Author Topic: why is avast blocking my site, and no replies to requests to unblock?  (Read 6659 times)

0 Members and 1 Guest are viewing this topic.

joyninja

  • Guest
Avast has been blocking one of my sites, acornhost.com, for months, and they don't seem to respond to any requests for more info as to why, or to requests to unblock it. Now they are blocking other sites that happen to be on the same server, like emmamccreary.com. Can anyone give me any insight as to why they are blocking it, since they won't reply? I have not found any other scanner or virus program that finds anything wrong with the server or these sites. It is very frustrating.

AdrianH

  • Guest
Re: why is avast blocking my site, and no replies to requests to unblock?
« Reply #1 on: March 02, 2014, 08:52:34 AM »
That is your problem, the server is hosting malware sites.

https://www.virustotal.com/en/url/cd013c3aad209266f7c021b7fb63dcf1e938af59c30c4663c2fb7c4689dc1ed3/analysis/1393746534/

emmamccreary.com is blacklisted as a malicious site.


You can report your site as a false positive via the avast pop-up seen when your site is blocked. You would be better hosting on your own VPS / server to avoid these problems.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: why is avast blocking my site, and no replies to requests to unblock?
« Reply #2 on: March 02, 2014, 04:19:58 PM »
This is a general IP block, because of malware launched from other domain sharing that same IP. You should take that up with Liquid Web, Inc. to not longer tolerate this or clean up their act - they were attacked via /cgi-sys/defaultwebpage.cgi - Detected BlackHole v2.0 exploit kit URL patterns...
  ;) evidence of malware-> http://urlquery.net/report.php?id=9740989
You have issues with your CMS: Web application version:
WordPress version: WordPress 3.8.1
Wordpress version from source: 3.8.1
Wordpress Version 3.8 based on: htxp://emmamccreary.com/wp-includes/js/autosave.js
WordPress theme: htxp://emmamccreary.com/wp-content/themes/justme/
Wordpress internal path: /home/emmamcc/public_html/wp-content/themes/justme/index.php
This on your site is flagged as malicious: htxp://www.taoofprosperity.com/contact/ -> http://zulu.zscaler.com/submission/show/74f44882d8f96b1fc017a668b44c80da-1393772611  (80/100% malicious)
also flagged as malicious by Bitdefender's TrafficLight extension!

Last seen 2 month ago the IP was considered a threat IP - threat AlienVault danger level 3
There is also a live and active threat on that four quads site: http://support.clean-mx.de/clean-mx/viruses?id=14321213 -> 
HTML/Framer, which avast will detects as JS:Decode-AMQ [Trj]

avast! webshield also blocks various external links from your site: htxp://www.taoofprosperity.com/contact/  & htxp://www.acornhost.com 
htxp://www.healerworks.com  & htxp://www.cheekyboots.com/ as URL:Mal

polonus
« Last Edit: March 02, 2014, 04:21:32 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

joyninja

  • Guest
Re: why is avast blocking my site, and no replies to requests to unblock?
« Reply #3 on: March 02, 2014, 09:10:31 PM »
This is my own server, and these are all my sites.

I still do not understand what the *actual problem* is. Just because it says there is malware doesn't mean there actually *is*. My problem is that none of these reports point to actual files.

How exactly is my contact page at taoofprosperity.com/contact/ malicious?

I can't find any of these reports that actually show a real file that is actually malicious. That is what is so frustrating. How am I supposed to fix it if the reports don't actually say anything useful? I've had my sysadmin scan the entire server for malware. We're running maldet, etc. There are no malicious files so what exactly is the problem?

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: why is avast blocking my site, and no replies to requests to unblock?
« Reply #4 on: March 03, 2014, 12:44:43 AM »
For some problems to dive into: http://dnscheck.pingdom.com/?domain=www.taoofprosperity.com&timestamp=1393803463&view=1

and here: http://dnscheck.pingdom.com/?domain=acornhost.com&timestamp=1393803577&view=1

But here I see this site is no longer being blocked: http://67.227.163.176/  but is for http:// acornhost.com
which is a little weird. Could this  have to do with the resolution of that domain?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


joyninja

  • Guest
Re: why is avast blocking my site, and no replies to requests to unblock?
« Reply #6 on: March 03, 2014, 01:56:29 AM »
Hi,
What do DNS problems have to do with malware?

And the second report just says it is "reported as malicious", not why...so that isn't really proof of anything. I need to actually know what the problem *is* in order to fix it.

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2270
Re: why is avast blocking my site, and no replies to requests to unblock?
« Reply #7 on: March 03, 2014, 09:53:10 AM »
Avast has been blocking one of my sites, acornhost.com, for months, and they don't seem to respond to any requests for more info as to why, or to requests to unblock it. Now they are blocking other sites that happen to be on the same server, like emmamccreary.com. Can anyone give me any insight as to why they are blocking it, since they won't reply? I have not found any other scanner or virus program that finds anything wrong with the server or these sites. It is very frustrating.
Hello,
there was
"acornhost.com/06099ece43caa7d9934030ffdeb976d4/compiled-wolf.php"
"emmamccreary.com/b09cdeea179566965eddd108c34f0614/dressed-neon.php" -- this was unblocked recently.

Can you confirm that it was cleaned?

Which way did you use for "requests for more info"?

Milos

joyninja

  • Guest
Re: why is avast blocking my site, and no replies to requests to unblock?
« Reply #8 on: March 03, 2014, 05:08:42 PM »
Our server is has been scanned, cleaned, upgraded, etc.

I have submitted "false positive" reports via the http://www.avast.com/contact-form.php contact form, probably about half a dozen in the past 6 months. No reply.

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2270
Re: why is avast blocking my site, and no replies to requests to unblock?
« Reply #9 on: March 04, 2014, 10:10:18 AM »
Hello,
thanks for the info, maybe we only received report of false positive on "emmamccreary.com", because I see it already unblocked.
I will unblock the "acornhost.com" -- it will be unblocked in next stream update.

Milos

joyninja

  • Guest
Re: why is avast blocking my site, and no replies to requests to unblock?
« Reply #10 on: March 19, 2014, 02:05:11 AM »
thank you so much!