Author Topic: [SOLVED] Websites blocked bv Avast with the Infection: URL:Mal message  (Read 12458 times)

0 Members and 1 Guest are viewing this topic.

Offline adi4

  • Newbie
  • *
  • Posts: 3
Hi all,

I would like to add here my frustration and anger toward a job poorly done by Avast. Although the initial intention is good (protecting internet users from infections, attackes, malitious acts and other dangers), the way this is done is so non-transparent that it affects the website owners so much that I am really taking into consideration to forward this to our lawyers.

At this moment the following sites are being blocked by Avast:

vianaturalia.ro
nucidesapun.ro
sfaturilebunicii.ro
slimhouse.ro

3 of them are online stores which means we are loosing money due to the decision taken by Avast to block our domains.

Steps to understand the issue:

1. many users started to inform us that they cannot access one of our sites because Avast was telling them that the website is infected: URL:Mal
2. we are also taking protection of our users very seriously, so we started to investigate this, thinking that indeed something might be wrong with the website
3. we understood that the message appears because the domain somehow is part of a blacklist. We could find no blacklist on the internet, nor a reason how we got there
4. we scan the domain with all the tools known, some of them provided here on the forum. Nothing found.
5. we file a false positive form hoping that this is solved
6. the result, all other domains got blocked
7. we receive no information why this is happening, no feedback is being given by Avast, per mail or any other way. Some of the users on this forum complain that their sites are being blocked even after four weeks after they filed a false positive form. Funny enough, when clicking on More details (once you've got the message from Avast when trying to access the website), the users face a page saying: "Infection blocked, URL:Mal... if you want to be better protected, please pay". Other words, "we are blocking you for free, but you"ll have to pay to understand why"
8. somehow we manage to find out on our own that Avast blocks any domain that uses afraid.org as DNS. We don't know why, maybe it is indeed something bad, that was configured long time ago by the company that sold us the domain. OK, at least we have a clue, then we proceed and change the DNS to our site vianaturalia.ro. As I understand, I will have to wait and then file again a false positive form for our domains.

The whole process took enourmous time in which we, as I already said, lost enough money. As I said, I am not criticizing the main idea, but the way this is done. We are getting our sites blocked, but nobody gives us any piece of informations why, so we can take the right measures, if this is indeed needed. There is no feedback, there is no official blacklist somewhere, there is no explanation, there is no information available that might help domain owners to sort their issue in a timely manner. And this is a totally unprofessional service provided. Free or not.

After all this time we lost fighting with this, I turn to this forum hoping for a quick and somehow clear solution:

- why exactly are the domains being blocked? After all this time, we still do not know why.
- how can we undo that? The false positive form did not help us.
- when can this be solved?

As I said, we understand that the internet needs to be a safer environment and the users need protection. But definitely NOT this way, providing a huge disadvantage to domain owners through lack of communication and information. At this moment, Avast is definitely a solution I am not going to recommend. And as I could already read, I am not the only one in this position.

Still hoping for a quick resolution!

Adrian

« Last Edit: November 24, 2014, 01:35:54 PM by adi4 »

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35857
Re: Websites blocked bv Avast with the Infection: URL:Mal message
« Reply #1 on: November 23, 2014, 09:38:39 PM »
Quote
1. many users started to inform us that they cannot access one of our sites because Avast was telling them that the website is infected: URL:Mal
URL:Mal means URL or IP is blacklisted

vianaturalia.ro = IP seems to have more then one domain on that IP and some are blacklisted
https://www.virustotal.com/nb/ip-address/188.214.17.32/information/
also outdated software  http://sitecheck.sucuri.net/results/vianaturalia.ro

« Last Edit: November 23, 2014, 09:40:33 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35857
Re: Websites blocked bv Avast with the Infection: URL:Mal message
« Reply #2 on: November 23, 2014, 09:49:48 PM »
Quote
8. somehow we manage to find out on our own that Avast blocks any domain that uses afraid.org as DNS. We don't know why, maybe it is indeed something bad, that was configured long time ago by the company that sold us the domain. OK, at least we have a clue, then we proceed and change the DNS to our site vianaturalia.ro. As I understand, I will have to wait and then file again a false positive form for our domains.
see post from Milos   https://forum.avast.com/index.php?topic=148018.msg1075293#msg1075293

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline adi4

  • Newbie
  • *
  • Posts: 3
Re: Websites blocked bv Avast with the Infection: URL:Mal message
« Reply #3 on: November 23, 2014, 09:57:22 PM »
Hi Pondus,

and thank you for your quick reaction. Finally someone tells us what's happening.

