Jump to content


Photo

Repetitive blocks to same IP address


  • This topic is locked This topic is locked
6 replies to this topic

#1 mia11691

mia11691

    New Member

  • Members
  • Pip
  • 4 posts

Posted 26 April 2013 - 09:28 AM

Hi...

am new to using malwarebytes and had a quick question... Malwarebytes keeps notifiying that a particular IP address was blocked... If the IP address was blocked initially, why does it keep notifying that the same IP address is being blocked, over and over? see eg below...

2013/04/23 11:00:53 -0400 IP-BLOCK 83.167.224.197 (Type: incoming)
2013/04/23 11:00:55 -0400 IP-BLOCK 83.167.224.197 (Type: incoming)
2013/04/23 11:01:01 -0400 IP-BLOCK 83.167.224.197 (Type: incoming)
2013/04/23 11:01:13 -0400 IP-BLOCK 83.167.224.197 (Type: incoming)
2013/04/23 11:01:19 -0400 IP-BLOCK 83.167.224.197 (Type: incoming)
2013/04/23 11:01:22 -0400 IP-BLOCK 83.167.224.197 (Type: incoming)
2013/04/23 11:01:25 -0400 IP-BLOCK 83.167.224.197 (Type: incoming)

In addition, is there somewhere we can set the maximum size of these logfiles?

#2 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,014 posts
  • Gender:Male
  • Location:USA

Posted 26 April 2013 - 09:36 AM

Hello and :welcome:

ANSWER TO QUESTION 1:

IP blocks can indicate a number of things:
  • They could indicate that MBAM is doing its job of blocking bad content on websites.
  • In some cases the blocks are a false positive.
  • However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.
==> There is more information about the IP blocking module in the FAQ - Section G (and in the Helpdesk topics HERE and HERE). They also contain instructions on how to determine what process might be trying to make the connections. You may also research the IP in question at www.ip-lookup.net or a similar site.

On the other hand, if you think the IP blocks might be a false positive, then please read this sticky topic before starting a new topic in the False Positives forum.

Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please select from the assistance options in this sticky topic: Available Assistance for Possibly Infected Computers A qualified malware expert will help you to scan your computer for infections and to remove the malware.

ANSWER TO QUESTION 2

The log files are not very large so they should not consume too much space. That being said, I do not believe there is a setting for the max size that your looking for.

Thanks!

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#3 mia11691

mia11691

    New Member

  • Members
  • Pip
  • 4 posts

Posted 26 April 2013 - 10:38 AM

Hi...thanks for your response...

Perhaps I should have provided some more information... This is an email server... so there'd be no skype or P2P programs running on it... These are INCOMING SMTP connections not outbound connections... In addition, the log files consumed over 3GB of space over a 3 day period... the logfiles are so big that they cannot be opened in notepad... and take forever to load up.. today's logfile so far is 777mb... Again, blocking the same IP's over and over... So my question again is are the IP's actually being blocked? and if so, why does mbam continuously block the same IP address? The IP address in my sample message is repeatedly being blocked...leading me to believe it's not really being blocked... I've checked on where it's coming in from and by experience these countries are known hacker, viral, spam havens... https://apps.db.ripe...h#resultsAnchor

#4 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,107 posts
  • Gender:Male
  • Location:US

Posted 26 April 2013 - 11:47 AM

Is this a Windows Server 2003 R2 system?

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#5 mia11691

mia11691

    New Member

  • Members
  • Pip
  • 4 posts

Posted 26 April 2013 - 12:02 PM

No it's Microsoft® Windows® Server 2003, Standard Edition SP2..

#6 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,107 posts
  • Gender:Male
  • Location:US

Posted 26 April 2013 - 03:06 PM

Yes the issue though is that it is Server 2003. Unfortunately there are plenty of users that are able to run MBAM on Server 2003 but there are some that have the same issue you describe.

There really is not anything we can do at this time to resolve it. The protection module itself should work okay but the IP blocker would need to be disabled if you wanted to continue to use the product.

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#7 mia11691

mia11691

    New Member

  • Members
  • Pip
  • 4 posts

Posted 29 April 2013 - 11:07 AM

Oh dear... I suppose I'll have to uninstall and find another product... tx!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users