Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Consumer Products
»
Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier)
(Moderators:
hectic-mmv
,
LudekS
,
chytil2
) »
Web Shield says our website is malicious, but it's not!!!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Web Shield says our website is malicious, but it's not!!! (Read 4805 times)
0 Members and 1 Guest are viewing this topic.
kiernan7
Guest
Web Shield says our website is malicious, but it's not!!!
«
on:
April 04, 2014, 01:20:51 AM »
My Avast Web Shield says all of the sub-domains that are part of our main website are hacked.
They are not!!! I checked with Google Webmaster Tools and it tells me the entire website is fine.
we DID get hacked a while ago, but things have been okay for a while. how do we get off Avast's s**t list?
Thanks in advance!
Logged
Para-Noid
Avast Evangelist
Starting Graphoman
Posts: 6700
Trust only what you test yourself!
Re: Web Shield says our website is malicious, but it's not!!!
«
Reply #1 on:
April 04, 2014, 02:47:43 AM »
What is your website? Make it a dead link by using "htxp" or "hxxp".
What is your website IP?
Our website analysts use various scanners to determine a websites safety/security.
Logged
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.
"Look before you leap!" Use online scanners before you click on any link.
Pondus
Probably Bot
Posts: 37527
Not a avast user
Re: Web Shield says our website is malicious, but it's not!!!
«
Reply #2 on:
April 04, 2014, 07:13:59 AM »
Quote
how do we get off Avast's s**t list?
unless you tell us what URL it is..... avast dont know what URL to take of the list
Logged
Eddy
Avast Evangelist
Maybe Bot
Posts: 31079
Watching (over?) you
Re: Web Shield says our website is malicious, but it's not!!!
«
Reply #3 on:
April 04, 2014, 08:24:52 AM »
His second post here.
Again using bad language.
And he never responded to his previous post.
If he is the admin/webmaster, he should change his attitude imho.
Logged
Online scanners (URL/File/Java/others)
-
INDEPENDENT support (chat for Windows, Windows apps, and many other things), just state the problem/ask your question in the channel and have patience
NO SECURITY TOOL PROTECTS A SYSTEM AGAINST THE STUPIDITY OF A USER
Para-Noid
Avast Evangelist
Starting Graphoman
Posts: 6700
Trust only what you test yourself!
Re: Web Shield says our website is malicious, but it's not!!!
«
Reply #4 on:
April 04, 2014, 03:50:03 PM »
I made my post yesterday evening giving the OP plenty of time to respond. I did so knowing that there
are plenty of forum members able to run the many tests to check his website. Instead of getting his
issue cleared up he wanted to rant. Personally I wanted to do some website analysis for my own
curiousity.
Logged
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.
"Look before you leap!" Use online scanners before you click on any link.
kiernan7
Guest
Re: Web Shield says our website is malicious, but it's not!!!
«
Reply #5 on:
April 04, 2014, 07:05:51 PM »
Okay guys... in reading your posts I realized one important thing:
I AM A MORON (for not including the URL).
Here are a few of the sub-domains:
http://triadig.oagroups.org/
http://elpaso.oagroups.org/
http://oabronx.oagroups.org/
Thanks in advance!
Logged
AdrianH
Guest
Re: Web Shield says our website is malicious, but it's not!!!
«
Reply #6 on:
April 04, 2014, 07:14:07 PM »
There is your answer
http://sitecheck2.sucuri.net/results/triadig.oagroups.org
infected with malware.
Polonus will be along later, he is the man you need to check this for you.
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 33895
malware fighter
Re: Web Shield says our website is malicious, but it's not!!!
«
Reply #7 on:
April 04, 2014, 07:41:23 PM »
There is an issue here:
http://dnscheck.pingdom.com/?domain=triadig.oagroups.org%2F×tamp=1396631371&view=1
Potential suspicious file flagged by Quttera's: /wp-content/plugins/fckeditor-for-wordpress-plugin/ckeditor/ckeditor.js?ver=3.5.1
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [['<a id="cke_elementspath_undefined_18446744073709551615" href="javascript:void(\'_cke_real_element_ty']] of length 177590 which may point to obfuscation or shellcode. *
Threat dump: View code -
http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Felpaso.oagroups.org%2F&useragent=Fetch+useragent&accept_encoding=
Threat dump MD5: CA7EA1A52E036B0B7E65C3D630548131
File size[byte]: 268039
File type: ASCII
MD5: 0EB8C0D4FF340B1BDD7FA209D6121A05
Scan duration[sec]: 73.920000
Malicious script detected: htxp://abtt.tv/modules/mod_servises/ua.js script Malicious - cannot connect Can't fetch file pointed by your url.
