Results 1 to 8 of 8
  1. #1
    Newbie
    Join Date
    Oct 2018
    Posts
    3

    Default Blocking a malware distribution website via domain name

    I currently have a pc that's trying to do all it can and connect to two malware websites.

    The sites are. dioarmmonoder.at/ and carforklou.at/ .

    I have something like over 1K emails notifying me that a pc on my network is trying to connect to these sites.

    Untangle is doing fine at blocking. However I would just like to ban the domains. I would do it by ip address. But it seems that the malicious sites rotate their IP addresses. I did go into the persons hosts file and made the domains route to local host. But I'd really like to block it at the firewall.

    What do?

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,478

    Default

    What is the alert you are getting?

    If the alert you are getting is that a malicious site visit has been blocked, you don't need to do anything. Its just alerting you that it is already being blocked.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Oct 2018
    Posts
    3

    Default

    Yes that's the alert i'm getting. Several thousand of them.

    I'm just trying to cut down on the massive wave of emails. If I can just block the sites and not get the alert. I can move on with my day.

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,478

    Default

    Just disable the alert in config > events > alerts.
    http://demo.untangle.com/admin/index.../events/alerts

    (Or set a limit of once per hour or whatever you prefer)
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Newbie
    Join Date
    Oct 2018
    Posts
    3

    Default

    Cool. I'll look into that.

    I also went into the webfilter and in the blocked sites tab added the 2 sites there.

    The alerts have stopped. Seems to have done the trick.

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,478

    Default

    Quote Originally Posted by itsupport@precedentmgmt.c View Post
    Cool. I'll look into that.

    I also went into the webfilter and in the blocked sites tab added the 2 sites there.

    The alerts have stopped. Seems to have done the trick.
    There were already being blocked by the category. Blocking them manually by name just means they'll be blocked before categorization which means the alert won't fire.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,298

    Default

    And go to the desktop pc (or device) with these malware and clean !!!
    Kill the source of the problem, not the alert of the problem
    jcoffin and f1assistance like this.
    The world is divided into 10 kinds of people, who know binary and those not

  8. #8
    Master Untangler f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    867

    Default

    Let's not forget the hosts file on the PC as another simple but lethal weapon in our arsenal of defensive armor...
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2