Author Topic: False positive report (Read 15235 times)

!Donovan · « **Reply #15 on:** March 31, 2013, 11:28:56 PM »

Hi Vortex00,

When a website is blacklisted by avast!, any url linking to it, including non-existing pages, will be blocked.

I personally do not know why this issue hasn't been resolved yet. To help out, I've also sent a false positive report for your website.

Being a webmaster myself, I know the difficulties of getting a site removed from blacklists.

Greets,
~!Donovan

midnight · « **Reply #16 on:** March 31, 2013, 11:32:25 PM »

This popped up after clicking on topic. Never mind. Forgot to crop the threat warning.

polonus · « **Reply #17 on:** March 31, 2013, 11:57:55 PM »

Hi !Donovan,

This could date back from an earlier Flash malware detection, now been cleansed: http://urlquery.net/report.php?id=1542746

2013-03-22 06:23:39 184.173.167.109 urlQuery Client 3 FILEMAGIC Macromedia Flash data (compressed),

And that created the URL:Mal

But itcould also be for that particular IP being blocked, e.g. 184.173.167.109 for histats dot com domain that held/holds malware...

On that IP there was this malware being detected: https://www.virustotal.com/nb/file/42bc05ae1fd022d4d77c2bb7ebd7032d31a888ab28a435d826868c5257611100/analysis/ (not recently)

polonus

!Donovan · « **Reply #18 on:** April 01, 2013, 12:03:05 AM »

Hi Polonus,

Thank you for the clarification. So it is a legit block, I see.

The only thing that's troubling me now is why they haven't added an exception for Vortex00's site yet. As the OP states, it's been well over 24 hours.

~!Donovan

polonus · « **Reply #19 on:** April 01, 2013, 12:14:47 AM »

Hi !Donovan,

We saw this problem a couple of times recently. You can block a particular IP, but with goodies and baddies on it, you have to discriminate as per domain.
With 6 domains there is less of a problem. With 14.700 sharing the same IP number blocking that IP you may have created a problem.

polonus

Vortex00 · « **Reply #20 on:** April 01, 2013, 12:41:45 AM »

Thanks for all the replies
I appreciate the help on this matter

Histats was removed prior to sending the information in the contact-form.

Though it seemed like an innocent enough web tool to simply track users that visit a website, I noticed that it somehow created a problem during scans of my website to figure out this avast url:mal issue.

That IP should no longer be affiliated with the IP for my site.

My domain itself has/had no issues at the time of me filling out the contact form.

I don't know about other sites on my IP, but if my domain needs to be cherry-picked out of the bunch then that needs to happen.

-V00

!Donovan · « **Reply #21 on:** April 01, 2013, 10:06:27 PM »

Hi Vortex00,

It should be fixed in the next VPS update.

~!Donovan

Vortex00 · « **Reply #22 on:** April 02, 2013, 01:27:10 AM »

This is good news! thanks !Donovan

jccq89 · « **Reply #23 on:** April 03, 2013, 03:40:28 AM »

there was an update today but i still can't access the website...

Vortex00 · « **Reply #24 on:** April 03, 2013, 11:57:48 PM »

May I get a suggestion for the next steps I need to take please?

also polonus,

I don't how that could have triggered the URL:Mal because again, we are talking about a specific file that avast points out, chat_display.php .
The file, at the time before deletion, was php and not linked to flash in any way.

denics · « **Reply #25 on:** April 04, 2013, 09:34:20 AM »

Hi guys,
the website has been unblocked. That should come to effect in the next streaming/regular update.

Author Topic: False positive report (Read 15235 times)

!Donovan

Re: False positive report

midnight

Re: False positive report

polonus

Re: False positive report

!Donovan

Re: False positive report

polonus

Re: False positive report

Vortex00

Re: False positive report

!Donovan

Re: False positive report

Vortex00

Re: False positive report

jccq89

Re: False positive report

Vortex00

Re: False positive report

denics

Re: False positive report