Author Topic: How to remove my website from your blacklist?  (Read 193547 times)

0 Members and 1 Guest are viewing this topic.

Offline Jon50

  • Newbie
  • *
  • Posts: 3
Re: How to remove my website from your blacklist?
« Reply #45 on: April 21, 2015, 02:14:11 AM »
Indeed, Avast is blocking it on multiple machines that aren't infected.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #46 on: April 21, 2015, 08:58:56 AM »
Produce the logs demanded here https://forum.avast.com/index.php?topic=53253.0
and a qualified remover may establish what is wrong on those so-called clean machines.

polonus

See attached how avast users see website home page
« Last Edit: April 21, 2015, 09:01:15 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31345
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: How to remove my website from your blacklist?
« Reply #47 on: April 21, 2015, 01:17:28 PM »
Different looks in different browsers ?

Offline michaelallenlong

  • Newbie
  • *
  • Posts: 1
Re: How to remove my website from your blacklist?
« Reply #48 on: May 05, 2015, 10:22:42 PM »
Our website, www.careerbridgeinc.com has been blocked. It is clean on Virus Total and other scanners. https://www.virustotal.com/en/url/53887789f3f8215cbb7f89dc21126f55fd331de7afa548517493c1d546c12333/analysis/.

Any idea why this is happening?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #49 on: May 05, 2015, 10:48:45 PM »
Hi michaelallenlong,

More than likely a general IP block, over 200 domains share one and the same IP address.
See here: https://www.virustotal.com/nl/ip-address/192.254.235.141/information/
IP has PHISH malcode flags ->  https://www.virustotal.com/nl/ip-address/192.254.235.141/information/
I get a 502 Bad Gateway alert on nginx/1.4.6 (Ubuntu)  should be 1.8.0
Nothing here: http://urlquery.net/report.php?id=1430858796377
You could ask an exclusion here at virus@avast.com
Unblocking should be performed by an avast team member and we here aren't.

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31345
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: How to remove my website from your blacklist?
« Reply #50 on: May 05, 2015, 11:11:21 PM »
michaelallenlong,

as clearly stated on the website, VirusTotal does not scan websites.

Blacklisted:
http://zulu.zscaler.com/submission/show/d3f2a3b7d15dc072f72a127c0a394d5d-1430859752

Blacklisted and malware detected:
http://urlquery.net/report.php?id=1430859939113
http://urlquery.net/report.php?id=1430859886593

Certificate and other issues:
https://www.ssllabs.com/ssltest/analyze.html?d=careerbridgeinc.com

And the list with problems goes on and on.

Offline Jeef33

  • Newbie
  • *
  • Posts: 1
Re: How to remove my website from your blacklist?
« Reply #51 on: May 06, 2015, 06:47:35 PM »
My website, phase4fs.com, has also been blacklisted.  We fixed the DNS issue and it's now on GoDaddy servers.  All scans have been done and passed and there was never any viral activity.  Please de-list the site and reply back to my email or here to let me know.  Thanks

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
Re: How to remove my website from your blacklist?
« Reply #52 on: May 06, 2015, 07:13:10 PM »
report it here   https://https://support.avast.com > avast virus lab


your wordpress is outdated   ;)   https://sitecheck.sucuri.net/results/phase4fs.com

IP history  https://www.virustotal.com/en/ip-address/66.96.160.142/information/
multiple domains on same IP and many are blacklisted

IP void  http://www.urlvoid.com/ip/66.96.160.142
Quote
IP ADDRESS: 66.96.160.142

We have found in our database of already analyzed websites that there are 149 websites hosted in the same web server with IP address 66.96.160.142 and IP hostname 142.160.96.66.static.eigbox.net. Remember that it is not good to have too many websites located in the same web server because if a website gets infected by malware, it can easily affect the online reputation of the IP address and also of all the other websites.


« Last Edit: May 06, 2015, 07:18:43 PM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #53 on: May 06, 2015, 07:35:13 PM »
Follow up for what Pondus advised you about CMS updates.
I found some additional issues that should be attended.

Your website is a Ghosted website.
Fail on Nameserver responding: FAIL: While quering domain's records, some of your name servers didn't responded. Name servers which didn't responded:
udp4:216.69.185.19
WARNING: We found different serial numbers on your name servers, it's OK if you had modified your zone recently.
WARNING: Domain doesn't have SPF record.  (spam vulnerable).

