Author Topic: FALSE POSITIVE: www.turchini.it  (Read 1628 times)

0 Members and 1 Guest are viewing this topic.

Offline spacetime07

  • Newbie
  • *
  • Posts: 7
FALSE POSITIVE: www.turchini.it
« on: November 26, 2022, 06:54:04 PM »
Hi, the following website "wxw.turchini.it" has been flagged as positive, but it's a false positive since the website is completely clean.
Using NOD32 or scanning local files with AVAST no one files results infected.

Please remove it from your block list.
Thanks
« Last Edit: November 28, 2022, 03:33:14 PM by Milos »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
  • Not a avast user
Re: FALSE POSITIVE: www.turchini.it
« Reply #1 on: November 26, 2022, 07:45:47 PM »
Quote
Using NOD32 or scanning local files with AVAST no one files results infected.
It is website that is infected not Your computer

https://www.virustotal.com/gui/url/87df94e5dc93ec000c9eb2d02831b9867df0a0098e784c757307238bcfd1f0e5?nocache=1

https://sitecheck.sucuri.net/results/https/www.turchini.it


Offline spacetime07

  • Newbie
  • *
  • Posts: 7
Re: FALSE POSITIVE: www.turchini.it
« Reply #2 on: November 26, 2022, 07:47:30 PM »
I know that, but the website is clear I am the developer.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
  • Not a avast user

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87267
  • No support PMs thanks
Re: FALSE POSITIVE: www.turchini.it
« Reply #4 on: November 26, 2022, 09:15:18 PM »
I know that, but the website is clear I am the developer.

There are also security issues reported here - https://en.internet.nl/site/turchini.it/1791436/
Whilst this may not be why Avast is alerting, but as the developer this is something you should address.

Also, please break active links to avoid accidental exposure to a suspect site - e.g. just turchini.it no http/www, etc.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline spacetime07

  • Newbie
  • *
  • Posts: 7
Re: FALSE POSITIVE: www.turchini.it
« Reply #5 on: November 27, 2022, 12:05:22 PM »
« Last Edit: November 27, 2022, 12:07:32 PM by spacetime07 »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87267
  • No support PMs thanks
Re: FALSE POSITIVE: www.turchini.it
« Reply #6 on: November 27, 2022, 01:52:50 PM »
Ordinarily - You should get a response in a day or two. This may be a little more given it is a weekend.

That said there is no guarantee that it would be cleared, given the above reports from other sites.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33486
  • malware fighter
Re: FALSE POSITIVE: www.turchini.it
« Reply #7 on: November 28, 2022, 01:06:56 PM »
There are two issues here.

One is that your Word Press CMS is outdated, update WordPress a.s.a.p.
Then your site is linking to -bitninja.io, a known spam site:
https://www.virustotal.com/gui/domain/bitninja.io

Second is BitNinja server security constantly comes under attack,
re: https://www.scamaider.com/is-bitninja.io-safe-legal.html

But wait for a final report from avast team, as they are the only ones to come and unblock.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline spacetime07

  • Newbie
  • *
  • Posts: 7
Re: FALSE POSITIVE: www.turchini.it
« Reply #8 on: November 28, 2022, 06:32:41 PM »
please can you send me a report about that?
I am not able to find any bitninja link into my website php/html/js pages.

Thanks

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33486
  • malware fighter
Re: FALSE POSITIVE: www.turchini.it
« Reply #9 on: November 28, 2022, 10:26:56 PM »
See: https://www.virustotal.com/gui/domain/turchini.it/detection

See: https://urlscan.io/result/8f1516ef-502f-45ec-9ab9-9967d6efee81/

Bitninja protection is on the server where your website is being hosted.

Plug-ins to be updated: wordpress-seo 11.1.1   Warning   latest release (19.10)
https://yoa.st/1uj
woocommerce 3.6.7   Warning   latest release (7.1.0)
https://woocommerce.com/

Also see the qakbot zip here: https://urlscan.io/search/#page.ptr%3Atardelli.dnshigh.com
-> https://urlscan.io/result/616a456d-af3f-4cd6-9060-f56cf09e96d9/  (that was from Oct31 last).

polonus
« Last Edit: November 28, 2022, 10:32:51 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87267
  • No support PMs thanks
Re: FALSE POSITIVE: www.turchini.it
« Reply #10 on: November 28, 2022, 11:05:31 PM »
Those who have responded are avast users and not Avast employees 

We offer advice based on multiple security checking sites, it is up to you to act on that advise.  Your site based on what we have already pointed out is using outdated software which could be ripe for exploit.  As the website developer you should act on that to protect visitors.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline spacetime07

  • Newbie
  • *
  • Posts: 7
Re: FALSE POSITIVE: www.turchini.it
« Reply #11 on: November 28, 2022, 11:44:02 PM »
I am going to update wordpress and all the other plugins, this is not a real problem since I had to restore the website to a very old version to remove all the threats.
But the point is that the website is not infected at all, so I'd like to inform AVAST community.
I am still waiting for AVAST to remove it from their black list.
« Last Edit: November 28, 2022, 11:47:27 PM by spacetime07 »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87267
  • No support PMs thanks
Re: FALSE POSITIVE: www.turchini.it
« Reply #12 on: November 29, 2022, 12:26:24 AM »
Sorry, but from what has been said there are links to external sites that could also be responsible for the alerts so it isn't just what is on your site.

For instance the very first reply, the link to virustotal's analysis, in the Links element show external link to bitninja.io, which has also been mentioned in another post, Reply #7.

There is little point i us posting information if it isn't being followed up.

Avast will only remove it if it is confirmed to be a false positive.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33486
  • malware fighter
Re: FALSE POSITIVE: www.turchini.it
« Reply #13 on: November 29, 2022, 06:24:57 AM »
Hi spacetime07,

As DavidR states you have to wait for avast team to eventually unblock your site (reconsideration).

When you perform a scan at https://hackertarget.com/wordpress-security-scan/ you can see the actual Word Press alerts for yourself. Prego. Here it was given clean: https://quttera.com/detailed_report/www.turchini.it

polonus

« Last Edit: November 29, 2022, 06:31:12 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline spacetime07

  • Newbie
  • *
  • Posts: 7
Re: FALSE POSITIVE: www.turchini.it
« Reply #14 on: November 29, 2022, 12:35:20 PM »
I don't know where to find a report about bitninja.io, I'd like to send one to my webserver because I can't do anything with bitninja since is a server feature.
Thanks
« Last Edit: November 29, 2022, 03:23:59 PM by spacetime07 »