Author Topic: Site Blocked - URL:Phishing  (Read 101755 times)

0 Members and 1 Guest are viewing this topic.

Offline melody11

  • Newbie
  • *
  • Posts: 1
    • celebritiesnewss
Re: Site Blocked - URL:Phishing
« Reply #510 on: April 06, 2020, 03:43:52 AM »
Hi,
Thanks for giving opportunity to resolve my issue. When i saw my site hxtps://celebritiesnewss.com it show unsecured because i installed avast extension that shows me. Please guide me about it.
« Last Edit: April 06, 2020, 10:54:11 AM by Milos »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 64705
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.4.2409.B#4 [UI.520] - CC 5.65 - EEK - FF ESR 68.8 [NS/AOS/uBO/PB] - TB 68.8.1 - ASB/ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32441
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #512 on: April 06, 2020, 05:12:48 PM »
 Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/      enabled
/wp-content/plugins/      disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6772
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #513 on: April 11, 2020, 12:32:29 AM »
Hi,
Thanks for giving opportunity to resolve my issue. When i saw my site hxtps://celebritiesnewss.com it show unsecured because i installed avast extension that shows me. Please guide me about it.

Site has never was blocked.

Quote from: Avast
The provided URL doesn't seem to be detected by Avast. Could you please send us a screenshot of the detection message you're getting? https://support.avast.com/en-ww/article/100/

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83031
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #514 on: April 11, 2020, 01:04:59 AM »
@  jefferson sant
There are times when I wonder if such reports are more to do with site promotion (a.k.a. link spamming) ran reporting a false positive detection.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32441
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #515 on: April 11, 2020, 02:34:54 AM »
Hi DavidR,

Some of these postings that serve more or less as an intended platform for link spamming of sorts already have been banned.
Some were being reported to me through PMs.
Where avast does not detect or several others also detect and websites have spam linking and cloaking "aboard"
there certainly exists a possibility that it is the case and such postings better be removed and the link spammer banned.  :P

When there are genuine requests made to reconsider detection of an apparent FP or serious security related questions,
then that's another kettle of PHISH altogether  ;)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6772
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #516 on: April 12, 2020, 04:29:40 AM »
@  jefferson sant
There are times when I wonder if such reports are more to do with site promotion (a.k.a. link spamming) ran reporting a false positive detection.

Most were clean or certainly redirects also adwares (advertising).Some sites have unknown code or iframes were found malicious and submitted as sample to analyzed and detection was added.

A few days ago e.g JS:CardStealer-BS [Trj] 

https://www.virustotal.com/gui/file/eb4854400a1abd452a09e6952219f6d5263ba89fa3c0479ffb4e713c07b36a4d/detection
« Last Edit: April 12, 2020, 04:32:24 AM by jefferson sant »

Offline krazylove

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #517 on: April 16, 2020, 08:17:39 PM »
Hello! A work website is blocked https://sosvirtual.aldeasinfantilessos.org/. I ran scans with https://www.virustotal.com/ and https://virscan.org/ and results came back clean. Why is it blacklisted? Can someone help me with this? Got work to do! Thanks!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 64705
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.4.2409.B#4 [UI.520] - CC 5.65 - EEK - FF ESR 68.8 [NS/AOS/uBO/PB] - TB 68.8.1 - ASB/ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32441
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #519 on: April 17, 2020, 12:37:59 PM »
Outdated CMS and outdated PHP detected.
Quote
User Enumeration
  The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   None   sosvirtual2
2   None   sam-mi
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Externally links OK :    Externally Linked Host   Hosting Provider   Country   
    -cursos.aldeasinfantilessos.org   Microsoft Corporation   United-States    
    -sosvirtualelearning.aldeasinfantilessos.org   GoDaddy.com   United-States    
    -www.facebook.com   Facebook.   Ireland

Recommendations towards improvement: https://webhint.io/scanner/dc81ba0b-3078-40c7-822c-a18af3650847

Avast has found malicious code on website: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=c11zdlt9dHV8bC58bCN7fHNbbmZ8bnRbbHtzc11zLl19Zw%3D%3D~enc   (PUP-detection, slightly malicious)

See malware on IP: https://www.virustotal.com/gui/ip-address/107.180.41.170/relations
GoDaddy abuse: https://www.shodan.io/host/107.180.41.170

Wait for a final verdict from an avast team member, as they are the only ones to come and unblock.
Site now being unblocked, pay attention to retirable code:
Quote
jquery-ui-dialog   1.11.4   Found in -https://sosvirtual.aldeasinfantilessos.org/wp-includes/js/jquery/ui/dialog.min.js?ver=1.11.4
Vulnerability info:
High   CVE-2016-7103 281 XSS Vulnerability on closeText option   
jquery   1.12.4   Found in -https://sosvirtual.aldeasinfantilessos.org/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   123
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
vulnerable PHP, headers - 7.0.33

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: April 17, 2020, 03:29:04 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6772
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #520 on: April 17, 2020, 03:18:10 PM »
Hello! A work website is blocked hxxps://sosvirtual.aldeasinfantilessos.org/. I ran scans with https://www.virustotal.com/ and https://virscan.org/ and results came back clean. Why is it blacklisted? Can someone help me with this? Got work to do! Thanks!

Detection was removed in 17.04.2020 at 07:16 AM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.

Offline Mikel Media

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #521 on: April 21, 2020, 01:59:18 AM »
A client's site has been marked as Phishing when it is not as per https://sitecheck.sucuri.net/results/accountingandtaxgroup.net and Metamask's Cryptonite.

Accountingandtaxgroup.net should not be considered phishing.

Help?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 64705
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing
« Reply #522 on: April 21, 2020, 05:05:44 AM »
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Win 8.1 [x64] - Avast PremSec 20.4.2409.B#4 [UI.520] - CC 5.65 - EEK - FF ESR 68.8 [NS/AOS/uBO/PB] - TB 68.8.1 - ASB/ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32441
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #523 on: April 21, 2020, 01:17:27 PM »
Indeed here it is given the all green: https://www.virustotal.com/gui/domain/accountingandtaxgroup.net/relations
InfoSec treat level 0
B-status here: https://webcookies.org/cookies/accountingandtaxgroup.net/30328910?644234
Improvement hints: https://webhint.io/scanner/15335b57-4c50-43d4-a30c-502606c3e499
Verdict clean: https://checkphish.ai/insights/url/1587467710313/2e00691bd69e4623d03a2df402c79e1adb1b5d692ca9b86f9bd26b00751ef17a

Wait for a final verdict from an avast team member, as we are volunteers with relative knowledge,
but avast team members are the only ones to come and unblock.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Eric624

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #524 on: April 21, 2020, 03:26:24 PM »
I am having an issue with my site being blocked as well (activate-payments.com). Can you please help with this?