Author Topic: How to remove my website from your blacklist?  (Read 197845 times)

0 Members and 1 Guest are viewing this topic.



Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32773
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #242 on: October 28, 2016, 10:33:32 PM »
Additional to what Eddy mentions here Sucuri also gives the known javascript malware.
Details: http://sucuri.net/malware/entry/MW:JS:GEN2?web.js.malware.fake_jquery.003
that Quttera detects twice.
Fortinet's detection alert is mentioned at the VT results: https://www.virustotal.com/nl/url/23623400ff11dddb6f9b2ab71e492eeba71bc7e81f51bdf661cec1612e06cd03/analysis/1477685430/

Three times where the "same origin" rule has been violated and sri-hashes come missing - hence B-Status: https://sritest.io/#report/28c2b871-bb44-49a2-88f6-3ec362423146

Look at jQuery UI sortable for glitches.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #243 on: November 02, 2016, 01:10:52 PM »
dyslexia-athens[.]gr does not seem to be blocked by Avast now. Post printscreen if the issue persists ;)
Also, we already "solved" this with John871 via PM, I am just posting this for the sake of completeness :)

Offline c.camargo

  • Newbie
  • *
  • Posts: 4
Re: How to remove my website from your blacklist?
« Reply #244 on: November 16, 2016, 01:35:41 AM »
Hi,

We need your help, our university's page http://www.javeriana.edu.co are being blocked by Avast. We are a University, we aren´t a maliciosus site. please remove javeriana's site from your blacklist.


Thanks for your help.


Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #246 on: November 16, 2016, 10:12:36 AM »
We have indeed blocked javeriana[.]edu.co/home as it was reported as phishing, from 14.11., 21:21 to 16.11., 03:19 (both CET). It should be okay now ;)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32773
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #247 on: November 16, 2016, 01:39:40 PM »
Good that the website got unblocked now, but the website managment should take measures against phishing,
at least log for it.

Also improve the overall security structure, see the mediocre results here:
https://observatory.mozilla.org/analyze.html?host=www.javeriana.edu.co 
Guess a university could perform somewhat better in thesecrespects  ;)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline c.camargo

  • Newbie
  • *
  • Posts: 4
Re: How to remove my website from your blacklist?
« Reply #248 on: November 16, 2016, 03:24:54 PM »
Hi,

Thanks a lot for your attention and help. we are verifying and taking the correction for these threats.

Best regards,


Offline martinjon

  • Newbie
  • *
  • Posts: 1
Re: How to remove my website from your blacklist?
« Reply #249 on: November 29, 2016, 10:27:12 PM »
Our Site farmlogix.net have been blacklisted and I have done a lot of 3rd party scanning to see if I can locate an issue but nothing is coming to the fore, can we resolve this.


Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31344
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: How to remove my website from your blacklist?
« Reply #250 on: November 29, 2016, 11:18:07 PM »
I don't know what scans you have run, but my scans do show issues/problems.

Vulnarable library used :
http://retire.insecurity.today/#!/scan/7a15c56b643ad68ed1b826ea97f000b67a3e3c949ce46ee1c4e4dd9a8ad0c9f5

Blacklisted by McAfee :
http://www.siteadvisor.com/sites/farmlogix.net

Huge amount of malicious (Phishing) activity on that IP :
https://www.virustotal.com/en/ip-address/50.62.108.1/information/

Blacklistings and other problems there :
http://urlquery.net/report.php?id=1480455793043

Advise :
- Step away from shared hosting and get dedicated hosting
- Hire a real admin

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32773
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #251 on: November 29, 2016, 11:27:36 PM »
Additionally to what Eddy gives:

It is not only avast that blacklists your website.
Please check this list for unknown links on your website:

-http://www.cnbc.com/2016/02/19/farmlogix-helps-give-local-fa  -->  'watch the video. '
-http://bluesky.chicagotribune.com/originals/chi-innovation-a  -->  'read more.'
-http://www.enable-javascript.com/  -->  ' instructions how to enable j'

Check embedded iFrames: <iframe frameborder="0" height="100" src="htxps://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d2963.515400278078!2d-87.68029358459327!3d42.03212717921026!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x880fd040821375a3%3A0x4c378715350a0359!2s530+Kedzie+St%2C+Evanston%2C+IL+60202!5e0!3m2!1sen!2sus!4v1466906669023" style="border:0" width="300"></iframe>
<iframe frameborder="0" height="100" src="htxps://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d2972.18447076208!2d-87.67518998459919!3d41.84585607922484!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x880e2dbca7c328cd%3A0xa1c903462714893c!2s2404+S+Wolcott+Ave%2C+Chicago%2C+IL+60608!5e0!3m2!1sen!2sus!4v1466902658045" style="border:0" width="300"></iframe>

And there is more on that same IP: http://urlquery.net/report.php?id=1480458285564

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Kim Trien

  • Newbie
  • *
  • Posts: 1
Re: How to remove my website from your blacklist?
« Reply #252 on: November 30, 2016, 03:32:21 AM »
Hi,

We need your help, my website https://kimnguyen.info/ are being blocked by Avast.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 67440
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: How to remove my website from your blacklist?
« Reply #253 on: November 30, 2016, 07:59:25 AM »
Hi,

We need your help, my website hxxps://kimnguyen.info/ are being blocked by Avast.
You can report an URL here: https://www.avast.com/report-a-url.php
Win 8.1 [x64] - Avast PremSec 20.9.2435.Beta#3 [UI.575] - CC 5.73 - EEK - FF ESR 78.4 [NS/AOS/uBO/PB] - TB 78.4 - SB/CP/SL/DU.B
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32773
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #254 on: November 30, 2016, 10:43:38 AM »
WordPress issues: check your plug-ins for latest versions.
Warning: User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   KjmTrue   nkt
2   Curtisenep   curtisenep
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Two vuln. jQuery libraries: http://retire.insecurity.today/#!/scan/685e34288f59df2a3499a0698aac7e84c9fd8e553c717d7d9dc836d0d2b4622b

F-status: https://observatory.mozilla.org/analyze.html?host=kimnguyen.info

Probably the detection is CloudFlare IP related, but wait for a verdict from an Avast Team Member,
as we here are only volunteers with relevant knowledge and cannot unblock your domain,

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!