« previous next »
Pages: [1]   Go Down

Author Topic: Website marked as infected.  (Read 2021 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Website marked as infected.
« on: May 10, 2017, 04:02:20 PM »
Hello,

So we've been having issues with users of your antivirus solutions (Avast and AVG) getting blocked from our websites due to being "URL:Mal".

This is incredibly frustrating to figure out, especially since the software's logs do not explain the actual reason that the website is considered "infected" with malware.

Anyway, we have read another post about a similar issue here: https://forum.avast.com/?topic=161167.0

We have checked:

* we are not on a free dns service (ie: afraid.org)
* our CDN's IPs (Incapsula) are listed as hosting malware - we have removed the CDN and we are falling back to our own IPs which don't appear in any blacklist.

The domains remain blocked in Avast and both AVG.

The domains affected are:

* umusic.ro
* getmusic.ro

Please let us know how can we get these unblocked.
Logged

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Website marked as infected.
« Reply #1 on: May 10, 2017, 04:24:00 PM »
umusic.ro is not blocked by avast
URL:Mal means that the IP and/or Domain is blocked (can be a link to a blacklisted domain on the site).

Outdated software (update required):
https://sitecheck.sucuri.net/results/umusic.ro
youtube-embed-plus 11.4   latest release (11.7.1) Update required

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User                            Login
1   Universal Music Romania   admin
2   Malina Mindrutescu      m

Vulnerable library (needs to go) :
http://retire.insecurity.today/#!/scan/0aa3438e1e7fa2d304b91e0cd9fbea02266871685de5e86ee683a748b816f6a2
Logged

REDACTED

  • Guest
Re: Website marked as infected.
« Reply #2 on: May 10, 2017, 04:33:53 PM »
I understand the impact of the vulnerable wordpress plugin (and that is up to the agency to fix, will be fixed).

So umusic.ro is blocked because it links to getmusic.ro;

But there is absolutely no explanation as to why getmusic.ro is blocked, even after the IP change. IP which doesn't appear in any blacklist.
Logged

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Website marked as infected.
« Reply #3 on: May 10, 2017, 04:46:05 PM »
Logged

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: Website marked as infected.
« Reply #4 on: May 10, 2017, 04:52:15 PM »
I have unblocked getmusic[.]ro ;) But please keep in mind Eddy's recommendations!
Logged

REDACTED

  • Guest
Re: Website marked as infected.
« Reply #5 on: May 10, 2017, 05:04:46 PM »
Thank you.

I recommend to be more verbose towards site owners as to why it's blocked by avast/avg.
Logged
Pages: [1]   Go Up
« previous next »