Your first post:
- we'll contact the hosting company to upgrade cPanel
- man, I will die from all this incertainty: "IP seems to have more then one domain on that IP and some are blacklisted". Please, which ones are blacklisted? Why? How can we solve it?

Your second post:
- thank you for the info, this will help me just to have an idea about the issue, but we already change that and hopefully in maximum 24 hours the informations will be updated everywhere
« Last Edit: November 23, 2014, 09:59:29 PM by adi4 »

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35857
Re: Websites blocked bv Avast with the Infection: URL:Mal message
« Reply #4 on: November 23, 2014, 10:04:53 PM »
Quote
- man, I will die from all this incertainty: "IP seems to have more then one domain on that IP and some are blacklisted". Please, which ones are blacklisted? Why? How can we solve it?

they are listed here, with red numbers in front of it (on left side) click one for more info
https://www.virustotal.com/en/ip-address/188.214.17.32/information/



Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31543
  • malware fighter
Re: Websites blocked bv Avast with the Infection: URL:Mal message
« Reply #5 on: November 23, 2014, 10:25:55 PM »
See the errors here: http://www.dnsinspect.com/gabrigrafika.ro/1416777000
Resolve Domain Name   
WARN
WARNING: Could not resolve domain -gabrigrafika.ro..
Domain Name IPs are Public   
SKIP
Could not resolve -gabrigrafika.ro..
Resolve WWW   
WARN
WARNING: Could not resolve domain wXw.gabrigrafika.ro..
WWW IPs are Public   

See: https://www.virustotal.com/en/url/7ab3ee6a8dca352873a3a20eaf2953f0d3819d7124cbe816c1ad6e0f373875b9/analysis/
That is not only avast detecting domain
TrendMicro gives a malware vector there.

See detection here: http://sitecheck.sucuri.net/results/www.gabrigrafika.ro#sitecheck-details
Unable to properly scan your site. Unable to connect.
SKIP
Could not resolve wXw.gabrigrafika.ro..

See the vulnerabilities on one of the domains you report on a blocked site:
Web application details:
Application: PrestaShop
Running cPanel 11.34.0.11: www.nucidesapun.ro:2082
cPanel version 11.34.0.11 outdated: Upgrade required.
Outdated cPanel Found: cPanel 11.34.0.11
See warnings here:  http://www.dnsinspect.com/nucidesapun.ro/1416777480

Whenever you want avast consider to unblock the domains on that IP, contact http://www.avast.com/contact-form.php?

We cannot unblock as we are volunteers here, only avast team members can,

polonus (volunteer website analyst and error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline adi4

  • Newbie
  • *
  • Posts: 3
Re: Websites blocked bv Avast with the Infection: URL:Mal message
« Reply #6 on: November 23, 2014, 10:38:12 PM »
Hi polonus,

Thank you as well for the informations.

I understand and really appreciate your effort here for which you are not being payed, nor you are part of Avast. Still this path is not normal, as I mentioned in my first post.

We already talked to our hosting company to upgrade cPanel and to provide us with a dedicated IP as the websites generating the problems are not ours and we have no control over them. Also we changed the DNS to remove afraid.org from there. Once all these will be solved, I will send another false positive to Avast!

But still I am definitely not happy with how Avast handle this.

Thank you!

Adrian

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31543
  • malware fighter
Re: Websites blocked bv Avast with the Infection: URL:Mal message
« Reply #7 on: November 23, 2014, 11:15:28 PM »
Hi adi4,

You certainly have shown your good will, steering away from afraid dot org should have worked that the block would have been removed by an avast team member even with an upcoming update. I certainly hope that issue will be evened out as soon as possible for your website and the visitors thereof. You can also contact them via virus@avast.com and refer to this here thread in your request for domain exclusions.
Also reckon that you will take the issues that I reported up with those that are hosting these websites and the warning issues will be secured.
Lot of respect to you for striving towards a more secure internet.

kindest regards,

polonus (volunteer website analyst and error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2064
Re: Websites blocked bv Avast with the Infection: URL:Mal message
« Reply #8 on: November 24, 2014, 08:21:54 AM »
Hello,
vianaturalia.ro will unblocked in next stream update (in 10 minutes).
Other domains are not blocked. If you see some Avast's detection, post screenshot of it, please.

Milos

Offline adi4

  • Newbie
  • *
  • Posts: 3
Re: Websites blocked bv Avast with the Infection: URL:Mal message
« Reply #9 on: November 24, 2014, 01:35:09 PM »
Hi Milos,

I confirm that at this moment our domains are no longer blocked by Avast.

Thank you very much for your help.

Adrian