Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on December 28, 2015, 01:48:17 PM
-
My sites www.softmaster95.ru and kvktravel.ru do not contain a virus, please delete it from the blacklist!
-
There are many reasons for being blacklisted, it does not have to be infected
IP history https://www.virustotal.com/en/ip-address/81.177.141.191/information/
Multiple domains on same IP and many are blacklisted
Click more button under list(s) for more info
IPvoid http://www.urlvoid.com/ip/81.177.141.191
IP is on 7 blacklists http://multirbl.valli.org/lookup/81.177.141.191.html
INFECTED
https://sitecheck.sucuri.net/results/www.softmaster95.ru
https://sitecheck.sucuri.net/results/kvktravel.ru
html_Detections
https://www.virustotal.com/en/file/ddb5f3b59b8b2779fb0c17257480b6d0cdf9605fdba6549fa778a33e62121021/analysis/1451308000/
-
Sucuri has another view: https://sitecheck.sucuri.net/results/www.softmaster95.ru/
Known javascript malware. Details: http://sucuri.net/malware/entry/MW:JS:GEN2?web.js.malware.fake_jquery.001
Vulnerable code to be retired: -http://www.softmaster95.ru/
Detected libraries:
jquery - 1.10.1 : (active1) -http://code.jquery.com/jquery-1.10.1.min.js?ver=1.10.1
jquery.prettyPhoto - 3.1.4 : (active1) -http://www.softmaster95.ru/wp-content/themes/invert-lite1/js/jquery.prettyPhoto.js?ver=1
Info: Severity: high
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6837&cid=3
Info: Severity: high
https://github.com/scaron/prettyphoto/issues/149
https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto
jquery - 2.1.1 : -http://widgets.livetex.ru/js/app3.js?1.0.7
jquery - 2.1.4 : -http://widgets.livetex.ru/widget-ui-3.js
(active) - the library was also found to be active by running code
1 vulnerable library detected
WP update plug-in: jquery-colorbox 4.6 latest release (4.6.1) Update required
http://www.techotronic.de/plugins/jquery-colorbox/
Warning User Enumeration is possible :o User -Admin
blocked by Scriptblocker for me: -http://cs15.livetex.ru/js/client.js
Site given as clean here: https://urlquery.net/report.php?id=1451307343723
We cannot unblock as we are volunteers with relevant knowledge, ask for it here https://www.avast.com/contacts
polonus (volunteer website security analyst and website error-hunter)
-
Many suspicious scripts :
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=www.softmaster95.ru
Blacklisted IP/Domain and several other problems :
http://zulu.zscaler.com/submission/show/0528972efcd89571678757068805088e-1451307770
Infected :
https://sitecheck.sucuri.net/results/www.softmaster95.ru
http://quttera.com/detailed_report/www.softmaster95.ru
Blacklisted :
http://urlquery.net/report.php?id=1451308111452
http://urlquery.net/report.php?id=1451308136190
http://multirbl.valli.org/lookup/81.177.141.191.html
High security risks :
http://retire.insecurity.today/#!/scan/b9fd885e437683a093c564b60b0a4d12245f4a4a7755a7016e30aa31fa546003
-
I checked in well-known anti-virus programs and found nothing
https://www.virustotal.com/ru/url/bcbd660bcbc4ca1bd29fc5cce54c24e0cfc21778882b94f76e5b2844fac8be75/analysis/
-
Virustotal does not scan website for infections, it is a blacklist check
-
That is not an active real life scan, it is a collective of scan results and may change with every update and detection.
While the site may not be immedeately malicious as such there vulnerable code should be retired for security reasons (take down zip for later reference) e.g. -http://kvktravel.ru
Detected libraries:
jquery-migrate - 1.2.1 : -http://kvktravel.ru/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
1 vulnerable library detected
Site flagged here: https://sitecheck.sucuri.net/results/kvktravel.ru (Is that actual or cleansed?).
Site clean: http://killmalware.com/kvktravel.ru/
Ask for a second opinion from Avast Team Members here: https://www.avast.com/contacts
Mitigate the found vulnerabilities and Avast Team may eventually unblock when they see that as fit.
When site is being unblocked that could be with a coming update.
polonus
-
Site flagged here: https://sitecheck.sucuri.net/results/kvktravel.ru (Is that actual or cleansed?).
@Polonus, your question should be answered by my html scan above
-
Sites exist a few years, and I do not admit that there was an attack. If there is a virus detected, then it is a mistake
-
It doesn't matter how long a website exists.
It can be infected any time, any moment and within a second.
The detection is not a mistake as our scans show.
You need to fix all the problems or more and more anti-malware software will gonna block the site.
If you don't know how, hire someone who does know how to run and maintain a website.
-
The site is not on a blacklist, but there is an active infection right now. That is what Avast is complaining about.
You can find more info about this specific threat for example here: https://blog.sucuri.net/2015/11/jquery-min-php-malware-affects-thousands-of-websites.html
Once you remove the malicious code, Avast will stop flagging your domain. No action is necessary on our side.
-
That is what Avast is complaining about.
avast isn't complaining. It is doing what it is supposed to do. Protecting the users systems. :D
Асхаб
several problems can be avoided by using a dedicated server instead of a shared one.
If there is a malicious website on a shared server and the IP gets blacklisted/blocked, it will mean that your website also will be blocked, even when it is clean.
As said before, cleanup your site to solve at least one of the problems.