Elise

91.215.158.80 false positive?

54 posts in this topic

I'm planning on finishing this particular case up today (as mentioned previously, this isn't the only case I'm working on - there's well over 3,000 others).

Share this post


Link to post
Share on other sites

I'm planning on finishing this particular case up today (as mentioned previously, this isn't the only case I'm working on - there's well over 3,000 others).

Hmmm.... We are 3 days later and nothing has been changed. Not at all.

Share this post


Link to post
Share on other sites

That's correct. The host/ASN have just been sent a list of items still needing suspended/cleaned before I'll be prepared to remove the block.

Share this post


Link to post
Share on other sites

My Name is Jorge Catena and I own DowntownHost LLC, which is one of the companies in question here.

Malwarebytes ask us to remove some sites (abandoned spammed blogs , /according to malwarebytes and don't know how they know) fake med sites or forums not even hosted in our server but with the domain pointing to it), even they ask us to remove sites which have problems with clickbank in order of get the IP block released, we wont tolerate nor we are going to accomplish with such extorsive request. Unfortunately for those who use the software, that IP is going to be blocked according to Steven Burn which works for Malwarebytes.

Just wanted to say our side of the history.

Share this post


Link to post
Share on other sites

By the way, the sites with malwares were already cleaned and we are closing sites selling Counterfeit, but for what I was told, that's not enough and they require to remove the other sites too.

Share this post


Link to post
Share on other sites

I'm surprised that MBAM does not only block exploit websites (actually not website but IP address/ IP ranges with a couple hundred/ thousand website)

but also website with suspicious content (who can take such a role to decide what is good content and what not) - without any exploit.

And the websites that supposedly cheats Clickbank or whatever - that's are again website without exploit?

I'm seriously thinking about dropping of using MBAM because of very bizarre dealing with supposedly exploits and

about the way that websites are blocked (option "website blocking" should be renamed to "IP address" blocking.

You block actually not website but you block IP addresses with thousand websites).

:angry: :angry:

Share this post


Link to post
Share on other sites

Actually, to put the story straight, the issues with Clickbank wouldn't have kept the IP blocked (indeed, nor would the splogs if they'd only been linking to non-harmful content) - the rest of it however, does.

Those for example, heavily spammed, isn't just spam linking to the odd fraud - it's spam linking to everything else, and isn't just one or two posts or one site - the guy has several sites, all of which have the same issues. You're the one that has refused to do anything about it (and FYI, the domains resolve to your IP, there isn't a redirect anywhere else - you claimed the content is pulled from elsewhere server-side, not client-side, which makes it YOUR problem as well as wherever it is being pulled from).

As for your refusal to deal with it (and given the content of your other IPs, I wasn't surprised at your refusal ......), I've already escalated the cases to your upstream, so will be letting them and LE handle it (little hint: your host is on a Leaseweb IP range - and they do not permit fake meds for example).

Share this post


Link to post
Share on other sites

I'm surprised that MBAM does not only block exploit websites (actually not website but IP address/ IP ranges with a couple hundred/ thousand website)

but also website with suspicious content (who can take such a role to decide what is good content and what not) - without any exploit.

And the websites that supposedly cheats Clickbank or whatever - that's are again website without exploit?

Clickbank issues aren't the cause for the block, and never have been, nor would they ever be.

As for the rest, had it only been a single domain at issue on a shared server, or less domains than actual "legit" domains, it wouldn't have been blocked. It's the volume of domains with issues out-numbering the legit domains, that are the cause for the block.

This particular IP is going to be continued to be blocked due not only to the domains with issues, but the hosts point blank refusal to deal with such.

Share this post


Link to post
Share on other sites

Actually, to put the story straight, the issues with Clickbank wouldn't have kept the IP blocked (indeed, nor would the splogs if they'd only been linking to non-harmful content) - the rest of it however, does.

Those for example, heavily spammed, isn't just spam linking to the odd fraud - it's spam linking to everything else, and isn't just one or two posts or one site - the guy has several sites, all of which have the same issues. You're the one that has refused to do anything about it (and FYI, the domains resolve to your IP, there isn't a redirect anywhere else - you claimed the content is pulled from elsewhere server-side, not client-side, which makes it YOUR problem as well as wherever it is being pulled from).

I really don't care if there's one link or 1 million of post spamming in a forum, I wont ask to the account owner to close the forum because of that, and you have no right to request it either.

