Repetitive blocks to same IP address
Posted 26 April 2013 - 09:28 AM
am new to using malwarebytes and had a quick question... Malwarebytes keeps notifiying that a particular IP address was blocked... If the IP address was blocked initially, why does it keep notifying that the same IP address is being blocked, over and over? see eg below...
2013/04/23 11:00:53 -0400 IP-BLOCK 184.108.40.206 (Type: incoming)
2013/04/23 11:00:55 -0400 IP-BLOCK 220.127.116.11 (Type: incoming)
2013/04/23 11:01:01 -0400 IP-BLOCK 18.104.22.168 (Type: incoming)
2013/04/23 11:01:13 -0400 IP-BLOCK 22.214.171.124 (Type: incoming)
2013/04/23 11:01:19 -0400 IP-BLOCK 126.96.36.199 (Type: incoming)
2013/04/23 11:01:22 -0400 IP-BLOCK 188.8.131.52 (Type: incoming)
2013/04/23 11:01:25 -0400 IP-BLOCK 184.108.40.206 (Type: incoming)
In addition, is there somewhere we can set the maximum size of these logfiles?
Posted 26 April 2013 - 09:36 AM
ANSWER TO QUESTION 1:
IP blocks can indicate a number of things:
- They could indicate that MBAM is doing its job of blocking bad content on websites.
- They can also occur when running Skype and certain P2P programs, such as torrents.. For example, please see this help desk topic about Skype and this one about P2P.
- In some cases the blocks are a false positive.
- However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.
On the other hand, if you think the IP blocks might be a false positive, then please read this sticky topic before starting a new topic in the False Positives forum.
Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please select from the assistance options in this sticky topic: Available Assistance for Possibly Infected Computers A qualified malware expert will help you to scan your computer for infections and to remove the malware.
ANSWER TO QUESTION 2
The log files are not very large so they should not consume too much space. That being said, I do not believe there is a setting for the max size that your looking for.
Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE
Posted 26 April 2013 - 10:38 AM
Perhaps I should have provided some more information... This is an email server... so there'd be no skype or P2P programs running on it... These are INCOMING SMTP connections not outbound connections... In addition, the log files consumed over 3GB of space over a 3 day period... the logfiles are so big that they cannot be opened in notepad... and take forever to load up.. today's logfile so far is 777mb... Again, blocking the same IP's over and over... So my question again is are the IP's actually being blocked? and if so, why does mbam continuously block the same IP address? The IP address in my sample message is repeatedly being blocked...leading me to believe it's not really being blocked... I've checked on where it's coming in from and by experience these countries are known hacker, viral, spam havens... https://apps.db.ripe...h#resultsAnchor
Posted 26 April 2013 - 12:02 PM
Posted 26 April 2013 - 03:06 PM
There really is not anything we can do at this time to resolve it. The protection module itself should work okay but the IP blocker would need to be disabled if you wanted to continue to use the product.
Posted 29 April 2013 - 11:07 AM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users