Blocking IP 213.163.89.106.80 Alert

[Bobbye]

I 've opened three threads today where the member is upset because they are getting an Alert that a site is known to contain fraudulent material, has a bad reputation or has malware and won't load.

This is NOT a redirection. It can come from your security program or browser. (Firefox has a built-in warning that gives the message and prevents the site from loading, Malwarebytes on a system are also doing this warning)

Investigating the IPs for the sites readily indicated what a Domain is and how it's used.

Put in easy to understand language, A redirect takes you to a site you didn't ask for- either you selected the site from the search engine and were taken to a different site, you types a URL in the Address Bar but were taken to a different, unrelated site.

The sites you are redirected to, frequently show a lot of ads tempting you to click on one. Most, if not all of the malware we are seeing interferes with the search feature. If doesn't matter if it's Google or Yahoo. this is not a Google virus- it just happens that most people use Google.

NOTE: the comments above describe a totally different situation than when you get a pop-up saying the system is infected and you should click on something to remove it. This isn't a block or a redirect- it's rogue software.

So:
Block: when a security program warns and prevents loading of a site.
Redirect: when you get something other than the site you requested or clicked on.
Pop-ups warning of infection: rogue antimalware programs.

Know what your antivirus/antimalware program icon looks like. Appreciate it when it displays.
Make your searches as specific as possible. For instance, if you want information on how to replace your hard drive, don't use 'computer' as the search term. Instead use a string like 'replace hard drive on dell computer.

 

[Bobbye]

I have more information on this subject:

If you have the paid version of Malwarebytes, it has an app that will block undesirable sites. The information below will help you find out how to customize this program best for your needs:

Here is a comparison between the paid Mbam and free Mbam:

Malwarebytes' Anti-Malware (MBAM) is a computer application that finds and removes malware.It is available in a free version, which scans for and removes malware when started manually, and a paid version, which provides scheduled scans, real-time protection and a flash memory scanner.

From Mbam support:

The Protection Module has 2 main components:

• 
  [1]. Execution Protection:
• This is the component that runs in the background to block and remove malicious processes when they attempt to run on your PC
  [2]. IP Protection:
• This component is tied to your internet connections and works regardless of what browser you use. It prevents known malicious IP addresses and IP ranges from establishing connections with your PC, whether the connection is initiated from outside your PC (ie a web based attack or hacker) or from a program on your PC, such as an internet browser or any other program

Please see Post #7 beginning with Section G IP Protection Module for instructions and settings, with screenshots, for Mbam: Once you understand how and what the blocking is, you can determine how you want the program set:
FAQ about the IP Protection component located in the FAQ HERE

The blocking of a site by a legitimate security program or by the build-in protection from a browser like Firefox is different than rogue spyware giving you an Alert of an infection and sending you to click on something to remove it.

Learn to tell the difference. The legitimates blocks should be evident and include the program icon or source of the block. Never click on a button that says you need to click it in order to remove the malware. Reboot the computer and run your own, up to date security program.

 

[Bobbye]

I'm moving this to the top again with a new subject: instead of the original Blocking is not Redirecting I have changed to a specific IP. This board if full of threads about getting alerts that some security program has blocked
IP 213.163.89.106.80

The first 4 sets of numbers are a part of the IP. the '80' is the port number. Here's what you need to know:

IP 213.163.89.106 is a site in the Netherlands that is frequently seen in logs for threads complaining of 'redirects'.
Port 80 on a web server is for HTTP or Hypertext Transfer Protocol. The server "listens to" or expects to receive from a Web client. This is the primary port used by the world wide web (www) system.

Malicious software frequently attempts to inhabit this port. If you remember the Code Red and Nimda Worm attacks, you will understand how vulnerable this port is. For that reason, many ISPs now block incoming traffic to this port before it reaches their customers. Blocking incoming traffic to port 80 can be an enforcement of ISP policies as well as a significant boon to end-user security.

But if the ISP does not, you may see a malicious site, such as IP 213.163.89.106 attempting to access a system through Port 80.

So if a security programs blocks a scan from IP 213.163.89.106, it is a good thing. It is protecting the system. But the scans look for unprotected systems and if your system does not have the layers of protection suggested> current, updating antivirus program, bi-directional firewall and at least 2 antimalware programs running, then your system could be hijacked.

This block is not the virus or the malware> there is no 213.163.89.106.80 virus just as there is no Google redirect. Either can be a symptom of malware in the system and it should be checked. But it is important that you understand the difference between a security program alerting you to blocking a site and a malware infection.

This "virus" has now become the new kid on the block. Of the 9 search hits, most are from TechSpot!