Jump to content

199.27.135.184 & 141.101.124.185


daledoc1

Recommended Posts

Hi:

For past few days, getting occasional (few times per day) IP blocks to the same 2 IPs.

Yesterday and early this AM, I had Firefox 11 open to THIS website (MBAM forums) & to my home page (www.huffingtonpost.com):

199.27.135.184 (port 59615, process avp.exe)

141.101.124.185 (port 59617, process avp.exe)

I assumed it might be some ad content on huffpost, even though I run ABP and NoScript.

Just now, the only browser tab open was this MBAM forums page, so that eliminates huffpost as the source:

199.27.135.184 (port 58894, process avp.exe)

141.101.124.185 (port 589946, process avp.exe)

Blocks do not occur without browsers open, and have only started within the past day or so.

I can have a tab open for this website for several hours without a block occurring.

I noticed a similar block on my laptop a few days ago on the same sites, but assumed at the time it was also ad content on huffpost.

I have not powered up the system in a few days to re-evaluate if it's the same IPs.

Scans with MBAM, KIS2012 and SAS are all clean.

No symptoms of infection.

Both rigs are fully patched.

No new software or firefox extensions.

I am behind a hardware firewall, as well.

Will fire up the laptop to see if it's the same detections/blocks.

Please advise.

Thanks!

daledoc1

protection-log-2012-04-12.txt

protection-log-2012-04-13.txt

Link to post
Share on other sites

Ahhh, now I (think I) understand. :blink:

Or, as they used to say: "I see," said the blind (wo)man, as (s)he picked up his/her hammer and SAW! :lol:

I hadn't been following all those "CloudFlare" FP threads.

Oddest thing, though, is that I'm pretty sure at least one of the times I got the block, the ONLY tab/site I had loaded was the MBAM forum page.

Well, I'll see what the helpdesk says when they review my scan logs.

Thanks for your time and expertise and patience!

daledoc1

Link to post
Share on other sites

I just received the same IP block though Firefox:

141.101.124.185 (Type: outgoing, Port: 50869, Process: firefox.exe)

199.27.135.184 (Type: outgoing, Port: 50870, Process: firefox.exe)

These showed up with only Facebook & Cracked open at the time.

I also had a third one that I've found through a quick check:

184.82.146.118 (Type: outgoing, Port: 65506, Process: firefox.exe)

I've seen them show up before, but just now thought to check on it.

For what it's worth, I'm running Windows 7, & using Firefox with Adblock Plus. I'm on a Sony computer & haven't taken the time to remove all of the default Sony software yet.

Link to post
Share on other sites

You are probably running Adblock and are using Fanboy's list as one of your filters. Adblock is attempting to update the list which is causing the response by mbam. Until this is sorted out, I would suggest using a different filter.

Hello and welcome, sperril:

Yes, I think you may be on to something!

Yes, I do run ABP with Fanboy's filter list as one of my subscriptions in Fx on both my rigs.

Although neither Fx nor my extensions themselves are configured to auto-update, I suspect you might be correct and ABP is trying to phone home to update the filters (in this case, Fanboy's list).

This would also explain the highly intermittent nature of the block (no more than a few times in 24 hours), why it seems not to matter what website is loaded, and why even Chrome users are experiencing this (I think there is an ABP extension for Chrome)?

All scans on both computers are clean and there are no other suggestions of infection.

Moreover, this all started with the CloudFlare "issue" a week or so ago.

I hope this might be the key our MBAM pros need to unravel and resolve this.

Thanks!

daledoc1

Link to post
Share on other sites

Hello and welcome, sperril:

Yes, I think you may be on to something!

Yes, I do run ABP with Fanboy's filter list as one of my subscriptions in Fx on both my rigs.

Although neither Fx nor my extensions themselves are configured to auto-update, I suspect you might be correct and ABP is trying to phone home to update the filters (in this case, Fanboy's list).

This would also explain the highly intermittent nature of the block (no more than a few times in 24 hours), why it seems not to matter what website is loaded, and why even Chrome users are experiencing this (I think there is an ABP extension for Chrome)?

All scans on both computers are clean and there are no other suggestions of infection.

