Avast says my page is infected - how?

[Anthony Miller]

We proved those links malicious. We showed you were the issue is. Milos showed you exactly where it is. I would laugh my sorry ass off if you tried to sue them. Frankly, right now you should be facing a 70,000 USD Fine right now.

The hidden iFrames were an issue. If you hadn't of had them, you never would've been detetced. Sure the gzip thing mighth've been a FP. But even so the iFrame was inexcusable along with the fines you currently should be standing trial for.
You'll notice now that it is gone, your site is no longer detected. If your attitude hadn't of been so shitty, this would've been solved a few days ago. Like seriously, you've really only pissed off a bunch of volunteers. YOu'll notice the only other people we see getting made is people like you that won't take the blame. I've seen users go as far as DDoS'ing websites that they own. Granted you haven't, but keep your site clean of anything suspicious, and you won't have any other issues.

Also, a shittacular host likes yours, won't help you any at all. 1000+ sites hosting malware will land your site right back in the same place but with a IP Ban. Better so switch your host or get a box for yourself. You cannot prove in a court it was AVAST!'s fault strictly when all the sites we scanned your site with said it was malicious. It won't happen. Sorry

Oh come on you're having a laugh.  Neither you nor ScanURL proved that the Malkm.com link is actually malicious - what it returns is that the site has a poor reputation.  Not the same thing! by a long way and very different to being an actively infected site.  Who made you supreme arbitor of people's reputations.  This is the very problem.  You have got it the wrong way round.  The burden of proof is on YOU not ME to prove my site is dangerous or malicious.  Some old link on the 404 page even if inserted by an ancient spambot or hacker from the dawn of time is not in its self malicious.  I do not have to prove in court that what you say about me is wrong - you are the one who has to prove that what you say about me is true.  That is why Britain in the Libel tourism destination of the world.  The burden of proof is unfairly reversed.

As to your repeated false claim that I am/was flouting loads of government regulations I ask again for the nth time what are they?
I can find nothing on the Information Commissioners Office site about fines for crap HTML code or even hosting viruses by mistake.
Why cant you answer this basic question?  It is after all a matter of upmost importance to you all as you all care about internet security so much?
All UK legislation is on the government website here
http://www.parliament.uk/business/bills-and-legislation/
so if we are in breech of legislation it shouldn't be too hard to find it.

Even the most remedial person knows the ICO do not dole out £50,000 fines on a caprice to small businesses simply over a few dodgy iframe links for several very good reasons
1) There'd be a public outcry and someone like the Daily Mail would go mental as applying such high standards would lead to the end of personal websites overnight
2) It'd destroy hundreds of small and medium sized businesses overnight crippling the UK economy
3) They'd be handing out so many fines they'd probably end up recreating the fuedal system

You must really think that people are daft.
The system you suggest exists just never could - society would be unworkable ... although I'm sure the IT industry would still tick over.

My site breaks no regulations - it is simply a large mass of crappy html spouting ill-informed half baked opinion that exists to sell only one commodity ...tickets ...which are sold by a 3rd party site.  It has no user database, no cookies, no interface ...nothing.  How can it possibly be breaking any regulations?

[Michael (alan1998)]

Okay, ScanURL was never used. It was URLQuery, Sucuri, URLVoid and more. Not ScanURL.

Let's drop the fnies for a while. How about that.

You still have:

1) A s**t-tacular host hosting nearly 1,000 websites on 1 box/IP. Some are actively hosting malware, spam etc, which puts you in the running for an IP Blacklist.

2) Have crappy HTML coding, which is messy, probably giving you a hard time find those ICO & gzip files.

3) Are a complete and total j*cka$$.

4) This line

Even the most remdial person knows the ICO do not dole out E50,000 fines on a caprice to a small business simply over dodgy iFrame links

You just admitted to having those ICO files and having a "Few" suspicious iFrames. Which, by the way, were malicious.

Just so I can be a j*cka$$ back. I hope Avast! blocks the IP.

Even using ScanURL, your antics backfired. WOT which is included in ScanURL gives this rating...

Trustworthiness:   Good
Good (65/100) [ weight: very low (1/5) (7/100) ]
Vendor Reliability:   Good
Good (65/100) [ weight: very low (1/5) (7/100) ]
Privacy:   Good
Good (65/100) [ weight: very low (1/5) (7/100) ]

Assuming a 60% is average (Which is standard where I live. No idea about England, (I think that's where you live?). YUO are barely passing mustard according to WOT. ScanURL backfired big time.

