Firewall is blocking a legitimate site - FRUSTRATED!!!

[dancingbayllc]

There's a site I have used for years. Avast has started blocking the page where I log in from my work computer, even though I can still log in on my work computer. Last week I was able to turn the firewall off for an hour while I did my business and placed an order. But now, even though I've suspended the firewall for an hour, I'm still getting a message saying there's a threat and the connection has been disconnected. I've asked on the facebook page that has a lot of his customers and no one else is having trouble logging in. I contacted the site owner and he said that some firewalls are blocking his site. This is a site I trust. I have placed an order with this site and need to ask for a revision, but cannot log in. This is the home version, though I use it for my 1 person business.

If I cannot get this resolved within the next few hours, I'm ready to fire Avast and just go with the basic Windows 10 firewall protection. The problem with all that is that I'm working 15 hour days and don't have time to spare to deal with this. How do I fix this???

[DavidR]

1st off I'm an Avast User not an avast team member.
You don't mention or post an image of how it is being blocked  ?
What is the message ?

You don't mention the URL, how is anyone to investigate  ?

A fix within a few hours, is I would say very, very optimistic.

[dancingbayllc]

I don't see a way to load a link from the message I get in Chrome. If I click on insert image, I get the tag, but don't have this image stored anywhere except on my thumb drive.
The Chrome error messages is as follows:

Threat secured
We've safely aborted connection on order. vitordigitizing.net because it was infected with URL:Phishing

In FireFox, I get this message:

The connection was reset

The connection to the server was reset while the page was loading.

    The site could be temporarily unavailable or too busy. Try again in a few moments.
    If you are unable to load any pages, check your computer’s network connection.
    If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

The url is hxtps://order.vitordigitizing.net/login.html

Optimistic or not. I need to get into this site to retrieve the files I've had digitized. Avast is not letting me shut the firewall down at all now, but did last week when I placed my order. I have customers (baseball teams with upcoming games) waiting on their cap embroidery and this blocking is unacceptable. Baseball teams (at least in this state) are not allowed to play games without caps. So you can see the urgency and extreme pressure I'm under.

I've also contacted Avast customer service, but have not heard back from them.

By the way. I absolutely hat the verification. I cannot read it apparently because it takes me numerous tries to get it right. I can understand the need, but the product chosen is horrible.

[DavidR]

See attached image.

[polonus]

Could have been the vulnerabilities on the website hoster mentioned here:
https://www.shodan.io/host/138.128.178.132
PHP related:

Vulnerabilities
Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2019-9639   An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
CVE-2019-9638   An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
CVE-2019-9637   An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.
CVE-2019-9641   An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

Checked: Checking: -https://order.vitordigitizing.net/assets_ver/bootstrap/js/ekko-lightbox.min.js
File size: 14.34 KB
File MD5: ca3d0bfd729dca4e5eb86593de687e57

-https://order.vitordigitizing.net/assets_ver/bootstrap/js/ekko-lightbox.min.js - Ok

Checking: -https://order.vitordigitizing.net/assets_ver/bootstrap/js/popper.min.js
File size: 20.51 KB
File MD5: 36affe2ca6cb85233ee7362c5d8b7893

-https://order.vitordigitizing.net/assets_ver/bootstrap/js/popper.min.js - Ok

Checking: -https://order.vitordigitizing.net/cpadmin/assets/global/plugins/jquery-validation/js/jquery.validate.min.js
File size: 20.32 KB
File MD5: d7c953a9036ef06a14e5f225d1cd0ae6

-https://order.vitordigitizing.net/cpadmin/assets/global/plugins/jquery-validation/js/jquery.validate.min.js - Ok

Checking: -https://order.vitordigitizing.net/assets_ver/bootstrap/js/jquery.min.js
File size: 86.08 KB
File MD5: f832e36068ab203a3f89b1795480d0d7

-https://order.vitordigitizing.net/assets_ver/bootstrap/js/jquery.min.js - archive JS-HTML
>-https://order.vitordigitizing.net/assets_ver/bootstrap/js/jquery.min.js/JSTag_1[b765][a0eb] - Ok
>-https://order.vitordigitizing.net/assets_ver/bootstrap/js/jquery.min.js/JSTag_2[c0f2][975e] - Ok
-https://order.vitordigitizing.net/assets_ver/bootstrap/js/jquery.min.js - Ok