->
http://sucuri.net/malware/malware-entry-mwblacklisted35
avast flags JS:Includer-ANC[Trj] on site * ->
http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Felpaso.oagroups.org%2F
Reason for infection outdated CMS, that is outdate - WordPress version: WordPress 3.5.1
Wordpress version from source: 3.5.1
Wordpress Version 3.5 based on: htxp://elpaso.oagroups.org//wp-admin/js/common.js
WordPress theme: htxp://elpaso.oagroups.org/wp-content/themes/twentyten/
WordPress version outdated: Upgrade required.
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Para-Noid
Avast Evangelist
Starting Graphoman
Posts: 6700
Trust only what you test yourself!
Re: Web Shield says our website is malicious, but it's not!!!
«
Reply #8 on:
April 04, 2014, 07:48:26 PM »
And here
http://dnscheck.pingdom.com/?domain=triadig.oagroups.org
http://zulu.zscaler.com/submission/show/7cf366d1e79cd0c00d0c2ad8ace8522c-1396632361
https://asafaweb.com/Scan?Url=triadig.oagroups.org
Your website definitely has issues.
And polonus was quicker than me...
Logged
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.
"Look before you leap!" Use online scanners before you click on any link.
!Donovan
Web Analyst
Avast Evangelist
Super Poster
Posts: 2219
Re: Web Shield says our website is malicious, but it's not!!!
«
Reply #9 on:
April 04, 2014, 10:30:06 PM »
Hello,
As Polonus states, there are remains of the hack remaining. For a similar (if not the same) issue, please see:
http://stackoverflow.com/questions/16013544/
The "abtt.tv" is supposedly malicious. Do you have any connections with them?
@Para-Noid
I recommend direct analysis over "automated scanning". Sure you can use them for guidance, but you should never fully rely on them.
@kiernan7
Sorry for the inconvenience. Just a heads up that you have the right to not post confidential e.g: website urls on public forums.
Regards,
~!Donovan
Logged
Familiarize Yourself!
|
Educate Yourself!
|
Beautify Yourself!
|
Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."
Pondus
Probably Bot
Posts: 37527
Not a avast user
Re: Web Shield says our website is malicious, but it's not!!!
«
Reply #10 on:
April 04, 2014, 11:33:03 PM »
Jotti
http://virusscan.jotti.org/en/scanresult/d00f876c12b43e7603503d57b9da6ed38761618d
http://virusscan.jotti.org/en/scanresult/64289d2784a1f51aaa842dd6dd8ed332b0f80701
http://virusscan.jotti.org/en/scanresult/6b17eec1b32947dd2375987ff742ef39b9924195
Logged
Eddy
Avast Evangelist
Maybe Bot
Posts: 31079
Watching (over?) you
Re: Web Shield says our website is malicious, but it's not!!!
«
Reply #11 on:
April 04, 2014, 11:59:48 PM »
Would not surprise me if the problem is caused by using the old wordpress version.
Logged
Online scanners (URL/File/Java/others)
-
INDEPENDENT support (chat for Windows, Windows apps, and many other things), just state the problem/ask your question in the channel and have patience
NO SECURITY TOOL PROTECTS A SYSTEM AGAINST THE STUPIDITY OF A USER
polonus
Avast Überevangelist
Probably Bot
Posts: 33895
malware fighter
Re: Web Shield says our website is malicious, but it's not!!!
«
Reply #12 on:
April 05, 2014, 12:13:38 AM »
Well Eddy, we could even be somewhat more precise and bet on this wordpress theme - themes/twentyten/ -
and it is a truly a good candidate to get us into trouble.
Read how that came backdoored, yep, by the developer I mean:
http://wordpress.org/support/topic/security-issue-with-twentyten
So with free themes we have to be extremely cautious what we are actually installing
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Consumer Products
»
Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier)
(Moderators:
hectic-mmv
,
LudekS
,
chytil2
) »
Web Shield says our website is malicious, but it's not!!!