[Michael (alan1998)]

Okay, ScanURL was never used. It was URLQuery, Sucuri, URLVoid and more. Not ScanURL.

Let's drop the fnies for a while. How about that.

You still have:

1) A s**t-tacular host hosting nearly 1,000 websites on 1 box/IP. Some are actively hosting malware, spam etc, which puts you in the running for an IP Blacklist.

2) Have crappy HTML coding, which is messy, probably giving you a hard time find those ICO & gzip files.

3) Are a complete and total j*cka$$.

4) This line

Even the most remdial person knows the ICO do not dole out E50,000 fines on a caprice to a small business simply over dodgy iFrame links

You just admitted to having those ICO files and having a "Few" suspicious iFrames. Which, by the way, were malicious.

Just so I can be a j*cka$$ back. I hope Avast! blocks the IP.

Even using ScanURL, your antics backfired. WOT which is included in ScanURL gives this rating...

Trustworthiness:   Good
Good (65/100) [ weight: very low (1/5) (7/100) ]
Vendor Reliability:   Good
Good (65/100) [ weight: very low (1/5) (7/100) ]
Privacy:   Good
Good (65/100) [ weight: very low (1/5) (7/100) ]

[Edit]: Assuming a 60% is average (Which is standard where I live. No idea about England, (I think that's where you live?). YUO are barely passing mustard according to WOT. ScanURL backfired big time.

Also, tweeting about something your users will  unlikely understand is kind of saddening.

Avast internet security continue to threaten us with a £50000 fine for an error in our 404 page http://forum.avast.com/index.php?topic=148837.0 … … ...?!

BS. It was the iFrames if I am not mistaken.

[bob3160]

@ Michael,
You can't reason with an unreasonable person.
Since help isn't what Anthony Miller is seeking, allow him to figure things out for himself.  [size=78%] [/size]

[Anthony Miller]

4) This line

Even the most remdial person knows the ICO do not dole out E50,000 fines on a caprice to a small business simply over dodgy iFrame links

You just admitted to having those ICO files and having a "Few" suspicious iFrames. Which, by the way, were malicious.

Just so I can be a j*cka$$ back. I hope Avast! blocks the IP.

No you found one iframe you didn't like on the index.php page.
It links the bottom half of the page to a site malkm.com
which forwards traffic on to sendfwd.com

Neither of these sites are malicious as far as I can figure out.

The reason that I cant find and ico or gzip file on my website is simple - they were never there.

However, I think I solved the mystery.
One of the symptom of an ico favicon virus is the rewriting of the index.php page
so it may be that Avast scanned the index.php page and presumed
that the site had a favicon virus ... but it doesn't.

It may be that long ago in the distant past the server operator had a favicon virus
and this iframe link is a legacy of that infection but as it doesn't seem to have
infected any other pages I doubt very much such a virus is still active on their server.
Alternatively it could just be an old advertising link.  It is possible.
The page has been there for over 10 years so I'm not sure why anyone's bothered about it now.

As to the number of HTML errors ...some of them may be that you are scanning my code
for XHTML errors and the syntax of the languages is not the same.

Having one IP dedicated server to every website doesn't seem like the real world to me
and it doesn't sound very energy efficient either.
It's a comedy club website not the HSBC bank.

I'm still waiting for you to inform us exactly what legislation we are breaking.
You cant because we are not.  Hardly a great advert.
Neither do you ever seem to be able to back down from any position.
It is demonstrably untrue that there is or ever was a gzip file on my website
yet you are still mumbling about
"Have crappy HTML coding, which is messy, probably giving you a hard time find those ICO & gzip files."
There's only 30 pages on the entire site - it's not that complicated

"Also, tweeting about something your users will  unlikely understand is kind of saddening."

What a narrow and depressing view of the public's cognative abilities.
Perhaps you should stop treating them as ALL stupid.

[Michael (alan1998)]

I dind't call them stupid. But most people don't have the technical "Know-how" to understand this.

You said that it is unreasonable to have a site per box. I'm sure it is, but why is their 1100 sites on 1 box? It's sloppy managment on their end. It's dangerous and will lead to problems. I will say this. If for any reason any of those sites gets DDoS'ed (For whatever reason, some kid tries to test his knowldege, someone gets  pissed off with the host etc.) Not only will your site hit the ground, all of them will.