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Evgeniy L

  • Newbie
  • *
  • Posts: 1
Re: How to remove my website from your blacklist?
« Reply #54 on: May 08, 2015, 08:03:12 AM »
Hi!

Our site http://www.betro.ru/ was blacklisted by AVAST but i can't see why it happened. Could someone please explain it to me?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #55 on: May 08, 2015, 02:39:18 PM »
Hi Evgeniy L,

Probably a general IP block as there are over 650 domains on that same IP address,
see: https://www.virustotal.com/nl/ip-address/92.53.123.231/information/
92.53.123.231 is blacklisted by 1 websites using IP Blacklist Cloud Plugin.
Ask for an exclusion here at virus@avast.com

Just an issue to take up with hoster: WARNING: Name servers software versions are exposed:
92.53.116.200: "PowerDNS Authoritative Server 3.4.4 (jenkins@autotest.powerdns.com built 20150423104859 root@autotest.powerdns.com)"
92.53.116.26: "PowerDNS Authoritative Server 3.4.4 (jenkins@autotest.powerdns.com built 20150423104859 root@autotest.powerdns.com)"
92.53.98.100: "PowerDNS Authoritative Server 3.4.4 (jenkins@autotest.powerdns.com built 20150423104859 root@autotest.powerdns.com)"
92.53.98.42: "PowerDNS Authoritative Server 3.4.4 (jenkins@autotest.powerdns.com built 20150423104859 root@autotest.powerdns.com)"
Exposing name server's versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system.

Also check: Possible Frontend SPOF from:

fonts.googleapis.com - Whitelist
(88%) - <link href='http://fonts.googleapis.com/css?family=Open+Sans:400,800,800italic,700italic,700,600italic,600,400italic&subset=latin,cyrillic-ext' rel='stylesheet' type='text/css' />

DrWeb URL check = OK: Checking: -http://www.betro.ru
Engine version: 7.0.12.3050
Total virus-finding records: 5952542
File size: 41.50 KB
File MD5: a185472bd184310d17eb2215a0338398

-http://www.betro.ru - archive JS-HTML
>-http://www.betro.ru/JSTAG_1[566][83] - Ok
>-http://www.betro.ru/JSTAG_2[612][27d] - Ok
>-http://www.betro.ru/JSTAG_3[8b8][13e] - Ok
>-http://www.betro.ru/JSTAG_4[10a0][68] - Ok
>-http://www.betro.ru/JSTAG_5[1131][18f] - Ok
>-http://www.betro.ru/JSTAG_6[14b1][184] - Ok
>-http://www.betro.ru/JSTAG_7[a229][322] - Ok
-http://www.betro.ru - Ok 
Netcraft Risk Status All green: http://toolbar.netcraft.com/site_report?url=http://www.betro.ru

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline KPtif

  • Newbie
  • *
  • Posts: 3
Re: How to remove my website from your blacklist?
« Reply #56 on: August 24, 2015, 02:12:50 PM »
Hello,

Since Saturday, my domain (smarteagle.ch) is blacklisted by Avast. I found out that the cause was that we were using freedns.afraid.org and that some random guy created a malicious subdomain.

I no longer use the services from freedns and have installed a DNS server on my own server. Everything seems fine for me now but the domain is still blacklisted.

I already have created a ticket on the Avast's support but no reply yet.

Can somebody tell me if everything is okay with my domain now and if it can be removed from the blacklist ?

Thank you !

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
Re: How to remove my website from your blacklist?
« Reply #57 on: August 24, 2015, 03:03:51 PM »
Hello,

Since Saturday, my domain (smarteagle.ch) is blacklisted by Avast. I found out that the cause was that we were using freedns.afraid.org and that some random guy created a malicious subdomain.

I no longer use the services from freedns and have installed a DNS server on my own server. Everything seems fine for me now but the domain is still blacklisted.

I already have created a ticket on the Avast's support but no reply yet.

Can somebody tell me if everything is okay with my domain now and if it can be removed from the blacklist ?

Thank you !
what is your ticket number?


Offline KPtif

  • Newbie
  • *
  • Posts: 3
Re: How to remove my website from your blacklist?
« Reply #58 on: August 24, 2015, 03:08:34 PM »
My ticket number is : #XKU-888-98267

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
Re: How to remove my website from your blacklist?
« Reply #59 on: August 24, 2015, 03:16:46 PM »
OK i will see if i can speed up the reply ... no guaranty   ;)