Malwarebytes: Webmail being blocked
One of our customers who tried to access Webmail received this warning from Malwarebytes:
Website blocked due to phishing
Website Blocked: our URL to webmail was listed here
v2.6.23 | Heuristics: phishing
Malwarebytes Browser Guard blocked this page because it may contain malicious activity.
We strongly recommend you do not continue. You may be putting your safety at risk by visiting this site. For more information, visit Malwarebytes Support.
Go back
Continue to this website
Do not block this site again.
Has anyone seen this? Is there anything we need to do on our end to prevent malware from seeing our system as a potential phishing site?
-
Hi, did you end up gathering any more information about this issue?
0 -
Whatever the main problem is, it wouldn't be related to cPanel. Were you ever able to scan the system to see if there was any suspicious content?
0 -
cpanzy , I have not gathered any additional information about this....I haven't used Malwarebytes myself very extensively except for the occasional system scan, but I wonder if there is an allow list where someone could add the webmail URL?
0 -
Hi, yes there is an allow list. I also just discovered this and for me it only happens on chrome. I have malwarebytes on both chrome and firefox and chrome is the only one that does this. Screen shots attached. Same exact url, i copied from FF over to chrome to be sure.
And then firefox
I am hessitant to contact MWB, because i did this last winter about a js error they were showing on my website in the dev tools console view. They could not figure it out either and they confirmed it was their file causing the error and their issue.
After several weeks of telling me they were working on it, they finally closed the ticket saying something like "we have added this to our research list and if discovered will correct the issue". Basically i think they tossed the issue in the toilet and its been almost a year now and no notification at all.
Personally i think cPanel should reach out to either MWB or Chrome and ask them why their webmail port is being seen as malicious content. Cpanel has alot more pull than any of us users do and may get a resolve faster, that is just my opinion.
But yes there is a whitelist for MWB. But one has to wonder how many users get that page and get turned off about cPanel or the Admin's Reseller Site. I think i would be placing a bug in the ear of chrome or MWB to find out why. :)
0 -
durangod - if you still have a way to reproduce this, could you create a ticket?
0 -
I have been trying but ever since i added the exception, even when i remove the exception it seems to work no issue. After this huge download finishes (game) that is running now, i will clear all cache and make sure the browser and MWB does not have any exception and i will reboot and see if it comes back. If it does i will post back here and create a ticket.
Thanks :)
0 -
Awesome - thanks!
0 -
I seriously doubt MalwareBytes is blocking based upon the webmail port. There are 10s if not 100s of thousands of cPanel hosted account for which there would be an email URL with a webmail port referenced. If they were blocking based upon the port, everyone with a cPanel account who uses webmail would be having issues.
I'd recommend signing up to the MalwareBytes forums and reporting a false positive.
https://forums.malwarebytes.com/forum/123-website-blocking/
And apparently, if you are a paid subscribe of MalwareBytes you can just contact MalwareBytes support and report it directly to them.
1
Please sign in to leave a comment.
Comments
8 comments