Avast WEBforum
Other => Viruses and worms => Topic started by: lgfc_2012 on July 16, 2012, 09:37:06 PM
-
I am a small hobby store owner. I recently downloaded avast trial version, and have it currently running.
I went to my site and noted that many pages were coming up lframe-inf.
I followed the instructions on the original post but could not find any lframes on my pages.
Hoping someone can help ::)
Any help appreciated. :D
Thanks for your time in this matter :D
-
It looks to be in the fav icon
I will ask iDonovan to have a look when he gets here ;D
-
Hi lgfc_2012,
Is there any specific page that avast! alerts? If you would please post a screenshot of the alert.
-
Hi !Donovan,
I answered in the other post open on this issue.
The alert is from Avast Webshield Malware being blocked Avast has blocked a malicious website or file
Object: hxtp://www.ladygouldianfinch-ca.com/favicon.ico (malware doing a redirect)
Infection: HTML:Iframe-inf
Process (browser executable)
polonus
-
Here it is
-
Hi essexboy,
Only difference that I got that txt in Dutch and for chrome.exe (as I went there with Google chrome).
Sucuri gives this report with security warnings: http://sitecheck.sucuri.net/results/www.ladygouldianfinch-ca.com/
IP-location risk also plays here and security issues as I mentioned in the other posting.
Site gives away full version number of server software to the world, that is a security risk
Site has FrontPage/5.0.2.2635
Powered by: PHP/5.2.14
with many security flaws that can be abused by malcreants, especially PHP is "renowned" insecure,
but here it seemed to have been a hidden iFrame,
polonus
-
What does this mean?
I am no web developer so am having someone do the site bit by bit.
What is the .ico is that the flash player. If not, is it nec? Can I delete it?
appreciate the help
-
They should check your error handling in the .htaccess file,
polonus
-
where is this .htaccess file found ?
Am in the site now so can fix it if I know where it is.
-
favicon.ico seems to lead to the 404 page that contains the iframe redirect.
-
No, this should be done at the server where your website is being hosted. You should take the issue up with them at cp5.hostserve.net,
polonus
-
ok fixed the 404 now what?
-
What do i say to hostserve? How can I get better protection from them?
-
I see there 2 instances of it GET /favicon.ico HTTP/1.1:
response: HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Mon, 16 Jul 2012 20:39:00 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Accept-Ranges: bytes
Content-Length: 1269
Keep-Alive: timeout=15, max=93
Connection: Keep-Alive
And for your hosting service, you could give a link to this thread and the oyher one,
polonus
-
ok fixed the 404 now what?
I still get the iframe.
-
ok found another 404 in my main file. Not sure why I have two, can I delete one?
please retry.
-
Yes and what it redirects to is also blocked by avast Networkshield as URL:Mal
polonus
-
i Found this
http://sitecheck.sucuri.net/results/neoaxial.org/data/.1/index2.php
::)
-
Both 404 are fixed working on other 00 files.
-
Yes, adotd, I also was able to read !Donovan's image. That site is being blocked by avast Networkshield. Only proofs that it is hidden iFRame malware and malcious as such, see where it stems from http://www.pagesinventory.com/domain/neoaxial.org.html
polonus
-
Not sure how they got on my site but will see what host can do to stop future instances.
TC
-
Thanks :D totally appreciated :D NOw maybe I can stop potential patrons from clicking off.
-
Hi lgfc_2012,
You are welcome. Glad we could be of assistence, which is the reward you get for coming here.
If you think your website is free of malware report it using the http://www.avast.com/contact-form.php?loadStyles link and give a link back to this topic.
Could be the blocking could be lifted even with a coming update. Just wait.
Stay safe and secure online using avast solutions, is the wish of
polonus
-
Hi lgfc_2012,
You are welcome. Glad we could be of assistence, which is the reward you get for coming here.
If you think your website is free of malware report it using the http://www.avast.com/contact-form.php?loadStyles (http://www.avast.com/contact-form.php?loadStyles) link and give a link back to this topic.
Could be the blocking could be lifted even with a coming update. Just wait.
Stay safe and secure online using avast solutions, is the wish of
polonus
Good work polonus,
I keep telling those attending the presentation that we constantly get webmasters asking us why their website is being blocked.
Most of the time, they don't have a clue that their site is infected until someone, like yourself, points out the infection or injection to them.
Have a good evening,
Bob