Author Topic: Webpage blocked: Information for One.com users  (Read 10707 times)

0 Members and 1 Guest are viewing this topic.

Offline LackOfGrace

  • Newbie
  • *
  • Posts: 3
Webpage blocked: Information for One.com users
« on: March 23, 2013, 12:07:49 AM »
Just made a routine check to see if my site was running fine:
Opalond.com
To my surprise Avast blocked the connection, stating that it was malicious.

I am pretty sure that i haven't added any malicious code :)
But i went through the file anyway to make sure that the ftp wasn't hacked.

My search turned up nothing, so i resorted to contacting One.com support.
According to the guy this was a known problem, and they where working on resolving the issue.
I asked if this was affecting all sites hosted by One.com, his response where "For all that use Avast Antivirus"

Using some online page checkers i can verify that the site is not malicious.
I have also reported it as a false positive.

How long does unblocking a site usually take?
Can someone else verify that the page is not infected?


EDIT:
According to
urlvoid.com/ip/46.30.211.55
We can see that several sites on our IP are blacklisted.
So it should only be this group of sites that are affected.
Hopefully it will be resolved quickly
 
« Last Edit: March 23, 2013, 12:14:39 AM by LackOfGrace »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37130
Re: Webpage blocked: Information for One.com users
« Reply #1 on: March 23, 2013, 12:14:30 AM »
Quote
To my surprise Avast blocked the connection, stating that it was malicious.
and what does avast say?
if it is URL:mal it means it is on a blacklist....for whatever reason, it does not have to be malicious


if you think this is wrong, report it here.    http://www.avast.com/contact-form.php

Offline LackOfGrace

  • Newbie
  • *
  • Posts: 3
Re: Webpage blocked: Information for One.com users
« Reply #2 on: March 23, 2013, 12:16:01 AM »
Quote
To my surprise Avast blocked the connection, stating that it was malicious.
and what does avast say?
if it is URL:mal it means it is on a blacklist....for whatever reason, it does not have to be malicious


if you think this is wrong, report it here.    http://www.avast.com/contact-form.php

You are correct, check my edit

Offline Duke217

  • Newbie
  • *
  • Posts: 2
Re: Webpage blocked: Information for One.com users
« Reply #3 on: March 23, 2013, 11:14:38 AM »
I am also in front of the same problem with two of my websites.

Sorry if I have to repeat LackofGrace's question but :

Quote
How long does unblocking a site usually take?
« Last Edit: March 23, 2013, 11:16:15 AM by Duke217 »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37130
Re: Webpage blocked: Information for One.com users
« Reply #4 on: March 23, 2013, 12:03:44 PM »
what is the url you have problems with

Offline jpk_56

  • Newbie
  • *
  • Posts: 2
Re: Webpage blocked: Information for One.com users
« Reply #5 on: March 23, 2013, 12:34:11 PM »
Here the same problem at http://www.catteryworld.eu

Offline massico

  • Newbie
  • *
  • Posts: 8
Re: Webpage blocked: Information for One.com users
« Reply #6 on: March 23, 2013, 02:00:49 PM »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33374
  • malware fighter
Re: Webpage blocked: Information for One.com users
« Reply #7 on: March 23, 2013, 02:40:16 PM »
Hi massico,

The only two potentially suspicious files flagged by Quttera's are the following
 
Quote
/wp-content/themes/soundmaster/js/jquery.carouFredSel-6.1.0-packed.js?ver=3.5.1
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> __tmpvar1274965395 = eval; <code/>
&
Quote
/wp-content/plugins/easy-digital-downloads/templates/edd.css?ver=3.5.1
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [['data:application/octet-stream;base64,AAEAAAAPAIAAAwBwRkZUTWKUVToAAAD8AAAAHE9TLzJWNGNEAAABGAAAAFZjbWF']] of length 5821 which may point to obfuscation or shellcode.

As more and more JavaScript code now often come full of hacks to make them more pluri-functional (not malicious per se)
and full of obfuscation, these files are prone to be taken as FP's by finetuned av, which might be the case here as well.

Site is verified clean here: http://sitecheck.sucuri.net/results/montluson.com/
One issue should be looked into - Update part of WP appl....
Web application version:
WordPress version: WordPress 3.5.1
Wordpress Version 3.5 based on: htxp://montluson.com//wp-admin/js/common.js
WordPress theme: htxp://montluson.com/wp-content/themes/soundmaster/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Duke217

  • Newbie
  • *
  • Posts: 2
Re: Webpage blocked: Information for One.com users
« Reply #8 on: March 23, 2013, 02:42:05 PM »
http://www.nothingtonpost.eu

and

http://www.dkme.eu

And although I also have WP installed on one of these, the alerts came before I even installed anything, when there was absolutely nothing on the site.
« Last Edit: March 23, 2013, 02:47:57 PM by Duke217 »

Offline godest

  • Newbie
  • *
  • Posts: 4
Re: Webpage blocked: Information for One.com users
« Reply #9 on: March 23, 2013, 02:52:11 PM »
Having the same issue (i just bought my domain and uploaded my site a few days ago) i also use one.com. I noticed this issue yesterday. My site is a small html site without any kind of javascript. Its just my portfolio page sort of. Avast blocks the site for various reasons every time i visit it. One time it was one of my png pictures, the next it was my favicon and so on. The site is clean, scanned it and reuploaded the files. I hope this gets fixed soon :/!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33374
  • malware fighter
Re: Webpage blocked: Information for One.com users
« Reply #10 on: March 23, 2013, 02:55:59 PM »
The probable FP could be because of runescapo dot  com flagged for the IP 46.30.211.55 a verified PHISH
If more domains on IP 46.30.211.55 are being blocked by !avast this would explain the FP's
So in that case datingknowledge.nl as a domain on that IP should be blocked by avast! Network Shield and it is.
With over 20.000 domains on one IP you run some risk with a broad IP range block FP.
Re: http://www.urlvoid.com/scan/nothingtonpost.eu/

polonus
« Last Edit: March 23, 2013, 03:02:14 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33374
  • malware fighter
Re: Webpage blocked: Information for One.com users
« Reply #11 on: March 23, 2013, 03:25:25 PM »
There are several domains on that particular IP that should be blocked because of a generic malcode findings. For instance: htxp://diamantcraft.org/popesued.html  and also unknown html malware on: htxp://wildcatrock.de/
Also long overdue malware launched from: htxp://rotolandia.es/list.php?category/29-Asia-and-Pacific
So that IP range has certainly some long outstanding security issues, but not to an extent for a full IP domain range block...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline massico

  • Newbie
  • *
  • Posts: 8
Re: Webpage blocked: Information for One.com users
« Reply #12 on: March 23, 2013, 03:28:19 PM »
Hi polonus!
Thanks for your reply.
If i correctly understand i have to make an update for my theme?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33374
  • malware fighter
Re: Webpage blocked: Information for One.com users
« Reply #13 on: March 23, 2013, 03:32:03 PM »
Hi massico,

You correctly interpreted my message. Hope that the domain range for that IP FP will  soon be fixed, eventually with a new upcoming avast update. If FPs are found, avast team is known to react real soon. Stay safe and secure online is the wish of,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline massico

  • Newbie
  • *
  • Posts: 8
Re: Webpage blocked: Information for One.com users
« Reply #14 on: March 23, 2013, 03:35:09 PM »
Ok Polonus the problem is that I deleted the easy-digital-downloads plugin and for the theme there's no update...