As for your refusal to deal with it (and given the content of your other IPs, I wasn't surprised at your refusal ......), I've already escalated the cases to your upstream, so will be letting them and LE handle it (little hint: your host is on a Leaseweb IP range - and they do not permit fake meds for example).

Actually, you are lying here and you do it on your next message too, I refuse to remove contents of a customer want to keep on the server that are not illegal nor violate anything of our TOS. You don't enforce our TOS we do it.

Share this post


Link to post
Share on other sites

Clickbank issues aren't the cause for the block, and never have been, nor would they ever be.

As for the rest, had it only been a single domain at issue on a shared server, or less domains than actual "legit" domains, it wouldn't have been blocked. It's the volume of domains with issues out-numbering the legit domains, that are the cause for the block.

This particular IP is going to be continued to be blocked due not only to the domains with issues, but the hosts point blank refusal to deal with such.

Another example of you lying, saying that there are more "unlawful" than "legit" is completely untrue. The number of domains that you accuse as "unlawful" is about the 10% of the domains, however, most of them are those kind of sites on where you think to have the right to tell to what content a site should have even if it does violate any law.

Share this post


Link to post
Share on other sites

I really don't care if there's one link or 1 million of post spamming in a forum, I wont ask to the account owner to close the forum because of that, and you have no right to request it either.

I asked you to get it cleaned or suspended - there's a difference.

Actually, you are lying here and you do it on your next message too, I refuse to remove contents of a customer want to keep on the server that are not illegal nor violate anything of our TOS. You don't enforce our TOS we do it.

How am I lying? I asked you to take action, you refused - plain and simple.

Share this post


Link to post
Share on other sites

Another example of you lying, saying that there are more "unlawful" than "legit" is completely untrue. The number of domains that you accuse as "unlawful" is about the 10% of the domains, however, most of them are those kind of sites on where you think to have the right to tell to what content a site should have even if it does violate any law.

Errr no, think you'll find I'm not. I didn't mention unlawful. I said the list of sites needed dealt with. I deliberately didn't say how they needed dealt with, due to some simply needing cleaned (i.e. those heavily spammed). I also deliberately didn't bother sending you the list of splogs, as I knew you wouldn't deal with those (there were 78 splogs alone).

Share this post


Link to post
Share on other sites

With specific regard to those heavily spammed, I believe I've identified where the confusion came from;

* Due to the sheer number of domains involved, I suspect the owner of the sites is actually fully aware of the activities, so would appreciate their termination rather than clean-up

My apologies for the confusion on this one

Share this post


Link to post
Share on other sites

I asked you to get it cleaned or suspended - there's a difference.

So? I don't really care, you can't nor should ask to a host to clean a forum or suspend the account, is just an abandoned forum with spam links, big deal.

How am I lying? I asked you to take action, you refused - plain and simple.

I refused to remove sites that are not illegal, I did took actions with countefied sites and with sites with malware, that's how you are lying.

Share this post


Link to post
Share on other sites

Errr no, think you'll find I'm not. I didn't mention unlawful. I said the list of sites needed dealt with. I deliberately didn't say how they needed dealt with, due to some simply needing cleaned (i.e. those heavily spammed). I also deliberately didn't bother sending you the list of splogs, as I knew you wouldn't deal with those (there were 78 splogs alone).

No, I wont find you are not, I have full access to the server, you don't, you are even asked that I clean a forum that I already told you that's not hosted in our server, there's a mod_rewrite redirect to a URL that I already told you and that you can check that is not in our server, besides of that, in over 10 years in this industry is the first that that I have to ran accross of somebody telling us that we have to clean or suspend a forum because there's spam on it, really ridiculous.

Besides that I really don't know who you think to are to request that we remove splogs, no, I wont remove them, nor will request to the owners to do it.

Share this post


Link to post
Share on other sites

So? I don't really care, you can't nor should ask to a host to clean a forum or suspend the account, is just an abandoned forum with spam links, big deal.

Big deal? Really? So if the spammers were to post links to CP, you'd still not have a problem with it?

I refused to remove sites that are not illegal, I did took actions with countefied sites and with sites with malware, that's how you are lying.

For a start, I've just spot checked a couple of the counterfeit sites and they're still there, so you've evidently not suspended them all.

