Author Topic: Site Blocked - URL:Phishing  (Read 122200 times)

0 Members and 1 Guest are viewing this topic.

Offline rocksteady

  • Advanced Poster
  • **
  • Posts: 932
Re: Site Blocked - URL:Phishing
« Reply #585 on: September 23, 2020, 09:57:12 AM »
Report a false positive. (You should not fail to miss this post by Pondus in big Red font):
https://forum.avast.com/index.php?topic=218384.msg1561206#msg1561206


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #586 on: September 23, 2020, 05:40:14 PM »
Three issues on your Word Press CMS - outdaated plug-in software:
   widget-options 3.6.1   Warning   latest release (3.7.4)
https://widget-options.com/
wp-author-date-and-meta-remover 1.0.4   Warning   latest release (1.0.5)
http://wpadmrproplus.com

Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

Path Tested   Status
/wp-content/uploads/      enabled
/wp-content/plugins/      disabled
Directory indexing is tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Here no alerts: https://sitecheck.sucuri.net/results/manhealth.com.pk  but mentioned insecurity: TLS & protection issues.

Wait for a final verdict from an avast team member, as they are the only ones to come and unblock.

We here are volunteers with relative knowledge,

polonus (volunteer 3rd party cold recon  website security and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline nover

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #587 on: October 02, 2020, 08:51:46 AM »
Hello Sir Polonus

Our site a clickfunnel page is being tagged as phishing site. Please remove us on the blacklist or if there's any proof of legitimacy you need we can provide too. Its just our clients are experiencing blockage during a visit to our site.

h[ttp]s://register.thedoersway[.]net/mem-exclusive-membership-access

Please help.

I have already submit our site at the report form.

Thanks

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #588 on: October 02, 2020, 12:53:48 PM »
There is a detection there, avast holds is genuine. But then you have to take that up with an avast team member,
as they are the only ones to come and unblock. It is their detection and this here is part of their forums.

They just offer us a platform and we here are just volunteers with relative website security intelligence knowledge.

Seems the detection has to do with some CloudFlares anti-bot code obfuscation.

Take it up with your clickfunnel representative, and let them address this issue with someone from avast team,
responsible for blocking the sites involved that apparently are PHISHing in such a manner,
and make use of clickfunnel services.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline porenga

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #589 on: November 07, 2020, 04:34:32 PM »
Hola.
Tengo el mismo problema que se señala repetidamente por los compañeros.
La web es https://hea.eus/
¿Podríais mirar si está en la lista y el motivo?
Mil gracias

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 67918
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing
« Reply #590 on: November 08, 2020, 07:28:14 AM »
Win 8.1 [x64] - Avast PremSec 20.10.2440.Beta#3 [UI.580] - CC 5.74 - EEK - FF ESR 78.5 [NS/AOS/uBO/PB] - TB 78.5 - SB/CP/SL/DU.B
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #591 on: November 08, 2020, 01:06:45 PM »
Hola porenga,

Word Press version outdated. Outdated plug-in:    gdpr-cookie-compliance 4.3.8   Warning   latest release (4.3.9)
https://wordpress.org/plugins/gdpr-cookie-compliance/

User Enumeration
The first two user ID's were tested to determine if user enumeration is possible.

Username   Name
ID: 1   pepe   
ID: 2   not found   
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

Path Tested   Status
/wp-content/uploads/      enabled
/wp-content/plugins/      disabled
Directory indexing is tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

There is one more engine that detects this site: https://www.virustotal.com/gui/url/b50451881dcd95beb4abca15d55d71db1538ee23a281f052962ea7e26a47f462/detection
That were the results of 1 month ago, it now seems given as clean:
https://www.virustotal.com/gui/url/b50451881dcd95beb4abca15d55d71db1538ee23a281f052962ea7e26a47f462/detection
Nor here: https://www.virustotal.com/gui/ip-address/5.145.174.10/relations

Detection probably based on older blacklisting reports by McAfee's and here: https://threatminer.org/host.php?q=5.145.174.10

Wait for an official verdict by an avast team member, as they are the only ones to come and unblock,
as we here are just volunteers with relative website security expertise.

Some 463 recommendations for improvement on website, see:
https://webhint.io/scanner/5e6b6723-ec49-4303-ab65-8c6fbee76e1b

Con Dios,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: November 08, 2020, 02:10:03 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline porenga

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #592 on: November 09, 2020, 11:44:25 AM »
Mil gracias, Polonus
La información es extremadamente interesante y comleta
Me pongo a estudiarla con calma.
También he pedido a Avast que revise la clasificación
Saludos

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #593 on: November 09, 2020, 01:34:18 PM »
Hola porenga,

You are welcome, muy bien. 

Did you report the site to avast's team? Good to know their final verdict,
as they are the only ones to come and unblock.

Saludos,

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Ecco Perú

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #594 on: November 09, 2020, 08:54:07 PM »
Hi, my name is Andres of Ecco Perú, my website is blocked ecco.pe, please i need help, thanks

my website have more of 3 years. (si hubiera atención en español, lo agradecería)
« Last Edit: November 09, 2020, 08:56:41 PM by Ecco Perú »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #595 on: November 10, 2020, 06:30:09 AM »
Hola  Ecco Perú,

Your website CMS is outdated and even worse left, there won't be upgrades to Magento 1.
Magento 1 is end of life!
Read this report: https://www.magereport.com/scan/?s=https://ecco.pe/ *

Your website runs a high risk of being compromised.
Follow instructions from magereport * (for spanish use google translate -> english to spanish).

Con Dios,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline fumachi1

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #596 on: November 17, 2020, 03:52:21 PM »
Dear,

www.audazodontologia.com.br

Avast is showing Phishing in my website.
We already done every check and eliminate all risks.

Please, could you verify and remove this advise fro Avast? 

Thank you in advance!
Regards

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 67918
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.10.2440.Beta#3 [UI.580] - CC 5.74 - EEK - FF ESR 78.5 [NS/AOS/uBO/PB] - TB 78.5 - SB/CP/SL/DU.B
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline fumachi1

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #598 on: November 17, 2020, 07:46:20 PM »
Tks for you reply.
In details we can see that is not my site is a link that wa removed today from

www.fohatlux.com.br (who developed my site)

We already removed this link.

I do not know what to do anymore.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!