Author Topic: avast is blocking my website, and not responding to emails  (Read 7723 times)

0 Members and 1 Guest are viewing this topic.

Offline shinewatch

  • Newbie
  • *
  • Posts: 10
avast is blocking my website, and not responding to emails
« on: December 30, 2012, 06:54:42 AM »
my website is wxw.shinewatch.com and avast is not responding to my emails on why it was blocked.
network shield seems to block it, scanned for viruses but found none.
« Last Edit: December 30, 2012, 07:18:03 PM by shinewatch »

Offline mikaelrask

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1558
Re: avast is blocking my website, and not responding to emails
« Reply #1 on: December 30, 2012, 09:39:34 AM »
hey and welcome to the forum please make the link non clickable by chancing it to like wxw or something else, so other users does go and click on it,

http://zulu.zscaler.com/submission/show/57351e836c681a8eec6ebff784cccf8a-1350297660

according to the scan above it something suspicious about the link.
Windows 8.1 amd a10-5700 64 bit
12 GB ram 1 tb hard drive. Avast 18, MBAM

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36685
Re: avast is blocking my website, and not responding to emails
« Reply #2 on: December 30, 2012, 12:19:44 PM »
if you think it is wrong, you can report it here   http://www.avast.com/contact-form.php?

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83312
  • No support PMs thanks
Re: avast is blocking my website, and not responding to emails
« Reply #3 on: December 30, 2012, 01:02:44 PM »
There are off site connections to stallionw.com (your webdeveloper ?), which redirects to stallioni.com so I don't know if that might have something to do with it or not.

When using the contact form link given ask for a Network Shield review and give a link to this topic might help.

Nothing found at http://sitecheck.sucuri.net/results/www.shinewatch.com/ or http://www.urlvoid.com/scan/shinewatch.com/ or http://urlquery.net/report.php?id=556243. But WOT (Web Of Trust) doesn't like the site reputation wise.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.5.2415 (build 20.5.5410.561) UI-1.0.532/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32536
  • malware fighter
Re: avast is blocking my website, and not responding to emails
« Reply #4 on: December 30, 2012, 01:30:13 PM »
There are some minor issues. Question first: //** Is your rel canonical tag pointing to another domain? 
Code anomalies -
1. Code hick-up: line:168: SyntaxError: unterminated string literal:
          error: line:168:                     for(var i=0;i<s><a rel="+ i +" href="">'+ (i+1) +'</a>') *
          error: line:168: ......................................................................................^
     error: line:3: SyntaxError: missing = in XML attribute:
          error: line:3: <!DOCTYPE html PUBLIC "-/W3C/DTD XHTML 1.0 Transitional/EN" "http:/wXw.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
          error: line:3: ...............^
2. I get a Firekeeper triggered alert for *: === Triggered rule ===
alert(url_content:"%3C"; url_content:"%22"; url_content:"%3E"; msg:"Suspicious looking GET request containing %3C, %3E, and %22. Suspiciously HTML-like."; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;) to be used as a cloud attack

=== Request URL ===
////broken by me/////+for%28var+i%3D0%3Bi%3Cs%3E%3Ca+rel%3D%22%2B+i+%2B%22+href%3D%22%22%3E%27%2B+%28i%2B1%29+%2B%27%3C%2Fa%3E%27%29&ie=utf-8&oe=utf-8&aq=t
furthermore:

3. info: [img] wXw.shinewatch.com/includes/templates/pro/jscript/includes/templates/pro/images/blog.png
     info: [decodingLevel=0] found JavaScript [obfuscated)
     suspicious:

polonus
« Last Edit: December 30, 2012, 02:10:03 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline shinewatch

  • Newbie
  • *
  • Posts: 10
Re: avast is blocking my website, and not responding to emails
« Reply #5 on: December 30, 2012, 07:01:11 PM »
if you think it is wrong, you can report it here   http://www.avast.com/contact-form.php?

 reported a number of times, but they did not get back to me

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36685
Re: avast is blocking my website, and not responding to emails
« Reply #6 on: December 30, 2012, 07:06:40 PM »
if you think it is wrong, you can report it here   http://www.avast.com/contact-form.php?

 reported a number of times, but they did not get back to me
they usually dont...
is the website still blocked?

Offline shinewatch

  • Newbie
  • *
  • Posts: 10
Re: avast is blocking my website, and not responding to emails
« Reply #7 on: December 30, 2012, 07:12:41 PM »
There are some minor issues. Question first: //** Is your rel canonical tag pointing to another domain? 
Code anomalies -
1. Code hick-up: line:168: SyntaxError: unterminated string literal:
          error: line:168:                     for(var i=0;i<s><a rel="+ i +" href="">'+ (i+1) +'</a>') *
          error: line:168: ......................................................................................^
     error: line:3: SyntaxError: missing = in XML attribute:
          error: line:3: <!DOCTYPE html PUBLIC "-/W3C/DTD XHTML 1.0 Transitional/EN" "http:/wXw.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
          error: line:3: ...............^
2. I get a Firekeeper triggered alert for *: === Triggered rule ===
alert(url_content:"%3C"; url_content:"%22"; url_content:"%3E"; msg:"Suspicious looking GET request containing %3C, %3E, and %22. Suspiciously HTML-like."; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;) to be used as a cloud attack