Moreover, this all started with the CloudFlare "issue" a week or so ago.

I hope this might be the key our MBAM pros need to unravel and resolve this.

Thanks!

daledoc1

You can, of course, verify this by performing a manual update of your adblock filters and check to see how mbam responds.

With your brower's pane selected, use Ctrl-Shift-F to open up your filters list. From the "actions" dropdown next to your filter, select "update filters." Then see how mbam responds. You may also note that the filter list shows the last download and the results of the last update attempt. Failed downloads are a good sign that something is getting blocked.

Link to post
Share on other sites

Just a note guys. Fanboy's filter is the cause of the alerts, for those using it, but it's not the cause of the blocks being in place in the first place. That's an entirely different and unrelated, issue.

Link to post
Share on other sites

Just a note guys. Fanboy's filter is the cause of the alerts, for those using it, but it's not the cause of the blocks being in place in the first place. That's an entirely different and unrelated, issue.

Right on. I guess I should have made that more clear. Nothing wrong at all with Fanboy's filter.

The problem is that the update attempts are going through Cloudflare.

And thanks for sticking to your guns on this issue.

Link to post
Share on other sites

I see!

So, if I understand all of this correctly, until the CF issue is resolved, we need to proceed with one of several options:

1) Ignore the IP blocks for now; or

2) Disable Fanboy's list in ABP for now; or

3) Turn off auto-updating in ABP (which I think might disable auto-updating of the other filter subscriptions?); or

4) Unsubscribe from Fanboy's list in ABP for now (resubscribe after the CF issue is resolved)?

Thanks all,

daledoc1 (relieved that "problem is not with your TV set", as they used to say :D )

post-29793-0-21537700-1334604073.png

Link to post
Share on other sites

Update:

Well, I tried merely disabling the Fanboy filter sub within ABP in Fx.

However, when I powered up my desktop system today, shortly after opening Fx to my home page, I got another block at the same IPs as previously.

When I checked in Fx -> ABP -> options, sure enough, not only had the Easy List (successfully) updated, but Fanboy's list had made an unsuccessful update attempt with a time stamp that matches the IP block.

UGH.

So, I have uninstalled the Fanboy list & will stick with the other filter subscription for now, until this CF issue is sorted.

I can certainly tolerate the occasional IP block, since I know the origin thereof.

It is, however rather annoying.

I sure hope Fanboy will consider moving from CF or finding another suitable solution.

Fingers crossed,

daledoc1

Link to post
Share on other sites

Just a note folks, the blocks have been temporarily removed, at least until the report is finished.

Thanks, MysteryFCM:

I had already uninstalled the FB filter list from ABP in both Fx and TB on both my rigs.

(That halted the IP blocks, even before you removed the block.)

I guess I'll wait a while longer for the dust to settle before resubscribing to Fanboy's filter subscription.

Thanks VERY MUCH for your time and effort to get this sorted,

daledoc1

Link to post
Share on other sites

I get the same issue everytime I open the Chrome browser without selecting anything else. As you said, it started a few days ago. Thanks

I just tonight saw your reply...removed ABP and it's gone. Only happened on Chrome browser but none the less, I feel embarrassed for not trying that sooner. Hey...thanks for the help. RR

Link to post
Share on other sites

I just tonight saw your reply...removed ABP and it's gone.

Hi, Rompin Raider:

Unless I misunderstand the entire process...

... There's no need to uninstall ABP altogether.

It was only the one filter sub (Fanboy's List) -- or more correctly, its updating process via CloudFlare -- that was causing the IP block issue.

So, ABP with other filter lists (Easy List, Adversity, etc) was and continues to be fine, as far as I can tell.

Moreover, now that the block has been removed, it appears that one could now resubscribe to Fanboy's list, if one wants, and not see the blocks.

(I have not yet resubscribed to Fanboy's filter, but I am still running ABP in both Fx and Thunderbird, with no IP blocks. I don't use Chrome, but I assume the same would be the case there, as well.)

I'm sure MysteryFCM will set me straight, if I am incorrect on this. :)

Cheers,

daledoc1

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.