Author Topic: FALSE POSITIVE Blocking completely my Website  (Read 10093 times)

0 Members and 1 Guest are viewing this topic.

Offline Michel171

  • Newbie
  • *
  • Posts: 8
Re: FALSE POSITIVE Blocking completely my Website
« Reply #15 on: April 07, 2016, 08:39:53 PM »
Indeed, it looks like the alert stopped showing up after disabling/enabling.
Thank you again!

Offline Wendell530

  • Newbie
  • *
  • Posts: 2
Re: FALSE POSITIVE Blocking completely my Website
« Reply #16 on: April 14, 2016, 08:17:12 PM »
I have the same false positive problem with Avast on my site at rplstoday.com -- I can assure you it is clean, as we constantly monitor and scan it for problems. The only reason I found out was because a few users told me that Avast was blocking them. Both Sucuri and VirusTotal show the site as safe, not infected, and not blacklisted.

https://sitecheck.sucuri.net/results/rplstoday.com

Can you please explain WHY this is happening and remove the site from your blacklist?


Offline Wendell530

  • Newbie
  • *
  • Posts: 2
Re: FALSE POSITIVE Blocking completely my Website
« Reply #18 on: April 14, 2016, 08:45:24 PM »
Wow, thank you for all that great information. We are looking into it! :-)

I do think the notifications from Avast and BitDefender are misleading though. They both claim malware.
« Last Edit: April 14, 2016, 08:47:08 PM by Wendell530 »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31335
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: FALSE POSITIVE Blocking completely my Website
« Reply #19 on: April 14, 2016, 09:03:47 PM »
avast doesn't say there is malware.
avast says that the Domain and/or IP is blacklisted.
https://forum.avast.com/index.php?topic=185110.msg1304746#msg1304746

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1130
Re: FALSE POSITIVE Blocking completely my Website
« Reply #20 on: April 14, 2016, 09:08:23 PM »
I think there was (has been?) an infection - we spotted a malicious URL: hxxp://rplstoday.com/5b80fccee94338feae2b90c3a29ea72b/q.php
That is a symptom of Blackhole exploit kit.

Offline reald

  • Newbie
  • *
  • Posts: 2
Re: FALSE POSITIVE Blocking completely my Website
« Reply #21 on: September 28, 2016, 01:03:33 AM »
I am having similar issues with the site - http://notariat-tineretului.net
The site is 100% clean, I don't know why you block it.
https://www.virustotal.com/en/url/af0f9af63badaa9041eceab55ee8eaabc8fc2d9ded7437e095f7dfd0072544f6/analysis/1475016707/
The Virustotal scan and any other scanner like Sucuri etc. shows the site is clean.
Please fix this

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31335
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: FALSE POSITIVE Blocking completely my Website
« Reply #22 on: September 28, 2016, 08:03:47 AM »
Virustotal does not scan websites.

Problems on that ASN (including blacklistings) :
http://urlquery.net/report.php?id=1475041648872

Suspicous script :
https://www.websicherheit.at/website-malware-viren-scanner/?url=notariat-tineretului.net
« Last Edit: September 28, 2016, 08:11:46 AM by Eddy »

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1130
Re: FALSE POSITIVE Blocking completely my Website
« Reply #23 on: September 28, 2016, 11:06:01 AM »
I do not have any evidence about notariat-tineretului[.]net being infected in the near past, so I am unblocking it now ;)

Offline reald

  • Newbie
  • *
  • Posts: 2
Re: FALSE POSITIVE Blocking completely my Website
« Reply #24 on: September 28, 2016, 02:03:07 PM »
I do not have any evidence about notariat-tineretului[.]net being infected in the near past, so I am unblocking it now ;)

Great, the false positive was triggered by the javascript in a file with .php extension which *might* seem suspicious, but then it should just scan the file for any malware code. There was only a javascript var containing city name in that file. Anyway, thank you for the quick fix! (even though it seems I have spotted the issue quite late, this will teach me to do more  in-depth testing with different AV applications)