Author Topic: How to remove my website from your blacklist?  (Read 193575 times)

0 Members and 3 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #345 on: April 27, 2017, 03:01:51 PM »
As Eddy has stated, there is certainly some code to be mitigated:

htxp://envialosimple.com/en/index.html
Detected libraries:
jPlayer - 2.6.0 : (active1) -http://envialosimple.com/js/jquery.jplayer.min.js
jquery - 1.10.2 : (active1) -http://envialosimple.com/js/libraries.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery.prettyPhoto - 3.1.5 : (active1) -http://envialosimple.com/js/libraries.js
Info: Severity: high
https://github.com/scaron/prettyphoto/issues/149
https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto
jquery-ui-dialog - 1.10.3 : (active1) -http://envialosimple.com/en/index.html
jquery-ui-autocomplete - 1.10.3 : (active1) -http://envialosimple.com/en/index.html
jquery-ui-tooltip - 1.10.3 : (active1) -http://envialosimple.com/en/index.html
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

DOM XSS sources and sinks galore: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fenvialosimple.com%2Fen%2Findex.html

Issue with googleadservice script SRI-hash generation lacking: https://sritest.io/#report/948ddcb3-5470-48c9-bcf7-47abc4d0d1d4

F-status and recommended change: https://observatory.mozilla.org/analyze.html?host=envialosimple.com

More insecurity on that Rosario racks: https://www.threatcrowd.org/ip.php?ip=200.58.122.63

For a final verdict or an exclusion to the general IP block, wait for a reaction from an Avast Team Member,
as we are just volunteers with relavant knowledge, but we cannot unblock.

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: April 27, 2017, 03:07:22 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #346 on: April 27, 2017, 03:18:05 PM »
I do not see any detection on envialosimple[.]com, can you post a printscreen?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #347 on: April 27, 2017, 04:07:44 PM »
Here I see vulnerability for data bind injection exploit in knockout-3.0.0.js code.
This for envialosimple.dattatec dot com, it resides in /js/79/knockout-3.0.0.js
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fenvialosimple.dattatec.com
-> Results from scanning URL: htxp://envialosimple.dattatec.com/js/79/knockout.validation.js
Number of sources found: 17
Number of sinks found: 14
Also  htxp://envialosimple.dattatec.com/js/79/jquery.numberformatter.js seems open to a javascript  injection attack.
See the instances of return eval( etc.

polonus
« Last Edit: April 27, 2017, 04:30:24 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31345
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: How to remove my website from your blacklist?
« Reply #348 on: April 29, 2017, 01:03:34 PM »
VirusTotal doesn't scan sites.
Next to that, VirusTotal does show a blacklisting for that site and a huge amount for that IP.
https://www.virustotal.com/en/url/1ae53e24426a38c1ebdce690d942e3ec6d470d3077fd99af6c097e5c1ea49258/analysis/1493463206/
https://www.virustotal.com/en/ip-address/104.31.16.3/information/

There is also the 301 (moved permantly) problem.

Likely links to blacklisted domains, browser difference :
https://www.websicherheit.at/website-malware-viren-scanner/?url=rnbxclusive.me

Blacklisted :
http://www.urlvoid.com/scan/rnbxclusive.me/

Infected :
https://sitecheck.sucuri.net/results/rnbxclusive.me

Malicious :
https://quttera.com/detailed_report/rnbxclusive.me

Blacklistings :
http://urlquery.net/report.php?id=1493461091139

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User                    Login
1   rnbx_admin           rnbx_admin
2   Rnbxclusive_admin   rnbxclusive_admin

Vulnerable libraries used :
http://retire.insecurity.today/#!/scan/c1eddaacee4bedef45475b9be01ac777da5c49de704dd2854bc3dd234f97e66a

