1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Blocking IP Alert

By Bobbye
May 22, 2010
  1. I 've opened three threads today where the member is upset because they are getting an Alert that a site is known to contain fraudulent material, has a bad reputation or has malware and won't load.

    This is NOT a redirection. It can come from your security program or browser. (Firefox has a built-in warning that gives the message and prevents the site from loading, Malwarebytes on a system are also doing this warning)

    Investigating the IPs for the sites readily indicated what a Domain is and how it's used.

    Put in easy to understand language, A redirect takes you to a site you didn't ask for- either you selected the site from the search engine and were taken to a different site, you types a URL in the Address Bar but were taken to a different, unrelated site.

    The sites you are redirected to, frequently show a lot of ads tempting you to click on one. Most, if not all of the malware we are seeing interferes with the search feature. If doesn't matter if it's Google or Yahoo. this is not a Google virus- it just happens that most people use Google.

    NOTE: the comments above describe a totally different situation than when you get a pop-up saying the system is infected and you should click on something to remove it. This isn't a block or a redirect- it's rogue software.

    Block: when a security program warns and prevents loading of a site.
    Redirect: when you get something other than the site you requested or clicked on.
    Pop-ups warning of infection: rogue antimalware programs.

    Know what your antivirus/antimalware program icon looks like. Appreciate it when it displays.
    Make your searches as specific as possible. For instance, if you want information on how to replace your hard drive, don't use 'computer' as the search term. Instead use a string like 'replace hard drive on dell computer.
  2. Bobbye

    Bobbye Helper on the Fringe Topic Starter Posts: 16,335   +36

    I have more information on this subject:

    If you have the paid version of Malwarebytes, it has an app that will block undesirable sites. The information below will help you find out how to customize this program best for your needs:

    Here is a comparison between the paid Mbam and free Mbam:
    From Mbam support:
    Please see Post #7 beginning with Section G IP Protection Module for instructions and settings, with screenshots, for Mbam: Once you understand how and what the blocking is, you can determine how you want the program set:
    FAQ about the IP Protection component located in the FAQ HERE

    The blocking of a site by a legitimate security program or by the build-in protection from a browser like Firefox is different than rogue spyware giving you an Alert of an infection and sending you to click on something to remove it.

    Learn to tell the difference. The legitimates blocks should be evident and include the program icon or source of the block. Never click on a button that says you need to click it in order to remove the malware. Reboot the computer and run your own, up to date security program.
  3. Bobbye

    Bobbye Helper on the Fringe Topic Starter Posts: 16,335   +36

    I'm moving this to the top again with a new subject: instead of the original Blocking is not Redirecting I have changed to a specific IP. This board if full of threads about getting alerts that some security program has blocked

    The first 4 sets of numbers are a part of the IP. the '80' is the port number. Here's what you need to know:

    IP is a site in the Netherlands that is frequently seen in logs for threads complaining of 'redirects'.
    Port 80 on a web server is for HTTP or Hypertext Transfer Protocol. The server "listens to" or expects to receive from a Web client. This is the primary port used by the world wide web (www) system.

    Malicious software frequently attempts to inhabit this port. If you remember the Code Red and Nimda Worm attacks, you will understand how vulnerable this port is. For that reason, many ISPs now block incoming traffic to this port before it reaches their customers. Blocking incoming traffic to port 80 can be an enforcement of ISP policies as well as a significant boon to end-user security.

    But if the ISP does not, you may see a malicious site, such as IP attempting to access a system through Port 80.

    So if a security programs blocks a scan from IP, it is a good thing. It is protecting the system. But the scans look for unprotected systems and if your system does not have the layers of protection suggested> current, updating antivirus program, bi-directional firewall and at least 2 antimalware programs running, then your system could be hijacked.

    This block is not the virus or the malware> there is no virus just as there is no Google redirect. Either can be a symptom of malware in the system and it should be checked. But it is important that you understand the difference between a security program alerting you to blocking a site and a malware infection.

    This "virus" has now become the new kid on the block. Of the 9 search hits, most are from TechSpot!
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...