Your IP:

Our Forums Have Moved!

Visit our new forums at https://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthorcohech
    • CommentTimeFeb 24th 2012
     permalink
    I recently open my OpenDNS dashboard to find account web page and noticed a "Malware/Botnet Activity Detected" message.  On clicking on the stats link it shows "www.ebay.pl" made one request and was blocked by OpenDNS as a botnet.
     
    I was the only person using this network on the day the block occurred and I did not actively access this site, so I don't understand where the request was initiated from.
     
    Additionally, the site appears to be the Polish eBay site and therefore unlikely to be a botnet.
     
    Is this block a false positive or am I missing something?
    • CommentAuthorRed Prince
    • CommentTimeFeb 24th 2012
     permalink
    >>I did not actively access this site<<

    That makes no difference. There is a lot more to the Internet than web sites. Any number of programs running on your system can (and many do) access the Internet without even letting you know. Even some web browsers prefetch domain names of the links on a page you are accessing, just so they have that information ready if you decide to click on the link.

    So, just because you did not actively access a site does not mean a domain could not be looked up by a process running on your computer.

    As for eBay, Polish or otherwise, it is not unthinkable that someone may have figured out to get malware on one of its many pages.
  1.  permalink
    I think if the reported activity is only one or two real websites it's safe to assume a false positive.
    • CommentAuthorrotblitz
    • CommentTimeFeb 25th 2012
     permalink
    "Is this block a false positive or am I missing something?"

    Hmm, it is no longer blocked:
    nslookup www.ebay.pl. 208.67.222.222
    Server: resolver1.opendns.com
    Address: 208.67.222.222

    Nicht autorisierte Antwort:
    Name: www.intl.ebay.com
    Addresses: 66.135.200.182, 66.135.210.62, 66.135.210.182, 66.211.181.162
    66.211.181.182, 66.135.200.162
    Aliases: www.ebay.pl

    "I was the only person using this network on the day the block occurred and I did not actively access this site"

    For more insights you may want to read this then: http://forums.opendns.com/comments.php?DiscussionID=13451

This discussion has been inactive for longer than 30 days, and is thus closed.