Author Topic: How to remove my website from your blacklist?  (Read 193524 times)

0 Members and 1 Guest are viewing this topic.

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #255 on: November 30, 2016, 01:38:03 PM »
I am unblocking kimnguyen[.]info now ;)

Offline Nazrard

  • Newbie
  • *
  • Posts: 2
Re: How to remove my website from your blacklist?
« Reply #256 on: December 12, 2016, 09:09:41 AM »
Hello.

Need your help with blocked by avast http://balaklava[.]com[.]ua.

Can you please help me?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66715
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.8.2427.B#2 [UI.560] - CC 5.71 - EEK - FF ESR 68.12 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #258 on: December 12, 2016, 09:17:11 AM »
Seems like an old detection, I am unblocking balaklava[.]com.ua now...
Do check why McAfee (http://www.siteadvisor.com/sites/balaklava.com.ua) thinks there is trouble though, or it might be blocked automatically again!

Offline Nazrard

  • Newbie
  • *
  • Posts: 2
Re: How to remove my website from your blacklist?
« Reply #259 on: December 12, 2016, 09:50:36 AM »
Seems like an old detection, I am unblocking balaklava[.]com.ua now...
Do check why McAfee (http://www.siteadvisor.com/sites/balaklava.com.ua) thinks there is trouble though, or it might be blocked automatically again!

Thank you for your help!

Now contacting McAfee.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31345
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: How to remove my website from your blacklist?
« Reply #260 on: December 12, 2016, 12:50:15 PM »
Not only McAfee is blacklisting the site.
http://www.urlvoid.com/scan/balaklava.com.ua/

Vulnerable libraries (cause = old software used) :
http://retire.insecurity.today/#!/scan/7f6b3fbecf8e384ebffbe36de0d58298a2fa1fc1a3ffcf180c76429ba1150dde
http://zulu.zscaler.com/submission/show/70d98370cf77f449efaea0c659939c8a-1481542346

Multiple blacklistings on that IP/ASN/Domain :
http://urlquery.net/report.php?id=1481542982863

Advise :
- As it is a commercial website, step away from shared hosting. (use dedicated hosting)
- Fix the vulnerable libraries and keep the site software up-to-date
- As personal data from the customers is required when ordering, use a secured protocol (HTTPS)
« Last Edit: December 12, 2016, 02:08:47 PM by Eddy »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #261 on: December 12, 2016, 02:03:38 PM »
Like Eddy stated, there are security issues with this site, despite of the fact it is not malicious as such.

Website could be somewhat more secure: https://observatory.mozilla.org/analyze.html?host=balaklava.com.ua

This here (same origin protection) seems OK: https://sritest.io/#report/a0093546-2ca1-468e-a17b-d0badd1711b4

Overview
Cookies not flagged as "HttpOnly" may be read by client side script and are at risk of being interpreted by a cross site scripting (XSS) attack. Whilst there are times where a cookie set by the server may be legitimately read by client script, most times the "HttpOnly" flag is missing it is due to oversight rather than by design.

Result
It looks like a cookie is being set without the "HttpOnly" flag being set (name : value):
Quote
ci_session : a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22bd48b1cf1a54d2a09adb201361b29e0f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A14%3A%2254.235.159.203%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A12%3A%22asafaweb.com%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1481547481%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D07552ff8ba2eed3c13236e652141f5d034cb83cb
Unless the cookie legitimately needs to be read by JavaScript on the client, the "HttpOnly" flag should always be set to ensure it cannot be read by the client and used in an XSS attack.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline rz350user

