Avast WEBforum
Other => General Topics => Topic started by: wsalvatore on November 16, 2010, 01:58:48 AM
-
How can I find out why avast is blocking access to a specific website? It's a clean site, no scripting activex, etc. No scams, etc but I have to disable avast to to get to the site or it's blocked.
-
Can you post the edited link to it? hxxp:\\...
Generally, avast detection is accurate in these cases.
Isn't it an encrypted/obfuscated script or iframe?
Wasn't the site hacked?
Maybe you could contact its webmaster.
Check here (http://www.stopbadware.org/home/security) how to clean and make a website secure.
The vast majority of malware today is distributed over the web, mostly by means of hacked (otherwise legitimate) sites. The attacker usually injects malicious some scripts into some (or all) pages on the site, waiting for an unsuspecting user to visit the site and possible infect his/her machine.
And this is where avast’s detection capabilities really excel. Its abilities to detect these web-based malicious scripts are second to none, and thanks to the Web Shield and Script Blocking providers, they are used exactly when needed, doing an excellent job stopping the web-based malware right on the entry point.
-
The site is sweetbinks.org. It's an animal rescue site. No iframes, scripts, etc. I know the webmaster and have tried to help them find out why the site is blocked, I have an entire copy of the site(it's not very large) and it's pretty basic html.
I have examined all pages and can find nothing out of the ordinary, no scripts, hidden code, etc. Since the site belongs to a charity, it's a seriouse matter for them to have it blocked. If I load the site on my own server, avast does not detect a thing when I go there so it appears it's the domain name itself that it does not like.
-
I don't think it is avast blocking sweetbinks.org as the site is redirecting to rirabbits.org and it is that site which is being blocked, see image.
I have checked out the rirabbits.org http://vscan.urlvoid.com/analysis/dd52d4cab8d1768efdd776d6b76cf98b/aW5kZXg=/ (http://vscan.urlvoid.com/analysis/dd52d4cab8d1768efdd776d6b76cf98b/aW5kZXg=/) and it isn't on any lists of malicious sites, so I will report this for further analysis.
-
Looks like this website has been hacked, as avast! reports that one of its pages, rirabbits.org/Adopt_Us/Application/application.html, has been infected with a HTML:REdirBA-inf Trojan Horse. (See screenshot below.)
-
Strange I didn't get a web shield alert on the rirabbits.org site, mind you I was only on the home page and didn't go rummaging round it.
-
I have just had a look at the source for that page, rirabbits.org/Adopt_Us/Application/application.html and didn't see anything obvious regarding any redirection.
-
David, I had the webshield show redirect too. Then two more attempts network shield blocked.
hxxp://webcache.googleusercontent.com/search?q=cache:sXubz9YqOfAJ:sweetbinks.org/+sweetbinks.org&cd=1&hl=en&ct=clnk&gl=us|>{gzip} [L] HTML:RedirBA-inf [Trj] (0)
-
The form on that page redirects to hxxps://no7-control.superb.net:8443/webserver/webeasy/webeasy.php, but that is simply the form submittal utility from the webhost. Could that be what is being seen as a trojan?