Checking: -https://order.vitordigitizing.net/assets_ver/bootstrap/js/bootstrap.min.js
File size: 56.71 KB
File MD5: e1d98d47689e00f8ecbc5d9f61bdb42e

-https://order.vitordigitizing.net/assets_ver/bootstrap/js/bootstrap.min.js - Ok

Checking: -https://www.googletagmanager.com/gtag/js?id=UA-5662088-74
File size: 98.84 KB
File MD5: 1e21688b79711476b3a73e03a2a0db3a

-https://www.googletagmanager.com/gtag/js?id=UA-5662088-74 - Ok

Checking: -https://order.vitordigitizing.net/cpadmin/assets/global/plugins/jquery-validation/js/additional-methods.min.js
File size: 14.62 KB
File MD5: d464758371944566c6e856628e0dd2d4

-https://order.vitordigitizing.net/cpadmin/assets/global/plugins/jquery-validation/js/additional-methods.min.js - Ok

Checking: -https://order.vitordigitizing.net/assets_ver/bootstrap/js/wow.min.js
File size: 6139 bytes
File MD5: 3ca2644d1da30f25f9391d2436e4f26b

-https://order.vitordigitizing.net/assets_ver/bootstrap/js/wow.min.js - Ok

Checking: -https://order.vitordigitizing.net/login.html
Engine version: 7.0.49.9080
Total virus-finding records: 9773466
File size: 9649 bytes
File MD5: 1ba7b789f2d912e264f22683691a3f9a

-https://order.vitordigitizing.net/login.html - archive JS-HTML
>-https://order.vitordigitizing.net/login.html/JSTAG_1[9c1][9a] - Ok
>-https://order.vitordigitizing.net/login.html/JSTAG_2[1497][322] - Ok
>-https://order.vitordigitizing.net/login.html/JSTAG_3[1b06][56c] - Ok
>h-ttps://order.vitordigitizing.net/login.html/JSTAG_4[20ba][eb] - Ok
>-https://order.vitordigitizing.net/login.html/JSTAG_5[21e7][101] - Ok
>-https://order.vitordigitizing.net/login.html/JSTAG_6[232b][12] - Ok
>-https://order.vitordigitizing.net/login.html/JSTAG_7[2382][226] - Ok
-https://order.vitordigitizing.net/login.html - Ok

Maybe it is the outgoing link to -https://www.deepit.com/
Going to: Checking: -https://544e26b6.sibforms.com/serve/MUIEAPeDgQ1kv9KBQME0Cg-UfXGnsqBDjx5eNgyAlJVYSmL0wsxXZcyQtN6h98XUqpu8SCCTQTpCH81YsqmnWPV7Qv8lXAbmT-jXTfwLTuYLUw71qcGA_O1Nm7vhly0gkgxsXH5ZPwSZHHNOlooPbuswUce2liMXTBDg3C4tw-amQphSiWC-wDCA_C590RobJXbJB99GEHUUtyeh 
(web- and e-mail marketing - form from sendinblue dot com via CloudFlare - email-decode.min.js)*
File size: 9851 bytes
File MD5: 5217243de43188786fa91fb9b6208c31

But wait for an avast team member to give a final verdict, as they are the only ones to come and unblock,
or you could take it up with the site hoster HostDime.com, Inc. at Orlando (deepitserver dot com) and also CloudFlare's *.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

[jeiwhy]

I have been having trouble accessing a government site for the past couple of weeks.  It tells me the connection to the site is not secure.  I am able to access it with no issues from any device that does not have Avast installed.  At the advice of Avast customer service I tried disabling the Firewall and the Avast Shields Control however I was still not successful.  Yesterday I finally did a system restore back to 3/8/21.  I was able to access the site.  However this morning I tried and I got the same messages "Your connection to this site is not secure" and "This site cannot be reached".  I suspect that some recent update to Avast is causing the issue but I can't figure out how to fix the problem!

I got back to Avast and told them that I tried both of their troubleshooting options:  1) disable the firewall and 2) disable the Avast shields control.  I told them neither option worked.  They responded that it is not likely then that the problem was related to Avast Premium Security.

I don't know what else to try but it's driving me crazy.