Malwarebytes Removes IP Address from Blocklist
How to Remove Your IP Address From Malwarebytes Block List Quickly
Anyone whose used Malwarebytes Premium for any length of time can tell you that Malwarebytes does an excellent job staying up to date on current threats and protecting your computer from those threats. Unfortunately, that security comes with a downside and that downside is false positives. False positives occur when Malwarebytes misidentifies something as a threat. This happened to me recently. I had rented a new server and when I tried to login via Windows Remote Desktop the action was blocked by Malwarebytes and a trojan warning was displayed. Knowing that the warning was probably the result of a previous tenant abusing that server, I added the IP address to my Allow List and was able to migrate my sites successfully.
A little over a week after the migration was finished I was informed by a user that they could not access one of the sites due to a trojan warning from Malwarebytes. This was a surprise to me because I did not realize that the block applied to websites on the server as well and I thought Malwarebytes would be more up to date. I verified the problem by removing the IP address from my Allow List and trying to access the website. My attempt was blocked due to a trojan according to Malwarebytes. My attention then turned to getting that IP address declared safe and removed from the blocklist as soon as possible.
To my pleasant surprise, I found a way to get the IP address cleared quickly. I created a post on the Malwarebytes forum which read as follows:
"I rented a new VPS on 3/8 and had to add the IP address (220.127.116.11) to my ignore list just to login an start migrating websites to it. Today learned that anyone trying to visit any site at that IP address is still getting blocked by Malwarebytes and receiving a trojan warning. When I logged into it via Windows Remote Desktop the first time I could tell it was a fresh installation of Windows Server 2019 DC, so obviously the trojan warning must be due to the last customer using that IP hosting a trojan. How do I get my IP removed from the Malwarebytes blacklist?"
A Malwarebytes staff member replied in less than an hour saying "Hello, thanks for bringing this to our attention. We've reviewed the IP again and have determined it no longer warrants being blocked so we've removed it from our database. Removal should be reflected in the next database update going out in a few hours or so." Right now I am waiting for that update to purge my IP address from their block list.
Webmasters who find the IP addresses of their new servers blocked by Malwarebytes should post the problem in the official Malwarebytes support forums in the false positives/website blocking section (https://forums.malwarebytes.com/forum/123-website-blocking/). Malwarebytes staff will likely read it and take action if the IP address no longer deserves to be on their block list.