Author Topic: How to remove my website from your blacklist?  (Read 193490 times)

0 Members and 1 Guest are viewing this topic.

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #60 on: August 24, 2015, 03:40:26 PM »
Hi,
I am unblocking your domain now ;-)

Offline KPtif

  • Newbie
  • *
  • Posts: 3
Re: How to remove my website from your blacklist?
« Reply #61 on: August 24, 2015, 03:50:42 PM »
Okay ! Thank you for unblocking it and thanks Pondus for your help !

Offline ScottAtCatalyst

  • Newbie
  • *
  • Posts: 1
Re: How to remove my website from your blacklist?
« Reply #62 on: August 24, 2015, 06:30:48 PM »
Hi.  Our client's website is being blocked by Avast antivirus.  The domain is http://rsjcpa.com/

We have scanned and verified that there is nothing malicious on the domain.  We have scanned every known blacklist and everything comes up clean.  Sucuri, VirusTotal, etc.

How do we request a scan, confirmation and removal from the Avast blocked list?

Thank you in advance for any assistance?

-Scott

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #63 on: August 25, 2015, 12:17:55 AM »
Site -rsjcpa.com is blocked by Avast as with URL:Mal.
could be obfuscated packer code.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: How to remove my website from your blacklist?
« Reply #64 on: August 25, 2015, 09:51:42 PM »
My website, phase4fs.com, has also been blacklisted.  We fixed the DNS issue and it's now on GoDaddy servers.  All scans have been done and passed and there was never any viral activity.  Please de-list the site and reply back to my email or here to let me know.  Thanks




Hello

Sorry by inconvenience

https://phase4fs.com no is longer blocked fixed by Avast.

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: How to remove my website from your blacklist?
« Reply #65 on: August 26, 2015, 09:54:15 PM »
Hi.  Our client's website is being blocked by Avast antivirus.  The domain is http://rsjcpa.com/

We have scanned and verified that there is nothing malicious on the domain.  We have scanned every known blacklist and everything comes up clean.  Sucuri, VirusTotal, etc.

How do we request a scan, confirmation and removal from the Avast blocked list?

Thank you in advance for any assistance?

-Scott

Hello

it was FP (false positive).

Quote from: Rojan Piya
It should be fixed in the new virus definition update VPS

« Last Edit: August 26, 2015, 09:56:57 PM by jefferson sant »

Offline Guilherme65

  • Newbie
  • *
  • Posts: 2
Re: How to remove my website from your blacklist?
« Reply #66 on: September 02, 2015, 11:34:49 PM »
Hello, can you remove my site from blacklist? :/  www.abinpet.org.br/
http://www.urlvoid.com/scan/abinpet.org.br/
Is a institutional site.

Thanks a lot.



Olá, vocês poderiam remover meu site da blacklist? :/ www.abinpet.org.br/
http://www.urlvoid.com/scan/abinpet.org.br/
É um site institucional.

Muito obrigado.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
« Last Edit: September 02, 2015, 11:59:10 PM by Pondus »

Offline Guilherme65

  • Newbie
  • *
  • Posts: 2
Re: How to remove my website from your blacklist?
« Reply #68 on: September 03, 2015, 09:07:37 AM »
I removed the iframe!
Thanks for help ! :)

http://killmalware.com/abinpet.org.br/site#

Can you remove-me from the blacklist now?

Thanks!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
Re: How to remove my website from your blacklist?
« Reply #69 on: September 03, 2015, 09:28:41 AM »
I removed the iframe!
Thanks for help ! :)

http://killmalware.com/abinpet.org.br/site#

Can you remove-me from the blacklist now?

Thanks!
report it here  https://support.avast.com/ -> avast virus lab


Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #70 on: September 03, 2015, 09:40:01 AM »
Hi,
The URL abinpet.org.br was never on our blacklist.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
Re: How to remove my website from your blacklist?
« Reply #71 on: September 03, 2015, 09:44:01 AM »
i guess that means avast only detected the iFrame and when that is removed detection should be gone

https://www.virustotal.com/en/file/fd1f20fdb19d00f27dcec4aa48652ba5b0c2307f5552a4ca73c851715ef66b44/analysis/1441231069/

Sucuri   https://sitecheck.sucuri.net/






« Last Edit: September 03, 2015, 09:52:33 AM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #72 on: September 03, 2015, 10:04:11 AM »
Can be normally visited, AOS does not flag.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline david765

  • Newbie
  • *
  • Posts: 3
Re: How to remove my website from your blacklist?
« Reply #73 on: September 10, 2015, 06:06:49 PM »
Can you tell me why my site is blocked? It comes up clean in every scan I have run.

http://www.eanescomfort.com

Thanks.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #74 on: September 10, 2015, 06:51:59 PM »
Probably a general IP block. Re: https://www.virustotal.com/nl/ip-address/65.75.137.200/information/
There are however jQuery vulnerability issues on that site: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.eanescomfort.com
Sucuri and Quttera gives site as clean.
WP issues: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

wp-live-chat-support   latest release (5.0.5)
http://www.wp-livechat.com
wp-google-maps   latest release (6.3.00)
http://www.wpgmaps.com
revslider   
js_composer   
go_pricing   
icegram   latest release (1.9.6)
http://www.icegram.com/
recent-tweets-widget   latest release (1.6.4)
http://wordpress.org/extend/plugins/recent-tweets-widget/
Ultimate_VC_Addons   
table-generator   latest release (1.2)
http://wpgurus.net/
srizon-youtube-album-pro   
contact-form-7   latest release (4.2.2)
http://contactform7.com/
constant-contact   latest release (10.3)
http://www.gopiplus.com/work/2010/07/18/constant-contact/

Theme: The theme has been found by examining the path /wp-content/themes/ *theme name* /

 The7.2 1.0.1http://dream-theme.com/

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

User ID 1 : admin
User ID 2 : John Eanes
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled

Linked iFrames
Compromised sites will often contain embedded iframes that can also deliver malicious code to visitors of the web site. Check any discovered iframes and ensure they are legitimate.

http://www.youtube.com/embed/eAquQaiPs3E?feature=oembed

You could try to configure as to my recommendations so to no longer get the warnings. Ask Avast to exclude you from their general blocking.
We cannot unblock as we are only volunteers with relevant knowledge, but no Avast team members, they are the only ones to unblock.

Also consider somne DNS issues found up here: http://www.dnsinspect.com/eanescomfort.com/1441902253
WARNING: MX records duplicates (same IP address):
64.233.162.27: [alt1.aspmx.l.google.com. aspmx2.googlemail.com.]
Although technically valid, duplicate MX records have no benefits and can cause confusion.
WARNING: Found mail servers with inconsistent reverse DNS entries. You should fix them if you are using those servers to send email.
Server   IP   PTR (Reverse)   IPs
aspmx.l.google.com.   64.233.167.27   ?   ?

See: http://sitevet.com/db/asn/AS36444
IP commonName=*.asoshared.com  OpenSSH 5.3 (protocol 2.0) Exim smtpd 4.85 draenor.asoshared.com
http/1.1
|_  x-mod-spdy/0.9.4.3-146826
Service Info: Host: draenor.asoshared.com Redwood.City
-http://cse.google.com/cse?cx=partner-pub-7151396906610147:7uzfly-ti4n&q

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!