Author Topic: How to remove my website from your blacklist?  (Read 193503 times)

0 Members and 1 Guest are viewing this topic.

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #480 on: July 09, 2018, 09:53:15 AM »
suporte68, I have removed the following from our blacklist:

bezerraenxovais[.]conexaossl[.]com[.]br
elasticibramac[.]conexaossl[.]com[.]br
barzel[.]conexaossl[.]com[.]br
silviaarmarinho[.]conexaossl[.]com[.]br

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #481 on: July 09, 2018, 09:55:18 AM »
Seppi, wildagzug[.]ch is not blocked. Can you post a printscreen of the detection?

Offline slaw3k

  • Newbie
  • *
  • Posts: 1
Re: How to remove my website from your blacklist?
« Reply #482 on: July 09, 2018, 03:41:25 PM »
Could you help me with this one? Link has been blocked with URL:MAL.
The link is hxxp://www.reset2[.]pl/Service/R2firma/10.1/update.exe

I checked the link and it looks clean:
1. https://www.virustotal.com/en/url/0f210739e5985a219103ddb44a3ca8149cf101940888b2577d4259a18c7540fd/analysis/1531143334/
2. https://transparencyreport.google.com/safe-browsing/search?url=http:%2F%2Fwww.reset2.pl%2FService%2FR2firma%2F10.1%2Fupdate.exe

« Last Edit: July 10, 2018, 11:06:00 AM by HonzaZ »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #483 on: July 09, 2018, 09:31:47 PM »
Witam,

This detection could have been IP related, also consider detections here:
-> https://urlquery.net/report/cf987501-337c-4ca9-a7ca-cbb1d2439b56
blacklisted by Fortinet's.  Suspicious: maxruntime exceeded 10 seconds,
e.g. in wXw.reset2.pl/js/sifr/sifr.js
error in
Quote
wXw.reset2.pl/js/jquery/jquery.ifixpng2.js benign
[nothing detected] (script) wXw.reset2.pl/js/jquery/jquery.ifixpng2.js
     status: (referer=wXw.reset2.pl/)saved 5941 bytes d808ecda01a0902e000b945e4592ab638fb80662
     info: [decodingLevel=0] found JavaScript
     error: undefined variable jQuery
     error: undefined variable $.ifixpng
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var $.ifixpng = 1;
          error: line:1: ....^
More code errors, check with compiler for
Quote
line:4: SyntaxError: missing ; before statement:
and
Quote
  wXw.reset2.pl/js/main.js
     status: (referer=wXw.reset2.pl/)saved 14605 bytes da59826b829256199c1c93e0a959a2ed9e433a08
     info: [decodingLevel=0] found JavaScript
     error: undefined variable $
     error: undefined function $
     file: da59826b829256199c1c93e0a959a2ed9e433a08: 14605 bytes

Furthermore see the nine security related issues here: https://sonarwhal.com/scanner/96c01d0d-0504-4d89-8455-c3e0f03ce598

jQuery issue: -http://www.reset2.pl/
Detected libraries:
jquery - 1.3.2 : (active1) -http://www.reset2.pl/js/jquery/jquery-1.3.2.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
https://bugs.jquery.com/ticket/9521
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
(active) - the library was also found to be active by running code
1 vulnerable library detected

Wait for an avast team member to give a final verdict on detection.
W here are just volunteers with relevant knowledge, but cannot come to unblock.

Remember however avast is not the only solution that flags website for malcode,
re: https://urlquery.net/report/cf987501-337c-4ca9-a7ca-cbb1d2439b56

pozdrawiam,

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: July 09, 2018, 09:33:27 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Seppi

  • Newbie
  • *
  • Posts: 3
Re: How to remove my website from your blacklist?
« Reply #484 on: July 10, 2018, 10:52:09 AM »
Seppi, wildagzug[.]ch is not blocked. Can you post a printscreen of the detection?

Ok, thanks. We'll check again.

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #485 on: July 10, 2018, 11:07:15 AM »
slaw3k, I do not see any detection, and can download the file without any problem. Can you post a printscreen of the detection?

Offline Capitão_Caverna

  • Newbie
  • *
  • Posts: 1
Re: How to remove my website from your blacklist?
« Reply #486 on: July 11, 2018, 01:50:56 AM »
Some users on my site are receiving Avast phishing alerts on the following page: https://bj-share.info/torrents.php

I looked for any kind of threat and I did not find it, can you help me?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #487 on: July 11, 2018, 01:19:51 PM »
No alerts given here: https://urlquery.net/report/d09c409e-7090-4e46-b64f-a55309a7c298
neither here: https://sitecheck.sucuri.net/results/bj-share.info/torrents.php
Could be this returned - Google Chrome returned code 301 to -https://bj-share.info/torrents.php
& GoogleBot returned code 301 to -https://bj-share.info/torrents.php

The alert could be for
Quote
GET /1/6d5c2d0121?a=144088729&v=1071.385e752&to=M1EEZhNTCEFUUxFaVwobM0AIHQpdUlkLHUgMRA%3D%3D&rst=773&ref=htxps://bj-share.info/login.php&ap=3&fe=654&dc=515&at=HxYHEFtJG08%3D&jsonp=NREUM.setToken HTTP/1.1
Host: -bam.nr-data.net
, which has been blocked for me by uMatrix script blocker.

