I have this IP address from China thats using 200MBs of data/day!! And my ISP has me on a 500Mb/day limit. I read http://forum.mikrotik.com//viewtopic.php?t=10028 for blocking websites by IP and built this,
chain=forward dst-address=xxx.xxx.x.xxx protocol=tcp src-port=0-65535 dst-port=65535 time=0s-0s, dst-port=0-65535 action=reject reject-withicmp-admin-prohibited
I can still ping the site and call it up in a browser. I really have no idea what to do here. At this rate the whole building can only be online for 1/2 a day. My antivirus doesnt show anything on the network.