  • Newbie
  • *
  • Posts: 2
Re: How to remove my website from your blacklist?
« Reply #262 on: December 22, 2016, 02:29:32 AM »
Guys, I need some help, My website is blocked by your antivirus, It pops up a warning "Threat Blocked"  My url is http://www.centrixbuilders.com

https://sitecheck.sucuri.net/results/http://www.centrixbuilders.com/
http://www.siteadvisor.com/sites/http%3A//www.centrixbuilders.com/
http://www.urlvoid.com/scan/siteadvisor.com/
https://www.mywot.com/en/scorecard/centrixbuilders.com
https://www.virustotal.com/en/url/4719df026d632fb7bf71d3f3e0c7dfd7c62dcd157d8018d05cc026a5e5c8200e/analysis/
http://urlquery.net/report.php?id=1482370839206
http://zulu.zscaler.com/submission/show/fbd47074a61ea3fc7215a70f0752eb00-1482370844
http://retire.insecurity.today/#!/scan/6aefb0da89d0cadd494fe882871bc2a2606a3b69e61e8624e05a2f9686efec05

I have scanned the URL with all the recommendations that are listed in this thread and its clean, I have also checked it on blacklists and its clean.
I have tried 4 other Antivirus and no problems, I have to disable Avast to see my site.
I am getting calls from clients that they cannot view the site and they have Avast installed.

Can you help me with this.

Thanks.
« Last Edit: December 22, 2016, 02:43:51 AM by rz350user »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66715
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: How to remove my website from your blacklist?
« Reply #263 on: December 22, 2016, 06:35:05 AM »
You can report a URL here: https://www.avast.com/report-a-url.php
Win 8.1 [x64] - Avast PremSec 20.8.2427.B#2 [UI.560] - CC 5.71 - EEK - FF ESR 68.12 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0


Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #265 on: December 22, 2016, 02:18:20 PM »
I have unblocked centrixbuilders[.]com now, but please do take others' advice seriously ;)

Offline rz350user

  • Newbie
  • *
  • Posts: 2
Re: How to remove my website from your blacklist?
« Reply #266 on: December 22, 2016, 03:33:22 PM »
Thanks HonzaZ, I appreciate the help..  :)

Offline T-Fin

  • Newbie
  • *
  • Posts: 1
Re: How to remove my website from your blacklist?
« Reply #267 on: December 23, 2016, 10:23:17 AM »
 Hi, I need professional help, I´m newbie and cant understand these things. My webshop have blocked by avast and pops warning flag: "HTML: RedirME-inf".

www.elektrosavu.com

I have scan url with links in this topic, but cant find anything:

http://urlquery.net/report.php?id=1482484350334
http://www.urlvoid.com/scan/elektrosavu.com/
https://www.virustotal.com/fi/url/6ad533dcc054b87965b2c2592ea60c094513369b8431b4f75d825ea8febb786d/analysis/

Can some one says what cause this flag?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
Re: How to remove my website from your blacklist?
« Reply #268 on: December 23, 2016, 11:18:11 AM »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #269 on: December 23, 2016, 01:27:26 PM »
Not only that but there is more insecurity:

SRI Report a meagre D-Status: https://sritest.io/#report/c5d1c7fa-db3c-49c0-b6f9-00fa54705f45

Same library is vuln.: http://retire.insecurity.today/#!/scan/23204d0728b38a3728cf062d05cea0b4cf7701bf683e572a5c39ec5ba6b7d4f8

F-I-A-C-F-X-Status here: https://observatory.mozilla.org/analyze.html?host=www.elektrosavu.com

Nameserver version exposed: 185.20.137.219: "1.2.8.31" for  wXw.elektrosavu.com
The default server page there has insecure IDs tracking:
 66% of the trackers on this site could be protecting you from NSA snooping. Tell to fix it.
 All trackers
At least 3 third parties know you are on this webpage.

 -shaaaaaaaaaaaaa.com
 -Google
-185.20.137.219  -185.20.137.219

While  -elektrosavu.com is on another IP - 80.69.173.28

See insecurity here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.elektrosavu.com%2Fsuper_search.php%3Fsearch%3D

hackable especially the older revised version of the script: 'super_search.url' => 'http://url/hacks/directory/favorite_setting.xml',
....starting on line 148 of “widget.super_search.php”:

Hire someone with relevant knowledge to keep your webshop site secure, else you would "be food for the birds" in no-time.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!