Author Topic: Local Community Agency Website Blocked  (Read 1788 times)

0 Members and 1 Guest are viewing this topic.

Offline KDibble

  • Sr. Member
  • ****
  • Posts: 229
Local Community Agency Website Blocked
« on: April 29, 2021, 05:48:45 PM »
hXXps://tiogaopp.org is the website of Opportunities for Tioga, a local anti-poverty organization in upstate New York, USA. It is a legitimate organization. The website is consistently being blocked by avast with "URL:phishing" given as the threat name.

VirusTotal also reports a few other detections:  https://www.virustotal.com/gui/url/10c7a3cdedcdac0de693ff86e2d97ad102c58f0bc00ff09065405c7b5edbf1b7/detection

Although, interesting enough, neither Avast nor AVG is among those. The first time I checked VirusTotal on this, a couple days ago, it returned a result from four months ago--so this has been going on for a long time, but the issues with Avast have only emerged over the last week or so.

We have several employees who need to interact with that agency, so I would like to help the agency address this problem. Unfortunately, VirusTotal gives no information on what is objectionable about that URL, nor does Avast.

Can anyone tell me what I need to tell the Opportunities for Tioga IT people so they can fix this?

Thanks.
« Last Edit: April 29, 2021, 07:56:01 PM by KDibble »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88428
  • No support PMs thanks
Re: Local Community Agency Website Blocked
« Reply #1 on: April 29, 2021, 06:32:05 PM »
Virus Total (VT) doesn't actually do a live scan of the site, more a case of checking blacklists, rather than actually scanning the site. 

This is why there is no Avast Antivirus (or AVG, part of Avast Software) in the listing at all. In VT checks, Avast only scans files uploaded to VT not URLs.

Please 'modify' your post change the URL from https to hXXps, to break the link and avoid accidental exposure to suspect sites, thanks.

Considered a Low Security Risk on this check -https://sitecheck.sucuri.net/results/tiogaopp.org

Security issues that may need attention - https://webhint.io/scanner/55402953-5d32-4b51-9d9b-73e4abc76a3a

Outdated software that could leave the site at risk - https://awesometechstack.com/analysis/website/tiogaopp.org/

These may or may not be why Avast is alerting.

Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.10.6086 (build 23.10.8563.800) UI 1.0.784/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37326
  • Not a avast user
Re: Local Community Agency Website Blocked
« Reply #2 on: April 29, 2021, 07:52:22 PM »
Quote
VirusTotal gives no information on what is objectionable about that URL
VirusTotal is not the one blocking it, they only provide a list of who has a URL on its blacklist.
Same thing with file scan, they provide a list of what engines detect a file

See VirusTotal FAQ  https://www.virustotal.com/  and scroll all the way down




« Last Edit: April 29, 2021, 07:54:28 PM by Pondus »

Offline KDibble

  • Sr. Member
  • ****
  • Posts: 229
Re: Local Community Agency Website Blocked
« Reply #3 on: April 29, 2021, 07:57:20 PM »
Quote
VirusTotal gives no information on what is objectionable about that URL
VirusTotal is not the one blocking it, they only provide a list of who has a URL on its blacklist.
Same thing with file scan, they provide a list of what engines detect a file

See VirusTotal FAQ  https://www.virustotal.com/  and scroll all the way down

Yes I know that, but I recall that in the past, the "Details" tab would often contain a discussion of issues with the URL or file.

Offline KDibble

  • Sr. Member
  • ****
  • Posts: 229
Re: Local Community Agency Website Blocked
« Reply #4 on: April 29, 2021, 08:05:13 PM »
Considered a Low Security Risk on this check -https://sitecheck.sucuri.net/results/tiogaopp.org

[snip]

Okay.. yet another case of blocking a completely harmless website because it is not "perfect". Again, IMO, anti-malware software that is intended to protect end-users should only block websites that contain an actual threat, not just theoretical ones.

Yes, I'll see if they'll remove this a false positive.

Thanks.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37326
  • Not a avast user
Re: Local Community Agency Website Blocked
« Reply #5 on: April 29, 2021, 08:09:08 PM »
Quote
Again, IMO, anti-malware software that is intended to protect end-users should only block websites that contain an actual threat, not just theoretical ones.
If you can tell them how to get 100% correct score and zero FP you will be a very rich man

It is not humans that does this work, because of the enormous amount of data comming in it is done by machine and writing the perfect algorithm is a challeng

UrlVoid give link to vendors info
https://www.urlvoid.com/scan/tiogaopp.org/




« Last Edit: April 29, 2021, 10:26:08 PM by Pondus »

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33799
  • malware fighter
Re: Local Community Agency Website Blocked
« Reply #6 on: April 30, 2021, 11:04:30 AM »
So it must be one or more of the 490 sites that share that same Ip from/at inmotion dot hosting ->
https://www.shodan.io/host/144.208.72.197

I see no specific Word Press issues there, javascript resources, anything with linked sites etc.
Everything seems OK.
Configuration is OK, user enumeration and directory listing set on disabled.

Also see: https://sitereport.netcraft.com/?url=Tiogaopp.org

Wait for a final verdict from avast team. They are the only ones to come and unblock.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: April 30, 2021, 11:06:37 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline KDibble

  • Sr. Member
  • ****
  • Posts: 229
Re: Local Community Agency Website Blocked
« Reply #7 on: April 30, 2021, 03:41:56 PM »
Thank you Polonus.

I have notification from Avast that the site's reputation has been cleared, and I can confirm that I can get to that site this morning.

Quick work, Avast people! Thank you.