For security glitches see: https://sonarwhal.com/scanner/19b3cac9-b306-4132-9fe9-6421b33ddfac
like
Quote
validate-set-cookie-header: 2 errors

ERROR
'set-cookie' header to set 'phpsessid' doesn't have the 'secure' directive.
-https://bj-share.info/login.php
ERROR
'set-cookie' header to set 'phpsessid' doesn't have the 'httponly' directive.
-https://bj-share.info/login.php

&
strict-transport-security: 2 errors

ERROR
'strict-transport-security' header was not specified
-https://bj-share.info/login.php
ERROR
'strict-transport-security' header was not specified
-https://bj-share.info/favicon.ico
&

ERROR
jQuery@1.8.2 has 2 known vulnerabilities (2 medium). See https://snyk.io/vuln/npm:jquery for more information.
-https://bj-share.info/login.php

Whenever this site is really being blocked by avast's, wait for a reaction from an avast team member,
as they are the only ones that can come and unblock. We are just volunteers with relevant knowledge.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline LukasJ

  • Avast team
  • Jr. Member
  • *
  • Posts: 79
Re: How to remove my website from your blacklist?
« Reply #488 on: July 11, 2018, 01:32:25 PM »
Hi guys,
detection on bj-share[.]info will be fixed in next update

Lukas

Offline ud0g

  • Newbie
  • *
  • Posts: 2
Re: How to remove my website from your blacklist?
« Reply #489 on: July 11, 2018, 05:08:44 PM »
Dear Avast,

Our website has been flagged by Avast: hxxp://interfaith-wedding[.]org

I have checked it with virustotal.com and others but all show it as being clean.

Can you please remove it from the list?
« Last Edit: July 18, 2018, 07:11:17 AM by HonzaZ »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
Re: How to remove my website from your blacklist?
« Reply #490 on: July 11, 2018, 05:33:23 PM »
Dear Avast,

Our website has been flagged by Avast: hxxp://interfaith-wedding[.]org

I have checked it with virustotal.com and others but all show it as being clean.

Can you please remove it from the list?
Virustotal does not scan websites for infections, it check URLs against a number of blacklists

Seems to containe a javascript going to a blacklisted URL
https://sitecheck.sucuri.net/results/interfaith-wedding.org
http://labs.sucuri.net/db/malware/malware-entry-mwblk2

This blacklisted URL > freecontent.date
https://www.virustotal.com/#/url/f717dbb95288b8c900dc2143967fdaed757ec648fb097ba58fce58b9fb0d8567/detection



« Last Edit: July 18, 2018, 07:13:26 AM by HonzaZ »

Offline ud0g

  • Newbie
  • *
  • Posts: 2
Re: How to remove my website from your blacklist?
« Reply #491 on: July 11, 2018, 05:56:03 PM »
Thank you for the guidance. I found a hidden "block" in Drupal that contained the offending URL.

The new scan results show the site as clean: https://sitecheck.sucuri.net/results/interfaith-wedding.org?clear

Is this sufficient to unblock it from Avast?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
Re: How to remove my website from your blacklist?
« Reply #492 on: July 11, 2018, 06:04:55 PM »
It also seems you have a outdated Drupal

Quote
Is this sufficient to unblock it from Avast?
Maybe, i will notify @HonzaZ .... check back tomorrow for a reply


you may also use this  >>  https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

« Last Edit: July 11, 2018, 06:06:38 PM by Pondus »

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #493 on: July 18, 2018, 07:14:05 AM »
We do not seem to block interfaith-wedding[.]org, if you are having problems, please post a printscreen.

Offline Александр562

  • Newbie
  • *
  • Posts: 4
Re: How to remove my website from your blacklist?
« Reply #494 on: July 19, 2018, 09:24:37 AM »
Hi again, so after few weeks our website in blackList again hxxps://login.hma.ecvi[.]ru/
But we are clean https://www.virustotal.com/ru/url/15e8e2d46e1e9cc812374abfb1e36f5f394f6a98ef5ba1e77d2a498f6e3e749a/analysis/1531984850/
picture here: https://cloud.mail.ru/public/4pNz/SKapjfLsm