off&site=imghp&tbm=isch&source=hp&biw=1680&bih=885&q=nissan+gt-r&oq=nissna+gt-r&gs_l=img.3.0.0i10i24.4423.5911.0.8596.11.10.0.1.1.0.141.963.6j4.10.0....0...1ac.1.40.img..3.8.610.WnSjmYmpxbc

Take a look at the source code and then do a search for

jpg

And see all the different links that the images are being loaded from in real time.

Link to post
Share on other sites

Hi, Double: :)

 

In addition to what JLG advised, it sounds from what you describe as if MBAM IP-blocking is doing its job.

 

Thanks,

 

daledoc1

 

P.S. You mentioned that you ran MBAM scan in Safe Mode. That's not how it was designed to work. It's best run in normal Windows mode. Safe mode scanning is only for use if it cannot run normally because of severe infection. In that case, there are other tools, such as Chameleon, that can be used to run it. <just sayin'>

Link to post
Share on other sites

Take a look at the source code and then do a search for

jpg

And see all the different links that the images are being loaded from in real time.

Sorry i think I've misunderstood this part, what you are trying to say here? source code? how to search with the jpg extension? real time?

 

Hi, Double: :)

 

In addition to what JLG advised, it sounds from what you describe as if MBAM IP-blocking is doing its job.

 

Thanks,

 

daledoc1

 

P.S. You mentioned that you ran MBAM scan in Safe Mode. That's not how it was designed to work. It's best run in normal Windows mode. Safe mode scanning is only for use if it cannot run normally because of severe infection. In that case, there are other tools, such as Chameleon, that can be used to run it. <just sayin'>

Thanks, I'll keep that advice in mind.. but it's hard to believe it was designed to be run that way only.

 

Ever since I got caught up in the Internet Security 2010 malware years ago, it sorta conditioned myself to enter safemode by default. I laugh at the infection now, but it was scary back then. I should also mention that in the past, I have found additional infections in safemode that otherwise would not have been found in normal Windows.

Link to post
Share on other sites

Hi:
 

Thanks, I'll keep that advice in mind.. but it's hard to believe it was designed to be run that way only.

 
Hard to believe, but true. :)
Works best with all drivers loaded on the system boot drive:

Unless otherwise directed always run MBAM in normal mode. MBAM is not designed to find all infections when in safe mode. Safe mode will not always load all infection components. If our software will not run in normal mode, even using Chameleon, then you can try safe mode. If MBAM still fails to run or you require further assistance then please submit a request via the webform below:


Should I scan with Malwarebytes Anti-Malware in Safe Mode?

 

Again, especially with the new Chameleon technology, scanning in Windows safe mode isn't as useful or necessary now.

 

But I'll defer to staff to elaborate further.

 

Cheers,

daledoc1

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.