Author Topic: Site blacklist removal request  (Read 585 times)

0 Members and 2 Guests are viewing this topic.

Offline bloke

  • Newbie
  • *
  • Posts: 4
Site blacklist removal request
« on: May 19, 2019, 03:40:09 AM »
Hi Guys, I have taken over as the webmaster of wxw.hotline40.com.au and it was on a server riddled with issues. It now has a new server and completely new site and is fine but I think the domain is black listed. Keeps coming up as a phishing site, which I am sure it was a while ago. Can you please assist?

Cheers
Mark
« Last Edit: May 20, 2019, 12:57:24 PM by Milos »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60268
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Windows 8.1 [x64] - Avast Premium 19.7.2388.BC - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Site blacklist removal request
« Reply #2 on: May 19, 2019, 11:43:52 AM »
Your site kicks up a 403 error on Nginx 1.14.1 at Bluehost; take tis up with them and Google's DB.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Consider: https://urlquery.net/report/d9651faf-c1c8-494f-bb90-27b60c567f42

This flagged: https://www.virustotal.com/#/url/499648716ab24d7e5448d867d434453aea621564b6239af97eca79ff19675a05/detection
Quote
Note! The scan has detected URL(s) from your site and/or IP in Phishing DBs -
This link Flagged URL(s)? will open a utility that will list out any URL(s) from your domain that are listed in Phishing DBs and tell you if Google is currently flagging the URL. null -> The URL -http://www.hotline40.com.au/ is NOT currently flagged.

This utility has found some URL(s) from your site and/or IP in Phishing DBs -

URLs from other DB(s) listed below
URL     Is Flagged?   HTTP Status
-http://hotline40.com.au/admin/upload/3714imageForTag8286960138769913803.image.jpeg     flagged SOCIAL_ENGINEERING      403 Forbidden
-http://www.hotline40.com.au/admin/upload/3714imageForTag8286960138769913803.image.jpeg     flagged SOCIAL_ENGINEERING      403 Forbidden

For some tips on clearing a Phishing hack and getting the Google warning removed see: Remove a phishing or web forgery warning

Note: Google's flagging and review process is independent of the data contained in these DBs, sometimes you will find a URL marked NOT flagged now, will be flagged in a few hours, sometimes URL(s) get added to the DBs, so check back! You will also find once you get your site cleared by Google the URL(s) may linger in these DBs.

on IP - Forbidden
You don't have permission to access / on this server.
Server unable to read htaccess file, denying access to be safe

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Apache Server at -67-20-88-101.unifiedlayer.com Port 80

Status OK http://www.isithacked.com/check/www.hotline40.com.au

11 recommendations here: https://webhint.io/scanner/3523beae-7de9-4619-ae4b-308023ed84f0

Also to be considered: https://gtmetrix.com/reports/www.hotline40.com.au/Gux43WX9

polonus (volunteer website security analyst and website error-hunter0
« Last Edit: May 21, 2019, 04:58:59 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bloke

  • Newbie
  • *
  • Posts: 4
Re: Site blacklist removal request
« Reply #3 on: May 20, 2019, 03:47:11 AM »
HI Guys,

So I am now in the middle of an upgrade/migration that is taking ages, I will repost if the issue is still present when the sites come back up.

Offline bloke

  • Newbie
  • *
  • Posts: 4
Re: Site blacklist removal request
« Reply #4 on: May 21, 2019, 05:34:35 AM »
Migration is finished and site is back up and functional. Ready to be re assessesd for threats.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60268
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Windows 8.1 [x64] - Avast Premium 19.7.2388.BC - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523

Offline bloke

  • Newbie
  • *
  • Posts: 4
Re: Site blacklist removal request
« Reply #6 on: May 21, 2019, 10:48:04 AM »
yep it comes up clear

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Site blacklist removal request
« Reply #7 on: May 21, 2019, 03:09:57 PM »
Still get a phishing alert via an avast aos-warning,
Note! The scan has detected URL(s) from your site and/or IP in Phishing DBs -
This link Flagged URL(s)? will open a utility that will list out any URL(s) from your domain that are listed in Phishing DBs and tell you if Google is currently flagging the URL.
For some tips on clearing a Phishing hack see: https://aw-snap.info/articles/phishing.php

Also consider retirable jQuery libraries
Quote
Retire.js
bootstrap   3.3.1   Found in -https://www.hotline40.com.au/wp-content/themes/motors/assets/js/bootstrap.min.js?ver=4.2.5
Vulnerability info:
High   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331   1
Medium   20184 XSS in data-target property of scrollspy CVE-2018-14041   1
Medium   20184 XSS in collapse data-parent attribute CVE-2018-14040   1
Medium   20184 XSS in data-container property of tooltip CVE-2018-14042   1
jquery-migrate   1.2.1.min   Found in -https://www.hotline40.com.au/wp-content/themes/motors/assets/js/jquery-migrate-1.2.1.min.js?ver=4.2.5
Vulnerability info:
Medium   11290 Selector interpreted as HTML   12
jquery   1.12.4   Found in -https://www.hotline40.com.au/wp-includes/js/jquery/jquery.js?ver=1.12.4
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   1234
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   123
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

Various security issues -> https://app.upguard.com/#/https://www.hotline40.com.au
given as benign here now: https://zulu.zscaler.com/submission/08d4fa03-8382-4e90-b6f8-f2b5cbfcc85c
Re: https://securityheaders.com/?q=https%3A%2F%2Fwww.hotline40.com.au%2F&followRedirects=on
and https://gtmetrix.com/reports/www.hotline40.com.au/Gux43WX9

polonus (volunteer 3rd party cold reconnaissance website analyst & website error-hunter)
« Last Edit: May 21, 2019, 05:15:59 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6136
  • volunteer
Re: Site blacklist removal request
« Reply #8 on: May 23, 2019, 04:34:53 AM »
Detection was removed on 22.05.2019

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided URL is not detected by Avast anymore.