=== Request URL ===
////broken by me/////+for%28var+i%3D0%3Bi%3Cs%3E%3Ca+rel%3D%22%2B+i+%2B%22+href%3D%22%22%3E%27%2B+%28i%2B1%29+%2B%27%3C%2Fa%3E%27%29&ie=utf-8&oe=utf-8&aq=t
furthermore:

3. info: [img] wXw.shinewatch.com/includes/templates/pro/jscript/includes/templates/pro/images/blog.png
     info: [decodingLevel=0] found JavaScript [obfuscated)
     suspicious:

polonus

yes currently is pointing to other domain because it is in the midst of editing..
but when i hosted it on another server it had the same problems as well. how do i solve this?

Offline shinewatch

  • Newbie
  • *
  • Posts: 10
Re: avast is blocking my website, and not responding to emails
« Reply #8 on: December 30, 2012, 07:13:52 PM »
if you think it is wrong, you can report it here   http://www.avast.com/contact-form.php?

 reported a number of times, but they did not get back to me
they usually dont...
is the website still blocked?

yes it is still blocked at the moment.. error 103

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36685
Re: avast is blocking my website, and not responding to emails
« Reply #9 on: December 30, 2012, 07:18:25 PM »
Quote
yes it is still blocked at the moment.. error 103
that does not sound like a avast warning...

is there a avast warning pop up when you go to the site?
if so take a screen shot of it and attach here

Offline shinewatch

  • Newbie
  • *
  • Posts: 10
Re: avast is blocking my website, and not responding to emails
« Reply #10 on: December 30, 2012, 07:23:16 PM »
Quote
yes it is still blocked at the moment.. error 103
that does not sound like a avast warning...

is there a avast warning pop up when you go to the site?
if so take a screen shot of it and attach here

there is no avast warning pop up, but i can see it is blocked in the network shield in my avast, when i turn the network and web shield on, i cannot access the website, i have to off these shields to access my website

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32536
  • malware fighter
Re: avast is blocking my website, and not responding to emails
« Reply #11 on: December 30, 2012, 08:04:23 PM »
A domain at the same IP had S/Meta.A.1 malware that is now dead: htxp://www.penguinguru.org/wp-content/themes/pixeled/yahoolinksus.html
known as a foxnews dot com, a known PHISH. This might have had a role in the blocking...
But I think it is because this: Application: shopping cart program by Zen Cart&reg;, htxp://www.zen-cart.com eCommerce is open to attack!
Cross site script exploit authentiction bypass.... in combination with WorddPress; see redirects mentioned below...
Avast Webshield flags the site and a gzip file there is flagged by the Network shield, but does not flag this site>: http://www.shinewatches.com/&oe=utf-8&hl=en&spell=1  which domain is at sale now.
What is the relation between this domain and yours? Is there a historic link?
All point now here: http://stallionw.com/shinewatch/includes/templates/cambridge_pro/jscript/jscript_jquery_1-4-4.js etc.
with a redirect - You are now being directed to wXw.stallioni.com -> http://wepawet.iseclab.org/view.php?hash=90b4b924d4444cf35df02ea672c5fef5&t=1356893435&type=js   originating here: http://stallioni.com/portfolio-types/oscommerce (same IP as had the  S/Meta.A.1 malware) on this Malaysian site.
You probably also have nameserver issues on: ns33 dot domaincontrol dot com. They should be as listed in your account!

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline shinewatch

  • Newbie
  • *
  • Posts: 10
Re: avast is blocking my website, and not responding to emails
« Reply #12 on: January 04, 2013, 03:53:58 PM »
i have uploaded this to my server, unfortunately it is still blocked...

Offline shinewatch

  • Newbie
  • *
  • Posts: 10
Re: avast is blocking my website, and not responding to emails
« Reply #13 on: January 04, 2013, 04:47:58 PM »
in fact i delete all the files and put up only a single text , it was also blocked, i am sure its only the domain name that is blocked by avast

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83312
  • No support PMs thanks
Re: avast is blocking my website, and not responding to emails
« Reply #14 on: January 04, 2013, 06:49:10 PM »
If the avast alert is MAL:URL then that means that either the domain name or IP address is on the malicious sites list. This can happen for a number of reason, previous domain/s on this IP address which were infected or previous alerts on the site, which after time would escalate and be included in the malicious sites list.

If the site has had this suspect code removed, etc. then you should follow up on the request fro site review as based on the information in Reply #2 & 3 above. So it will take a little time to review but if successful the site should be removed from the list relatively quickly after that.

I think the important thing in requesting site review is to give the link to this topic; not only does it give much more information than can be included in the report, it also gives them something to respond to (which has happened on occasion before).
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.5.2415 (build 20.5.5410.561) UI-1.0.532/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro