Avast WEBforum
Other => Viruses and worms => Topic started by: spacetime07 on November 26, 2022, 06:54:04 PM
-
Hi, the following website "wxw.turchini.it" has been flagged as positive, but it's a false positive since the website is completely clean.
Using NOD32 or scanning local files with AVAST no one files results infected.
Please remove it from your block list.
Thanks
-
Using NOD32 or scanning local files with AVAST no one files results infected.
It is website that is infected not Your computer
https://www.virustotal.com/gui/url/87df94e5dc93ec000c9eb2d02831b9867df0a0098e784c757307238bcfd1f0e5?nocache=1
https://sitecheck.sucuri.net/results/https/www.turchini.it
-
I know that, but the website is clear I am the developer.
-
Then report it
https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438
-
I know that, but the website is clear I am the developer.
There are also security issues reported here - https://en.internet.nl/site/turchini.it/1791436/
Whilst this may not be why Avast is alerting, but as the developer this is something you should address.
Also, please break active links to avoid accidental exposure to a suspect site - e.g. just turchini.it no http/www, etc.
-
Then report it
https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438
I did this, but I don't know how many days I've to wait.
-
Ordinarily - You should get a response in a day or two. This may be a little more given it is a weekend.
That said there is no guarantee that it would be cleared, given the above reports from other sites.
-
There are two issues here.
One is that your Word Press CMS is outdated, update WordPress a.s.a.p.
Then your site is linking to -bitninja.io, a known spam site:
https://www.virustotal.com/gui/domain/bitninja.io
Second is BitNinja server security constantly comes under attack,
re: https://www.scamaider.com/is-bitninja.io-safe-legal.html
But wait for a final report from avast team, as they are the only ones to come and unblock.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
please can you send me a report about that?
I am not able to find any bitninja link into my website php/html/js pages.
Thanks
-
See: https://www.virustotal.com/gui/domain/turchini.it/detection
See: https://urlscan.io/result/8f1516ef-502f-45ec-9ab9-9967d6efee81/
Bitninja protection is on the server where your website is being hosted.
Plug-ins to be updated: wordpress-seo 11.1.1 Warning latest release (19.10)
https://yoa.st/1uj
woocommerce 3.6.7 Warning latest release (7.1.0)
https://woocommerce.com/
Also see the qakbot zip here: https://urlscan.io/search/#page.ptr%3Atardelli.dnshigh.com
-> https://urlscan.io/result/616a456d-af3f-4cd6-9060-f56cf09e96d9/ (that was from Oct31 last).
polonus
-
Those who have responded are avast users and not Avast employees
We offer advice based on multiple security checking sites, it is up to you to act on that advise. Your site based on what we have already pointed out is using outdated software which could be ripe for exploit. As the website developer you should act on that to protect visitors.
-
I am going to update wordpress and all the other plugins, this is not a real problem since I had to restore the website to a very old version to remove all the threats.
But the point is that the website is not infected at all, so I'd like to inform AVAST community.
I am still waiting for AVAST to remove it from their black list.
-
Sorry, but from what has been said there are links to external sites that could also be responsible for the alerts so it isn't just what is on your site.
For instance the very first reply, the link to virustotal's analysis, in the Links element show external link to bitninja.io, which has also been mentioned in another post, Reply #7.
There is little point i us posting information if it isn't being followed up.
Avast will only remove it if it is confirmed to be a false positive.
-
Hi spacetime07,
As DavidR states you have to wait for avast team to eventually unblock your site (reconsideration).
When you perform a scan at https://hackertarget.com/wordpress-security-scan/ you can see the actual Word Press alerts for yourself. Prego. Here it was given clean: https://quttera.com/detailed_report/www.turchini.it
polonus
-
I don't know where to find a report about bitninja.io, I'd like to send one to my webserver because I can't do anything with bitninja since is a server feature.
Thanks
-
Hi speacetime07,
Well we will find it here - https://www.shodan.io/host/86.107.32.86 (your IP and your website hoster)
Server: BitNinja Captcha Server (and that comes under constant attack)
It should cover and protect you against attacks, so is actually a good thing.
Read also here: https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/bitninja-captcha-server-identified/
(server info proliferation - good you could not find it).
But again there is no direct impact arising from this issue.
Just added this to be complete in my information on your website's security situation and that at the hosting server
(but be aware of web technologies used there, as we have touched that already Word Press, PHP, My SQL).
Hope you will soon learn from avast about the present final detection position of your website.
Also report here: https://sitereport.netcraft.com/?url=https://www.turchini.it (could report a mistake)
polonus
-
Thank you. Avast said that was a false positive so the website is again live without any advise.
Thank you all.
-
You're welcome.
Don't forget to address the outdated software, etc.
-
Hi spacetime07 and DavidR,
What about this outgoing link, flagged as with PHISHING:
https://www.virustotal.com/gui/url/fae7d3021f142bcc20d0ef6fe209920ff6f9ac9b36586ecb7d65f54ab2f75f33/details
also see: https://sitecheck.sucuri.net/results/https/forms.gle/YCMeyXwf63pY9aMa8
and then see: https://www.abuseipdb.com/whois/199.36.158.100
So we are not completely out of the woods with this one, or arrived there once again (scam and phising abuse).
But wait, here it gets the all green and a full 100%: https://www.scam-detector.com/validator/forms-gle-review/
But as they say there it is the web admin's duty to read the signs there ;)
polonus
P.S. This has turned into quite some interesting thread (i.m.h.o.), as it has gone over all sort of aspects of the Word Press CMS security features, to arrive at the conclusion, that without constant maintanance and updating no website will stay completely secure, and that's for sure.