MY Website blocked bv Avast with the Infection: URL:Mal message

[REDACTED]

Hi all,

Many users started to inform us that they cannot access our website because Avast was telling them that the website is infected: URL:Mal

Could you help me with this? Thank you for your interest.

[Eddy]

URL:Mal = IP and/or domain is blocked.

[Secondmineboy]

One vulnerable library detected: http://retire.insecurity.today/#!/scan/003ffb412db036dcfe106dd4b64ab2f022897a8a638ed7afc1e2172f9c1b3daf

http://quttera.com/detailed_report/www.e-data.com.tr

Also you may want to update Windows Server as OS when Server 2016 is out next year, should help in security, please take use of its new security features.

Other scanners give a clean sheet on the site.

You may want to add Incapsule to get some better protection: https://www.incapsula.com/
CloudFlare can be gone around pretty quickly.

[Pondus]

html scan
https://www.virustotal.com/en/file/c6c5f61fb6249f34428fbfd48805c33ff25d5bd9c14cae121077f0cdf95155f7/analysis/1453061912/

seems to be hosted at afrid.org that have a bad reputation
http://freedns.afraid.org/domain/dnstrace.php?domain=http%3A%2F%2Fwww.e-data.com.tr%2F+&submit=Trace


see post from @Milos here  https://forum.avast.com/index.php?topic=165692.msg1179953#msg1179953

[REDACTED]

Dear Pondus,

Thank you for your interest ,so only Avast doesnt like our website "Avast   JS:ScriptIP-inf [Trj]   20160117"

So in order to make available our website for Avast users we should do this?

"
any domain hosted on afraid.org can be used by other persons for dns hosting without your control. It happened for your/client's domain, it was misused for malicious purposes - in that case, when nobody has control on subdomains of domain (DNS hijacking), we block the whole domain in order to protect our users. For you/client, the solution is most probably only changing the dns hosting and letting us know later.
"

[Eddy]

Since it is a companies website, I say :

- Get a decent host
- Use a dedicated server
- Hire someone who keep everything (especially security related things) up-to-date

[polonus]

Hi msaxar,

Yes for Avast Team Members to unblock just steer away from afraid dot org and the unblocking could often come as soon as with an upcoming update of the software definitions. We cannot do this for you as we are volunteers with relevant knowledge, and unblocking can only be performed by Avast Team Members.
There is no malware at that website per se, no cloaking, all same status codes, no spammy looking links, no iframes, no blacklists, exept than for that afraid dot org issue.

The other recommendations in this thread are also worth looking into. to make the website more secure. The real situation with the server security can only be known to whom administrates the website. Remember excessive server header info proliferation is a misconfiguration, never let your server software or your CMS talk to loudly for that matter.

See one fail and two warnings here: https://asafaweb.com/Scan?Url=www.e-data.com.tr

Have a peaceful day,

polonus (volunteer website security analyst and website error-hunter)

[REDACTED]

Thank you so much Dear Polonus. 

[HonzaZ]

Please do note that just being hosted at afraid.org does not result in blocking - only when there are malicious subdomains being created. We spotted these URLs active in the past 24 hours:

hxxp://1.totalhelp.e-data.com.tr
hxxp://utid.iteby.e-data.com.tr

Both pointing to blocked IPs. This is the reason of blocking, and it can be resolved by changing hosting or using the premium account at afraid.org (setting called "stealth").

Please post a reply when you resolved the issue and I will unblock it after confirming.
Honza