Avast WEBforum
Other => General Topics => Topic started by: Randy134 on January 31, 2020, 11:58:45 PM
-
Hi there,
Your Chrome Browser tool mistakenly flags my site think2grow.com as a phishing risk. This was fixed almost a year ago and every credible scanning service on the planet accept yours know s my site is clean. (Norton, McAfee, Google, Securi, etc.)
I am losing potential clients. Can you please rescan my site and get me off your blacklist ASAP?????
Thanks you very much.
Randy
-
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
-
Hi there,
Your Chrome Browser tool mistakenly flags my site think2grow.com as a phishing risk. This was fixed almost a year ago and every credible scanning service on the planet except yours knows my site is clean. (Norton, McAfee, Google[/color], Sucuri, etc.)
o.0
Every site you say?
GOOGLE disagrees! https://www.virustotal.com/gui/url/0c292712b48de6744ec1eb2ccd871eb7e60dcf54641f2edd1365afef3bca5efa/detection
Virustotal was formerly owned by Google. Now under the leadership of Chronicle, who's parent Company is Alphabet Inc... Guess who owns Google? Alphabet Inc. To be clear though (and I'm mincing your words), that's just an aggregation of all scan results. FortiNET deemed your website a phishing website. Fortinet annual revenue is north of 1.8 BILLION a year, not some small, backwards company.
You can file a false detection report with FortiGuard (Fortinet) here>>https://fortiguard.com/faq/wfratingsubmit?url=think2grow.com
ZScaler: https://zulu.zscaler.com/submission/c8f31b78-6995-4489-aa4a-7348bae37800
XForce (Unknown Website) https://exchange.xforce.ibmcloud.com/url/think2grow.com
Sucuri says no SSL Cert: https://sitecheck.sucuri.net/results/think2grow.com
I will say this though: WordPress is up-to-date, a rarity in the Website industry!
Wait for the final avast! verdict via the form Bob linked you too though. We're only volunteers.
<meta name="generator" content="WordPress 5.3.2" />
-
Well the WordPress CMS might be up to date, bu major config settings are wrongly set, which means quite some risk through means of excessive info proliferation: User Enumeration
The first two user ID's were tested to determine if user enumeration is possible.
ID User Login
1 Randy Fougere admin
2 None None
Cmseek detection gives username = admin
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Linting denotes next recommendation to make website a tad more secure: https://webhint.io/scanner/ffe201ff-d075-4ebb-9566-e672449459b2 rather https://webhint.io/scanner/ffe201ff-d075-4ebb-9566-e672449459b2#category-security
As Michael(alan1998) says, wait for a final verdict by an avast team member, as we are just volunteers with relative knowledge in the field of website security analysis and error-hunting, but only avast team members can come and unblock.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
P.S. By many designers Word Press CMS is still being considered a can of worms, because the underlying intrinsic insecurity of PHP,
especially in the hands of amateurs and designers that favor a "licked" website over a secure one.
Damian
-
Detection was removed in 03.02.2020 at 08:25 AM
Our virus specialists have now cleared its reputation in our database.
With URLs this change should be instant, but it might take up to 24 hours with files.
-
Great all cleared up. I really appreciate all the good advice given here by you folks and will take action :)
Thanks so much again!!!
-
Great all cleared up. I really appreciate all the good advice given here by you folks and will take action :)
Thanks so much again!!!
You're welcome : )