Author Topic: Site Blocked - URL:Phishing  (Read 84579 times)

0 Members and 2 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32173
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #480 on: December 31, 2019, 12:54:39 PM »
3 engines still detect PHISHING: https://www.virustotal.com/gui/url/b6c4df602f6e5c7738684e433ed1638b91e9878426f95fde5d01a22a75b35f8a/detection

CMS issues to be set to disabled!
User Enumeration
  The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   braindevs   braindevs
2   Ondoh   finance
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

 Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/      enabled
/wp-content/plugins/      disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

3 to detect your domain: https://www.virustotal.com/gui/ip-address/181.215.53.109/relations

Recommendations for improving website and website security:
https://webhint.io/scanner/06263b18-a616-471a-b724-e31a6be61128

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6567
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #481 on: January 02, 2020, 11:21:21 PM »
Hello ,
We have a problem with our site wxw.o-sge.com, it does not appear on computers that have avast installed, and it shows us a phishing problem.
Apparently our site is save on your blacklist.
Thank you for unlocking us

Our website: wxw.o-sge.com

Detection was cleared in 02.01.2020 at 07:39 AM

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6567
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #482 on: January 02, 2020, 11:23:31 PM »
Hello, can our company's site be unblocked or deleted from the blacklist? Our company website is hxxps://braindevs.com, currently there is no phishing link found on our site, here is the proof https://sitecheck.sucuri.net/results/braindevs.com

Please respond, as soon as possible, thank you

Detection was removed in 02.01.2020 at 07:00 AM

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.

Offline luca-dl

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #483 on: January 04, 2020, 06:28:30 PM »
Hello, also my website https://light4.it/  seems blocked by Avast Web Shield ...
Threat: URL: Phishing
Please, anyone knows which improvement I can do for getting visible back again?
Many thanks

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82569
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #484 on: January 04, 2020, 07:13:41 PM »
Hello, also my website hxxps://light4.it/  seems blocked by Avast Web Shield ...
Threat: URL: Phishing
Please, anyone knows which improvement I can do for getting visible back again?
Many thanks

As has been mentioned many times in this topic:
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

Many sites used for analysis are given in this very large topic, which can give you an idea of the problem, which may or may not resolve the problem.  Only submitting the report directly to avast will have them at least check it again.

https://sitecheck.sucuri.net/results/light4.it
« Last Edit: January 04, 2020, 07:15:48 PM by DavidR »
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4257.552) UI-1.0.440/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32173
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #485 on: January 04, 2020, 11:15:12 PM »
See the potential problems in the scan here:
https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=bFtnaHQ0Llt0~enc

No major setting problems in Word Press  CMS, just links inside noscript tags can be problematic because they are hidden from most users. You want to make sure they are all legitimate links, no spam.

Wait for a final verdict from avast team members, they are the only ones to come and unblock,
or block when the detection is genuine,

polonus (3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline luca-dl

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #486 on: January 05, 2020, 05:07:46 PM »
Thank You DavidR and ginkuie barzo polonus!

(actually noscript tags are generated from the wordpress main theme ... I'll check how to fix it)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32173
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #487 on: January 05, 2020, 05:54:28 PM »
@luca-dl

Prego! Non c'è di che.  ;)

polonus

P.S. Also take it up with Bitdefender's, as they still block your site through Bitdefender's TrafficLight extension.
« Last Edit: January 05, 2020, 05:59:15 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82569
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #488 on: January 05, 2020, 06:04:23 PM »
Thank You DavidR and ginkuie barzo polonus!

(actually noscript tags are generated from the wordpress main theme ... I'll check how to fix it)

You're welcome, hopefully you will find your resolution.
I haven't used NoScript in a very long time, from it wasn't compatible with a new Firefox version add-on scripting code.  I didn't pull it back in when it became compatible. 

I now use uBlock Origin in conjunction with uMatrix and I get an avast web shield alert if I visit the link you gave.  So I'm not sure it has anything to do with NoScript.

If you haven't followed through with the false positive link I would do so https://www.avast.com/false-positive-file-form.php
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4257.552) UI-1.0.440/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline Kristian41

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #489 on: January 23, 2020, 03:58:27 PM »
Hi guys, wondering if you could help me out my website http://www.klrrail.co.uk/ will not load due to a problem of phishing how do i fix this?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82569
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #490 on: January 23, 2020, 04:46:39 PM »
Hi guys, wondering if you could help me out my website http://www.klrrail.co.uk/ will not load due to a problem of phishing how do i fix this?

Use this to report directly:
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4257.552) UI-1.0.440/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 62935
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing
« Reply #491 on: January 24, 2020, 04:58:45 AM »
Windows 8.1 [x64] - Avast PremSec 20.1.2397.BC [UI.460] - CC 5.63 - EEK - Firefox ESR 68.5 [NS/AOS/uBO/PB] - TB 68.5 - ASB/ASL.B
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32173
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #492 on: January 24, 2020, 06:11:34 AM »
Site has not been flagged here: Reputation Check
PASSED
Google Safe Browse:OK
Spamhaus Check:OK
Abuse CC:OK
Dshield Blocklist:OK
Cisco Talos Blacklist:OK

WordPress CMS version outdated: Version does not appear to be latest.

Update plug-ins: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

responsive-lightbox 2.2.2   latest release (2.2.2)
http://www.dfactory.eu/plugins/responsive-lightbox/
woocommerce 3.8.1   latest release (3.9.0)
https://woocommerce.com/
mailchimp-for-woocommerce   latest release (2.3.1)
https://mailchimp.com/connect-your-store/
contact-form-7 5.1.6   latest release (5.1.6)
https://contactform7.com/
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

Wrong configuration setting:
Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/      enabled
/wp-content/plugins/      disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

See other detections from domains on the IP you are on: https://www.virustotal.com/gui/ip-address/69.16.237.104/relations

You were originally blocked for a PHISHING attempt for -https://klrrail.co.uk/01/share.zip by Norton's.
Do not see that there any longer: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=a2x9fXxbbC5eXS51aw%3D%3D~enc

Wait for a final verdict from an avast team member as they are the only ones to come and unblock.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6567
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #493 on: January 25, 2020, 02:00:41 AM »
Hi guys, wondering if you could help me out my website hxxp://www.klrrail.co.uk/ will not load due to a problem of phishing how do i fix this?

Detection was removed in 24.01.2020 at 04:52 AM

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.