Author Topic: Site blacklisted after hacked (Read 4235 times)

REDACTED · « **on:** May 29, 2017, 05:19:13 PM »

Hello!

My site was hacked and was blacklisted by avast and some other online virus scan.
I've done a lot of scan and some wordpress plugins to remove the malwares (iframes, hacked databases and files) and now it appears to be cleaned, I need the avast to rescan my website, here is the image that is appearing when someone access the domain:

Here is some online screenshots showing that the website is clean:
Quttera

Sucuri wordpress plugin

my domain: expressopb dot com
Thank you very much!

Pondus · « **Reply #1 on:** May 29, 2017, 05:35:06 PM »

seems to be clean >> https://sitecheck.sucuri.net/results/expressopb.com

But still on some blacklists
https://virustotal.com/en/url/c8ddaf364c3e7fd173511ba3f1b5c178c3023f22eabee7cf36f960e0d6936283/analysis/1496071916/

https://safeweb.norton.com/report/show?url=expressopb.com

some issues to fix >> http://retire.insecurity.today/#!/scan/404c6354859a6ad82f5af0daf82311b7404a98c30f94e5a20f3a752cccdcebb0

seems to containe a script that avast dont like
https://virustotal.com/en/file/a771e597417c6d2318cc1f24ba486657a857ec76eb50928ea57b60d421d4e7e3/analysis/1496072471/

Eddy · « **Reply #2 on:** May 29, 2017, 05:45:18 PM »

https://virustotal.com/en/ip-address/23.94.225.11/information/

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User    Login
1   None   admin
2   None   leo

Warning Directory Indexing Enabled

http://zulu.zscaler.com/submission/show/965454cab8236b694398e7538689d92f-1496072596

REDACTED · « **Reply #3 on:** May 29, 2017, 08:31:41 PM »

Quote from: Pondus on May 29, 2017, 05:35:06 PM

seems to be clean >> https://sitecheck.sucuri.net/results/expressopb.com

But still on some blacklists
https://virustotal.com/en/url/c8ddaf364c3e7fd173511ba3f1b5c178c3023f22eabee7cf36f960e0d6936283/analysis/1496071916/

https://safeweb.norton.com/report/show?url=expressopb.com

some issues to fix >> http://retire.insecurity.today/#!/scan/404c6354859a6ad82f5af0daf82311b7404a98c30f94e5a20f3a752cccdcebb0

seems to containe a script that avast dont like
https://virustotal.com/en/file/a771e597417c6d2318cc1f24ba486657a857ec76eb50928ea57b60d421d4e7e3/analysis/1496072471/

How can I see what code is this to remove?

polonus · « **Reply #4 on:** May 29, 2017, 10:24:49 PM »

Haven't you been here before and weren't you told the site was not blacklisted?
Re: https://forum.avast.com/index.php?topic=202636.0

It apparently is being blacklisted now....

polonus

REDACTED · « **Reply #5 on:** May 29, 2017, 10:44:33 PM »

Quote from: polonus on May 29, 2017, 10:24:49 PM

Haven't you been here before and weren't you told the site was not blacklisted?
Re: https://forum.avast.com/index.php?topic=202636.0

polonus

No Polonus, If you see they are different, I bought the domain expressopb.com.br because the expressopb.com is blacklisted. I'm trying to solve the problem with this website, I thought it was easily to transfer the content, but it's not.

Eddy · « **Reply #6 on:** May 29, 2017, 10:48:07 PM »

Your problem is that you have a huge amount of "bad neighbors".
Get dedicated hosting.

REDACTED · « **Reply #7 on:** May 29, 2017, 10:52:43 PM »

Quote from: Eddy on May 29, 2017, 10:48:07 PM

Your problem is that you have a huge amount of "bad neighbors".
Get dedicated hosting.

I will do it, but my domain has to be whitelisted...

Eddy · « **Reply #8 on:** May 29, 2017, 10:56:50 PM »

Move your site and check if it is still blocked.
This can be a IP band and not a domain ban.

REDACTED · « **Reply #9 on:** May 29, 2017, 11:32:18 PM »

Quote from: Eddy on May 29, 2017, 10:56:50 PM

Move your site and check if it is still blocked.
This can be a IP band and not a domain ban.

Can someone of the staff tell me if it's IP or a domain ban?

polonus · « **Reply #10 on:** May 29, 2017, 11:41:17 PM »

Hi Helvis,

Wait until maybe to-morrow (as it is going for mid-night here CMT 23:42) an avast team member appears and give you the final verdict on that website. We are just volunteers with relevant knowledge, we cannot unblock, that is for avast team members to implement. So wait to hear ,what you should do to mitigate the threat.

polonus

jefferson sant · « **Reply #11 on:** May 30, 2017, 01:05:48 AM »

Quote from: Helvis on May 29, 2017, 08:31:41 PM

How can I see what code is this to remove?

Hello Helvis

Avast detects this Strings (55356,56826,55356,56819),0,0) appear suspicious as HTML:Script-inf

https://wordpress.org/support/topic/remove-the-new-dns-prefetch-code/

Attached

HonzaZ · « **Reply #12 on:** May 30, 2017, 09:51:00 AM »

The domain was blocked because of this URL: expressopb[.]com/counter/?ad=
I am removing the URL from blacklist, hopefully you removed the malware and secured your website!

Author Topic: Site blacklisted after hacked (Read 4235 times)

REDACTED

Site blacklisted after hacked

Pondus

Re: Site blacklisted after hacked

Eddy

Re: Site blacklisted after hacked

REDACTED

Re: Site blacklisted after hacked

polonus

Re: Site blacklisted after hacked

REDACTED

Re: Site blacklisted after hacked

Eddy

Re: Site blacklisted after hacked

REDACTED

Re: Site blacklisted after hacked

Eddy

Re: Site blacklisted after hacked

REDACTED

Re: Site blacklisted after hacked

polonus

Re: Site blacklisted after hacked

jefferson sant

Re: Site blacklisted after hacked

HonzaZ

Re: Site blacklisted after hacked