Client's Websites have been blacklisted. How do I fix this?

[REDACTED]

Hi there. We obtained a client about a year ago and when we obtained them we have reason to believe that the ex webmaster or local competition has submitted his URLs to your blacklist or a blacklisting website that you use to determine safe websites.

With that said, two of his main domains are being blocked by your antivirus software. I've scanned both the domains with several scanners and they seem to check out as safe.

I've even deleted the contents for the domain from the public html folder and completely reinstalled word press on them. It's very frustrating and I'm wondering if anyone out there can help us out.

I've submitted several reports as false positives from within the avast UI as well as left contact details and information on this through the contact submit forms on the main site.

Can anyone help us or point us in the right direction here? I've been forced to setup an entirely new domain for the time being and this is hurting the business.

The URLs in question are:
http://countytowinglebanon.com/
http://proautolebanon.com

[Pondus]

IP (184.168.221.7) history is bad, enormus amount of domains on same IP and many are blacklisted
https://virustotal.com/nb/ip-address/184.168.221.7/information/


IP (160.153.73.137) not so bad, but also some blacklisted domains
https://virustotal.com/nb/ip-address/160.153.73.137/information/


avastis notified, check back tomorrow, there may be a reply here

[Secondmineboy]

Update Windows Server, Apache and PHP on the websites ASAP.

http://countytowinglebanon.com/:

Blacklisted by McAfee.

Headers need to be adressed: https://securityheaders.io/?q=http%3A%2F%2Fcountytowinglebanon.com%2F

http://proautolebanon.com/

USER ENUMERATION is possible.

Header issues: https://securityheaders.io/?q=https%3A%2F%2Fwww.proautolebanon.com%2F

[REDACTED]

Hi Steven. The webserver is managed by godaddy and should be up to date within their standards.

[Secondmineboy]

Hi Steven. The webserver is managed by godaddy and should be up to date within their standards.

Its definitely not up to date, install Wappalyzer and open the page yourself. it lists Apache 2.4.12 and PHP 5.4.43, the only thing thats updated if WordPress obviously.

[REDACTED]

Interesting. Thank you for bringing this to my attention. I'll have to get a hold of Godaddy support and I get them updated. Still shouldn't blacklist because of an outdated version of apache. I would think? I have several sites on my hosting that aren't blacklisted.

[Secondmineboy]

Interesting. Thank you for bringing this to my attention. I'll have to get a hold of Godaddy support and I get them updated. Still shouldn't blacklist because of an outdated version of apache. I have several sites on my hosting that aren't blacklisted.

Sometimes Avast blocks sites due to malicious IPs nearby for example.

We have to wait for an Avast staff member to take a look at this.

Sometimes you can if you have a hosting panel choose the version of PHP and the web server version that you would like to use.

[REDACTED]

Got PHP updated which is a big one. Apache however, according to Godaddy, I have to wait until they push that version native due to the fact that I have a Linux Cpanel shared hosting plan. Which I find to be somewhat absurd considering there are bypass and dos vulnerabilities for that specific version of Apache that have been released and published. Guess I will have to look into dedicated so I can push updates myself as they become available.

Also I checked the domains for McAfee blacklisting and I couldn't find them located. What are you using to determine these are blacklisted via McAfee?

[Secondmineboy]

It still lists 5.4 as version, but whatever.

For hosting maybe OVH SAS may be a good hoster, or you could take a look at Microsoft Azure maybe, not the cheapest but
pretty secure, Microsoft is working hard on it.

Google Cloud Platform is commercial-use only, but the most secure Cloud Platform you can get right now and also one of the fastest.

There are also good hosts in germany: HostEurope, Hetzner Online, STRATO and some more maybe.

Oh and when you get a dedicated host, implement a CDN (My recommendation is Incapsula), an SSL Certificate, and maybe use Nginx, IIS or best on Linux i guess LiteSpeed as web server (Theres a free and a paid one)

[REDACTED]

Thank you, I'll look into switching up hosting plans when I have time. I will most likely stay with godaddy but setup a dedicated linux box that I can push changes on and update accordingly.

As far as the PHP version is concerned, It probably takes some time to take effect. I had to select the version from within CPanel manually.

[Secondmineboy]

http://www.siteadvisor.com/sites/countytowinglebanon.com

[Secondmineboy]

Thank you, I'll look into switching up hosting plans when I have time.

As far as the PHP version is concerned, It probably takes some time to take effect. I had to select the version from within CPanel manually.

Newest Version is PHP 7.0.6 according to the official website

[REDACTED]

Interesting. I don't have that option via Cpanel. I'll have to look into that.
You would think that places like godaddy would offer the latest versions for security reasons.
It's kind of crazy that I have to get a dedicated box just to update these things.

[Secondmineboy]

It still lists 5.4 as version, but whatever.

For hosting maybe OVH SAS may be a good hoster, or you could take a look at Microsoft Azure maybe, not the cheapest but
pretty secure, Microsoft is working hard on it.

Google Cloud Platform is commercial-use only, but the most secure Cloud Platform you can get right now and also one of the fastest.

There are also good hosts in germany: HostEurope, Hetzner Online, STRATO and some more maybe.

Oh and when you get a dedicated host, implement a CDN (My recommendation is Incapsula), an SSL Certificate, and maybe use Nginx, IIS or best on Linux i guess LiteSpeed as web server (Theres a free and a paid one)

A VPS may be enough for some websites, depends on the OS and the software you will use, Apache needs more CPU and RAM than IIS for example.

Its a shame that many dont care about security at all, its just stupid, but even the free host of my WordPress Blog and a forum i run together which islinked in the sig provides PHP 7 as option.........

[REDACTED]

It's kind of ridiculous that we pay them quite a bit of money for hosting, I have like level 3 or 4 or something on their hosting plan. You would think they would take care of their shared hosting customers and allow the most up to date versions of things.

Having a significantly outdated version of PHP and Apache running is absurd in my opinion. I guess they don't care much for security. Which is probably why my clients IPs are getting blacklisted. Too many people on these IP ranges doing malicious stuff and Godaddy isn't maintaining it properly.

I will be switching to a dedicated box as soon as I get a chance and updating them to latest versions of both Apache and PHP.