Jump to content

Repetitive blocks to same IP address


Recommended Posts

Hi...

am new to using malwarebytes and had a quick question... Malwarebytes keeps notifiying that a particular IP address was blocked... If the IP address was blocked initially, why does it keep notifying that the same IP address is being blocked, over and over? see eg below...

2013/04/23 11:00:53 -0400 IP-BLOCK 83.167.224.197 (Type: incoming)

2013/04/23 11:00:55 -0400 IP-BLOCK 83.167.224.197 (Type: incoming)

2013/04/23 11:01:01 -0400 IP-BLOCK 83.167.224.197 (Type: incoming)

2013/04/23 11:01:13 -0400 IP-BLOCK 83.167.224.197 (Type: incoming)

2013/04/23 11:01:19 -0400 IP-BLOCK 83.167.224.197 (Type: incoming)

2013/04/23 11:01:22 -0400 IP-BLOCK 83.167.224.197 (Type: incoming)

2013/04/23 11:01:25 -0400 IP-BLOCK 83.167.224.197 (Type: incoming)

In addition, is there somewhere we can set the maximum size of these logfiles?

Link to post
Share on other sites

Hello and :welcome:

ANSWER TO QUESTION 1:

IP blocks can indicate a number of things:

  • They could indicate that MBAM is doing its job of blocking bad content on websites.

  • In some cases the blocks are a false positive.

  • However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.

==> There is more information about the IP blocking module in the FAQ - Section G (and in the Helpdesk topics HERE and HERE). They also contain instructions on how to determine what process might be trying to make the connections. You may also research the IP in question at www.ip-lookup.net or a similar site.

On the other hand, if you think the IP blocks might be a false positive, then please read this sticky topic before starting a new topic in the False Positives forum.

Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please select from the assistance options in this sticky topic: Available Assistance for Possibly Infected Computers A qualified malware expert will help you to scan your computer for infections and to remove the malware.

ANSWER TO QUESTION 2

The log files are not very large so they should not consume too much space. That being said, I do not believe there is a setting for the max size that your looking for.

Thanks!

Link to post
Share on other sites

Hi...thanks for your response...

Perhaps I should have provided some more information... This is an email server... so there'd be no skype or P2P programs running on it... These are INCOMING SMTP connections not outbound connections... In addition, the log files consumed over 3GB of space over a 3 day period... the logfiles are so big that they cannot be opened in notepad... and take forever to load up.. today's logfile so far is 777mb... Again, blocking the same IP's over and over... So my question again is are the IP's actually being blocked? and if so, why does mbam continuously block the same IP address? The IP address in my sample message is repeatedly being blocked...leading me to believe it's not really being blocked... I've checked on where it's coming in from and by experience these countries are known hacker, viral, spam havens... https://apps.db.ripe.net/search/query.html?searchtext=+83.167.224.197&search%3AdoSearch=Search#resultsAnchor

Link to post
Share on other sites

  • Root Admin

Yes the issue though is that it is Server 2003. Unfortunately there are plenty of users that are able to run MBAM on Server 2003 but there are some that have the same issue you describe.

There really is not anything we can do at this time to resolve it. The protection module itself should work okay but the IP blocker would need to be disabled if you wanted to continue to use the product.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.