I also didn't lie. I didn't say you've not taken action on the site that had the exploit - I said you've refused to take action on those last sent to you. It doesn't matter whether you've only refused to take action on some and not others - fact is, you've refused to take action on sites reported to you as needing action taken, whether that's just a cleanup or suspension.

Share this post


Link to post
Share on other sites

No, I wont find you are not, I have full access to the server, you don't, you are even asked that I clean a forum that I already told you that's not hosted in our server, there's a mod_rewrite redirect to a URL that I already told you and that you can check that is not in our server, besides of that, in over 10 years in this industry is the first that that I have to ran accross of somebody telling us that we have to clean or suspend a forum because there's spam on it, really ridiculous.

Besides that I really don't know who you think to are to request that we remove splogs, no, I wont remove them, nor will request to the owners to do it.

I know you won't remove the splogs, which is why I didn't bother including them in my last report - you'd already made your stance on them clear in your first reply regarding them.

As for the mod_rewrite, had the redirect been "visible" as it were, then it would be a different matter, but as it's not, the domain and content appear on your IP - plain and simple, which is why I asked you to deal with it, even if that had just been having your client remove the spam/forum/etc. Had it only been a small amount, it wouldn't have been an issue.

Share this post


Link to post
Share on other sites

Interesting, I just spot checked one of the heavily spammed sites, and notice you've had a change of heart - it's now showing suspended;

http://admin-portal.com -> /cgi-sys/suspendedpage.cgi

Share this post


Link to post
Share on other sites

I know you won't remove the splogs, which is why I didn't bother including them in my last report - you'd already made your stance on them clear in your first reply regarding them.

As for the mod_rewrite, had the redirect been "visible" as it were, then it would be a different matter, but as it's not, the domain and content appear on your IP - plain and simple, which is why I asked you to deal with it, even if that had just been having your client remove the spam/forum/etc. Had it only been a small amount, it wouldn't have been an issue.

I told you where that forum is located, deal with them, on our server there's only a mod_Rewrite/PHP redirect.

Share this post


Link to post
Share on other sites

Big deal? Really? So if the spammers were to post links to CP, you'd still not have a problem with it?

Of course that I do care about illegal activities, are you blind? or you can't read?

For a start, I've just spot checked a couple of the counterfeit sites and they're still there, so you've evidently not suspended them all.

I gave 24 hours to the accounts owners to remove the contents reported today, so, once again you show that you talk about things that you don't know

I also didn't lie. I didn't say you've not taken action on the site that had the exploit - I said you've refused to take action on those last sent to you. It doesn't matter whether you've only refused to take action on some and not others - fact is, you've refused to take action on sites reported to you as needing action taken, whether that's just a cleanup or suspension.

You do lie, when I told you that I'll take actions with the illegal sites, but I wont remove forums posts, nor will close splogs. When you say a partial true, you LIE.

Share this post


Link to post
Share on other sites

Interesting, I just spot checked one of the heavily spammed sites, and notice you've had a change of heart - it's now showing suspended;

http://admin-portal.com -> /cgi-sys/suspendedpage.cgi

It was suspended for another reason, not for your request nor for anything that you have reported about that account.

Share this post


Link to post
Share on other sites

Of course that I do care about illegal activities, are you blind? or you can't read?

You said "big deal" as far as the spam, so no, I'm not blind.

I gave 24 hours to the accounts owners to remove the contents reported today, so, once again you show that you talk about things that you don't know

I don't do mind reading, so unless you actually tell me that, I'm not to know otherwise.

You do lie, when I told you that I'll take actions with the illegal sites, but I wont remove forums posts, nor will close splogs. When you say a partial true, you LIE.

Errr no, it's not partial truth at all.

Share this post


Link to post
Share on other sites

It was suspended for another reason, not for your request nor for anything that you have reported about that account.

One heck of a coincidence .....

Share this post


Link to post
Share on other sites

As those heavily spammed are now suspended, I'm satisfied the level of badness is less than the amount of legit sites, so will get the block removed.

Share this post


Link to post
Share on other sites

I was checking your list of today, and there are so many misreports, as example, you report http://vestidomodas.com/ as a Counterfeit site, and there's nothing wrong there, juxtaposing.com as a fake meds site, and is a web designing firm, sikot.com have a CLEAR HTHML redirect to a remote site. I didn't checked all them, will do it now, but in a first look it did saw this 3 examples.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.