Author Topic: сайт без вирусов блокируется/ website free of viruses blocked  (Read 3625 times)

0 Members and 1 Guest are viewing this topic.

marta_mtv

  • Guest
здравствуйте! пользуюсь avast! Premier.
Мой сайт http://vsepopolochkam.ucoz.ua/ блокируется антивирусом avast (на разных компьютерах). Блокирует только раздел сайта с фотокаталогом. Возможно загружена вредоносная фотография, но скоринг на специальных сервисах ( https://www.virustotal.com/ru/#url http://app.webinspector.com/ http://www.urlvoid.com/ http://sitecheck.sucuri.net/scanner/ http://zulu.zscaler.com/) показал отсутствие вирусов на сайте.
В чем проблема? Как снять блокировку? скриншоты добавлены.

hello! I use avast! Premier. My site is blocked http://vsepopolochkam.ucoz.ua/ Antivirus avast (on different computers). Blocks only section of the site with photo catalog. Perhaps loaded malicious picture, but scoring on special services (https://www.virustotal.com/ru/ # url http://app.webinspector.com/ http://www.urlvoid.com/ http://sitecheck .sucuri.net / scanner / http://zulu.zscaler.com/) showed the absence of viruses on the site. What's the problem? How to unlock? screenshots added.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
« Last Edit: April 29, 2014, 08:08:38 PM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Site has the following issues:
Iframe check: Suspicious
/abnl/?adsdata=!3sluvgnjhah!mjhktzptbvrx05lpy2m18d1hnsbvrjbr7rdpxmqwcaqh5a5vc3ttll4;3midpyokak6tmqv^'

Malicious Injection check:
Suspicious Text before HTML

<script type='text/javascript'>function resizeframe(){var wx,wy,bx,by;var o=document.getelementbyid("ifagcico"),t,d;if (!o) return;d=o.contentdocument;if (!(t=d.getelementbyid("wrapperxagcico"))) wx=0;else wx=t.value;if (!(t=d.getelementbyid("wrapperyagcico"))) wy=0;else wy=t.value;if (!(t=d.getelementbyid("bannerxagcico"))) bx=0;else bx=t.value;if (!(t=d.getelementbyid("banneryagcico"))) by=0;else by=t.value;bx=parseint(bx)+parseint(wx);by=parseint(by)+parseint(wy);if (bx<0) o.style.width="100%";else if (bx>0) o.style.width=bx+"px";if (by<0) o.style.height="100%";else if (by>0) o.style.height=by+"px";}</script><iframe style="position:fixed;right:0px;top:0px;z-index:10000;" height="0"
width="0" onload="resizeframe();" id="ifagcico" frameborder="0" scrolling="no" src="/abnl/?adsdata=!3sluvgnjhah!mjhktzptbvrx05lpy2m18d1hnsbvrjbr7rdpxmqwcaqh5a5vc3ttll4;3midpyokak6tmqv^evi4elpufu2grwmxmhdfrxps;nwze5dg9kqgjlsghbnb^vdipv7n0mg0nfth7vc7uoo"></iframe><div><script type="text/javascript">new image().src = "htxp://counter.yadro.ru/hit;ucoznet?r"+escape(document.referrer)+((typeof(screen)=="undefined")?"":";s"+screen.width+"*"+screen.height+"*"+(screen.colordepth?screen.colordepth:screen.pixeldepth))+";u"+escape(document.url)+";"+math.random();</script></div>

Javascript check: Suspicious
().src = "htxp://counter.yadro.ru/hit;ucoznet?r"+escape(document.referrer)+((typeof(screen)=="undefined")?"":";s"+screen.width+"*"+screen.height+"*"+(screen.colordepth?screen.color...

Included scripts: Suspect - please check list for unknown includes
Suspicious Script:
   htxp://s58.ucoz.net/src/uwnd.js?2
   .ru/i)){g=1;var a=/v=([^\s\&\;]+)/;var d=a.exec(b.url);if(d&&d[1]){n="htxp://video.rutube.ru/"+d[1];l=640;f=360}}else{if(b.url.match(/dailym

404 error check: Suspicious
Suspicious 404 Page:
   .ru/e.gif?p=u404" width=0 height=0> <!--liveinternet dot counter--><script type="text/javascript">new image().src = "http://

Google browser diff: Not identical
Google: 36939 bytes       Firefox: 37352 bytes
Diff:         413 bytes
First difference:
vascript">try { var yacounter17923003 = new ya dot metrika({id:17923003});}catch(e) { }</script><noscript><div><img src="//mc dot yandex dot ru/watch/17923003" style="position:absolute; l...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
It's not blacklisted?
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Hi Michael(alan1998),

Very weird, but it is absolutely not, see here: http://www.urlvoid.com/scan/vsepopolochkam.ucoz.ua/

But these results are not very encouraging: http://sameid.net/ip/193.109.246.58/  544/545 websites with IP 193.109.246.58
and http://www.scumware.org/report/193.109.246.58  (not secured *)  * vulnerable to test.xml~ 

Detected is also an IDS for Detected a Dynamic DNS URL
-> http://dnscheck.pingdom.com/?domain=vsepopolochkam dot ucoz dot ua&timestamp=1398808373&view=1   
so Delegation issue -> Delegation not found at parent.
For main domain we get:
Name server ns1.ucoz.ru  (green)
Name server ns2.ucoz.ru  (red)
Nameserver ns2.ucoz.ru (213.174.157.200) does not respond to queries via TCP.

Site vulnerable, so is this a fp?

Damian

P.S. Site is n't blocked by avast!
« Last Edit: April 30, 2014, 01:05:11 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!