Other problems :
http://www.domxssscanner.com/scan?url=http://rnbxclusive.me

Offline gediminas5

  • Newbie
  • *
  • Posts: 1
Re: How to remove my website from your blacklist?
« Reply #349 on: May 12, 2017, 01:12:34 PM »
Hello i need your help with arp[.]lt this site is blacklisted by avast antivirus. Is there any way to fix this problem? It doesn't contain any virus or malicious programs.
« Last Edit: May 15, 2017, 08:58:08 AM by HonzaZ »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66715
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: How to remove my website from your blacklist?
« Reply #350 on: May 12, 2017, 01:17:23 PM »
Hello i need your help with hxxp://www.arp.lt/ this site is blacklisted by avast antivirus. Is there any way to fix this problem? It doesn't contain any virus or malicious programs.
-> https://sitecheck.sucuri.net/results/www.arp.lt/
-> http://zulu.zscaler.com/submission/show/11afe3c22833d95b7530c79fe8d66f0d-1494587644

You can report a URL here: https://www.avast.com/report-a-url.php
« Last Edit: May 12, 2017, 01:21:03 PM by Asyn »
Win 8.1 [x64] - Avast PremSec 20.8.2427.B#2 [UI.560] - CC 5.71 - EEK - FF ESR 68.12 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0


Offline LukasJ

  • Avast team
  • Jr. Member
  • *
  • Posts: 79
Re: How to remove my website from your blacklist?
« Reply #352 on: May 13, 2017, 07:26:38 PM »
Hi, arp site was removed from blacklist yesterday.

Lukáš

Offline ss77892

  • Newbie
  • *
  • Posts: 5
Re: How to remove my website from your blacklist?
« Reply #353 on: May 16, 2017, 04:57:39 PM »
Hi,
Could you please check why fun4dog.ru is blacklisted? https://sitecheck.sucuri.net/results/fun4dog.ru shows no problem.
Thanks!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
« Last Edit: May 16, 2017, 05:47:44 PM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
« Last Edit: May 16, 2017, 06:11:20 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #356 on: May 16, 2017, 05:55:37 PM »
Considering -http://fun4dog.ru/wa-content/js/jquery-plugins/jquery.retina.min.js?v1.7.1

Just some error in this code
Quote
found JavaScript
     error: undefined variable jQuery
     error: undefined variable c.fn
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var c.fn = 1;
          error: line:1: ....^
There is availability in this code, but it may not be defined properly (pol) and issue with natroute?

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline karcsi1978

  • Newbie
  • *
  • Posts: 1
Re: How to remove my website from your blacklist?
« Reply #357 on: May 16, 2017, 11:05:43 PM »
Hi!

Please help for me.
My personal site [ kovacskaroly[.]hu/szakdolgozat ] is blacklisted by Avast.

I checked it the following tools:
https://www.virustotal.com/hu/url/4116de84dccf7a3203f1c94d19080ae0a9eb10b4960e10ed1e6627a2fdf3405e/analysis/1494967866/
http://zulu.zscaler.com/submission/show/53c8086da4cf249f15d0e970b945d810-1494967932
http://www.urlvoid.com/scan/kovacskaroly.hu/
https://sitecheck.sucuri.net/results/kovacskaroly.hu/szakdolgozat

I not see / not found any infections. But, I replaced all files with originals and replace database and login passwords.

Why this site appear in the black list?
Please help anyone to remove my site from the blacklist.
This site is very important for me, because I use this site for my DIPLOMA WORK!

Thank you!
« Last Edit: May 17, 2017, 10:54:28 AM by HonzaZ »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31345
  • Watching (over?) you
    • Malware removal, Biljart and other things.
« Last Edit: May 16, 2017, 11:15:25 PM by Eddy »

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #359 on: May 17, 2017, 10:53:52 AM »
Re fun4dog[.]ru - it is indeed because of DNS hijack. Change DNS hosting / use stealth (paid) account at afraid.org and get back to us for unblocking.
Re kovacskaroly[.]hu/szakdolgozat - Google (which means Chrome and Firefox) blocks it: https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url=kovacskaroly.hu/szakdolgozat