Author Topic: Avast block's sites  (Read 4480 times)

0 Members and 1 Guest are viewing this topic.

AViorel

  • Guest
Avast block's sites
« on: October 24, 2013, 08:28:09 PM »
Hello,

I have an site http://www.in-game.ro, and since the last update avast blocks my access to it.
I checked the website for viruses and it is clean.
The problem is that it gives the error an the entire domain ( including subdomanis).

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: Avast block's sites
« Reply #1 on: October 24, 2013, 08:35:41 PM »
Suspicious Redirector detected by Quettra: http://www.quttera.com/detailed_report/www.in-game.ro (Look under scanned file analysis)

Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: Avast block's sites
« Reply #2 on: October 24, 2013, 08:38:36 PM »
Ive notified polonus an website analyst from the forum, he will look at the site for you.

Maybe there is something else.
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

AViorel

  • Guest
Re: Avast block's sites
« Reply #3 on: October 24, 2013, 09:02:27 PM »
I use an dinamic DNS form DYN DNS because i have the IP dinamic. What is wrong with that ?

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: Avast block's sites
« Reply #4 on: October 24, 2013, 09:05:41 PM »
I dont know. Please ask polonus about that.

Thats not my special field.
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: Avast block's sites
« Reply #5 on: October 24, 2013, 09:45:24 PM »
IP adress for that site (86.123.120.195) is on one blacklist here.    http://whatismyipaddress.com/blacklist-check

AViorel

  • Guest
Re: Avast block's sites
« Reply #6 on: October 24, 2013, 10:33:29 PM »
Quote from that website: "Whatismyipaddress.com does not recommend the usage of this blacklist. It has the potential to block large segments of IP addresses. If you are listed with them it is generally not a problem"

Read http://whatismyipaddress.com/blacklist/apews


and from http://www.apews.org :

Oooops 86.123.120.195 is currently listed in APEWS :-(
Entry matching your Query: E-409613
86.123.0.0/16CASE: C-1010
Dynamic IP space, generic DNS/rDNS, no PTR
Direct connections to MX not permitted, you
need to use your ISP servers or smarthostHistory:
Entry created 2010-08-28

It is a block for mail servers not http. And it is active since 2010. Why block my website now if that rule is from 3 years ago ????
« Last Edit: October 24, 2013, 10:40:30 PM by AViorel »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Avast block's sites
« Reply #7 on: October 24, 2013, 11:34:54 PM »
Excessive header information is being spread, that can be abused by attackers globally.
see: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fwww.in-game.ro%2F 
and there is a Clickjacking warning & there also is a potentially risky http method being used.

swfobject has suspicious character score 2.56 * -> http://zulu.zscaler.com/submission/show/4f325cd1dab91867a131c9df5c728af2-1382648181
Detected HTTP redirection to ^ htxp://ign.mine.nu . (Quttera's)   ^according to me a benign destination.
Going to the IP address is not being flagged by avast: http://86.123.120.195/ clicking through will deliver the avast! Web Shield alert!
http://www.in-game.ro/ is being flagged as with URL:Mal by avast! Web Shield.

tested the dynamic DNS and there are 3 issues listed below flagged by dnscolos:

See this report here and the according greylisting: http://www.dnscolos.com/dnsreport.php
Public
Failed   Parent nameservers in-game.ro   Your NS records at the parent server are:

Failed   Nameservers for domain in DNS in-game.ro   Your NS records at your nameservers are:
MX
Failed   Mailserver connection test
HELO, MAIL FROM, RCPT TO, QUIT   Connect to mailserver mail.in-game.ro   FAILED (could be greylisting)
 
* swfobject.js and general.js are potentialy suspicious and there are  that report a 33% unsecure site.
IDS severity   3   FILEMAGIC Macromedia Flash data (compressed), 0n
Quote
flashmo_template", "940", "600", "9.0.0"
See my musings in another post on the javascript hick-up there: http://forum.avast.com/index.php?topic=110497.msg871243#msg871243
and why I lean to the verdict FP based on a greylisting or blacklisting

Whenever eventually found to be a FP, report to www.avast.com/contact-form.php

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

AViorel

  • Guest
Re: Avast block's sites
« Reply #8 on: October 25, 2013, 10:37:59 AM »
I use an dinamic DNS form DYN DNS because i have the IP dinamic. What is wrong with that ?

...Detected HTTP redirection to ^ htxp://ign.mine.nu . (Quttera's)   ^according to me a benign destination....

It is an payed account to Dyn DNS : http://dyn.com/  ... What the hell is wrong with that ???  I HAVE AN DYNAMIC IP, if i have a power failure or disconnect/connect to the internet my IP is changing so othenrs can't access the host. So i used an secondary DNS from DYN DNS, if my IP changes the domain from DYN DNS auytomaticaly redirects the clients to the correct IP.

So why untill this week the website worked fine ? and now "The Avast Team" decided that my domain is bad ??? The domain was active from 3 years ago with the same webpage.

With swfobject.js and general.js i'll check them to se what is the problem ... but begining from today i will give up on Avast as security software and i will NOT RECOMMAND to others anymore.

In my oppinion if you detect something on an website first you have to announce the domain holder to check the domain.

doktornotor

  • Guest
Re: Avast block's sites
« Reply #9 on: October 25, 2013, 10:50:23 AM »
In my oppinion if you detect something on an website first you have to announce the domain holder to check the domain.

ROFL...  :D :o

P.S. If you, instead of these rants, actually used the proper channel to communicate the false positive to Avast, you'd very likely have no problem by now. http://www.avast.com/contact-form.php

And on a final note, getting a detection on a page that consists solely of flash junk accompanied by JS redirects is hardly shocking.
« Last Edit: October 25, 2013, 10:53:27 AM by doktornotor »