+- Support Forums (https://www.supportforums.net)
+-- Forum: Support Forum Information (https://www.supportforums.net/forumdisplay.php?fid=1)
+--- Forum: Site News and Feedback (https://www.supportforums.net/forumdisplay.php?fid=2)
+--- Thread: Malwarebytes dont like SF? (/showthread.php?tid=25948)
Malwarebytes dont like SF? - DAMINK™ - 04-13-2012
![[Image: 13343087916734_support-forums.png]](http://www.ftw.net.au/fileuploads3/13343087916734_support-forums.png)
Been getting this a lot lately. Any reason Omni?
RE: Malwarebytes dont like SF? - Cronus - 04-13-2012
Malwarebytes blocks every outgoing process for me. It doesn't block the site, though.
RE: Malwarebytes dont like SF? - DAMINK™ - 04-13-2012
Might just be something to do with cloudflare again?
![[Image: 13343153006883_cloudflare.png]](http://www.ftw.net.au/fileuploads3/13343153006883_cloudflare.png)
RE: Malwarebytes dont like SF? - Peter L - 04-13-2012
The error message is clear...you are trying to visit the site via the IP, not the domain.
RE: Malwarebytes dont like SF? - DAMINK™ - 04-13-2012
(04-13-2012, 05:12 AM)Peter L Wrote: The error message is clear...you are trying to visit the site via the IP, not the domain.
Sheez man. No kidding.
My point was obviously not clear.
First post shows malware yes?
So i simply went to the ip address. Sure its protected by that stupid cloudflare which got me to thinking perhaps its cloudflare that is giving me the malware warning.
RE: Malwarebytes dont like SF? - Cronus - 04-13-2012
It's not a malware. It's an outgoing process, which is blocked by MBAM. Cloudflare is blocking the access using an IP, because Omni made it so you can't access the IP of the website directly using Cloudflare.
RE: Malwarebytes dont like SF? - damoncloudflare - 04-13-2012
Here's basically what is happening & the only interim fix.
Our only recommendation we can make right now is to disable the "malicious website blocking" module in the software http://cl.ly/23260l28330F110Q082c . Here's the problem:
-- Say one site on CloudFlare has an issue (according to Malwarebytes).
-- This site is on CloudFlare's IPs.
-- In addition to that one site being on CloudFlare's IPs, there are also potentially hundreds (or more) sites on those same IPs. If Malwarebytes blocks those ips with their software, they are blocking every site on the CloudFlare network with those IPs (in other words, they are blocking tons of domains because of an issue with one domain).
It doesn't look like this is an issue we can easily resolve with Malwarebytes right now. We have offered to block malware URLs from sites they report an issue with, since we have the capability to do so, but the stance of Malwarebytes is that we have to take down the site. We can't take a site down for two primary reasons:
-- We're not a hosting provider.
-- The site owner may have unknowingly been hacked and is unwittingly distributing malware.
We will continue to see where our discussions with Malwarebytes goes & we hope this will change in the future.
RE: Malwarebytes dont like SF? - Omniscient - 04-13-2012
MWB in my opinions throws a lot of false positive and for that reason should not be run while surfing to protect your traffic. It's a great program to clean your system and that's it.
199.27.135.108 is a Cloudflare IP. And again...that's a MWB false positive.
And damoncloudflare just explained why MWB are idiots.
MWB should be blocking DOMAINS not IPs anyways.
RE: Malwarebytes dont like SF? - damoncloudflare - 04-13-2012
I actually like the guys over there a fair amount (we are, after all, basically doing some similar things to make the web safer). I have also talked to Steve a number of times about issues in the past.
To be honest, however, scoring by IP alone is really not that great in this age (multiple sites on the same ip, etc.). And we have been more than willing to block access to confirmed issues, by url because we can do so, but the stance is somewhat hardline by them. And we have also shared the IP address of a site, when needed, so they can tackle the issue at the hosting level.
We also can't really do any thing about sites that talk about doing something bad (we would have to do things to whitehat hacking sites, for example), largely due to the fact that isn't the same as actually doing something bad.
RE: Malwarebytes dont like SF? - DAMINK™ - 04-14-2012
(04-13-2012, 02:51 PM)Omniscient Wrote: 199.27.135.108 is a Cloudflare IP. And again...that's a MWB false positive.
Would it be safe to say that if you did not have cloudflare running then this error would not happen omni?