Author Topic: Avast blocking my home server, why? (RESOLVED)  (Read 15694 times)

0 Members and 1 Guest are viewing this topic.

Offline Orochium

  • Newbie
  • *
  • Posts: 16
Avast blocking my home server, why? (RESOLVED)
« on: March 26, 2009, 07:40:55 PM »
Howdy folks!  I need some help, and I'm darned confused as to whats happening.  I set up a home server, on a local intranet, so that I could do web-development, and run a cheap blog from my home.  The server is an IBM eServer x232 running the latest release of CentOS (Redhat based) Linux.

During the course of setting up HTTPd and Wordpress, I could access the site from any browser! 

However, while setting up the rest of the server (ftp, vnc, etc) suddenly AVAST! started blocking my server when accessing it from the world wide web (IE, actually using the address http://Http://catgirls.dontexist.org, vs. using the internal static IP http://192.168.1.100), the error I receive is

"Network Shield: blocked access to malicious site catgirls.dontexist.org"

The logfile for network shield only says this --> "26.03.2009  12:36:55  Network Shield: blocked access to malicious site catgirls.dontexist.org/ [ C:\Program Files\Internet Explorer\iexplore.exe (5404)"

Why has avast suddenly started blocking my personal server, and how do I fix it? I'm 100% sure theres nothing malicious running on it!

Any help would be greatly appreciated!  :-\
« Last Edit: March 26, 2009, 11:43:43 PM by Orochium »

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Avast blocking my home server, why?
« Reply #1 on: March 26, 2009, 07:47:22 PM »
Well, you're 100% sure that there's nothing wrong with it, but Avast says otherwise.

I can't view the site to find what's wrong, so the only thing that I can tell you to do, is to upload the source code of your site so that one of us can analyze what's wrong with it for you.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline Orochium

  • Newbie
  • *
  • Posts: 16
Re: Avast blocking my home server, why?
« Reply #2 on: March 26, 2009, 07:55:02 PM »
Well. That'd be moot. The installation is as follows:

Installed CentOS
Enabled CentOS's built in HTTPd
Installed Wordpress

Thats it, there's no custom code at all, and no custom tweaks or anything special done to the HTTP server.

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Avast blocking my home server, why?
« Reply #3 on: March 26, 2009, 08:03:44 PM »
Ok, but don't you have posts on your site?  Do you not think that someone could have injected your mysql server with some sort of malicious code?

The default home page is throwing some malicious stuff.  There IS something on your server that shouldn't be.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline Orochium

  • Newbie
  • *
  • Posts: 16
Re: Avast blocking my home server, why?
« Reply #4 on: March 26, 2009, 08:12:10 PM »

Thats the thing, there's NOT.

File name:   http://catgirls.dontexist.org/wp-admin
Malware name: HTML:Script-inf
Malware type: Virus/Worm
VPS Version: 090325-0, 03/25/2009

This has gotta be a false positive, its done it from the minute that Wordpress was installed, BEFORE the SQL databases were even created, so they could NOT have injected anything into a database that didn't exist.

This is a relateively new version of Wordpress, and SQL.  I can delete the SQL database, recreate it, etc, I still get this wash of false positives.

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Avast blocking my home server, why?
« Reply #5 on: March 26, 2009, 08:14:57 PM »
Hey man, I'm not trying to say that you're wrong, I'm just trying to help, ok?

I have my own home server, with wordpress on it (I've used every version for the past 5 updates at least) and avast hasn't said anything about mine yet.

Again, if you could post the source code, I could look at it and find out what script is setting avast off, and we can try to help you remedy it...
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline Orochium

  • Newbie
  • *
  • Posts: 16
Re: Avast blocking my home server, why?
« Reply #6 on: March 26, 2009, 08:18:18 PM »
Hmm, hxxp://www.trafficsecrets.tv/john-reese-traffic-secrets/tag/html-script/ seems to have the same complaint, upgraded wordpress and started receiving the same warning.

Offline Orochium

  • Newbie
  • *
  • Posts: 16
Re: Avast blocking my home server, why?
« Reply #7 on: March 26, 2009, 08:19:23 PM »
Hey man, I'm not trying to say that you're wrong, I'm just trying to help, ok?

I have my own home server, with wordpress on it (I've used every version for the past 5 updates at least) and avast hasn't said anything about mine yet.

Again, if you could post the source code, I could look at it and find out what script is setting avast off, and we can try to help you remedy it...

What chunk of script are you looking for, I can pull/post whatever once I get home from work tonight.

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Avast blocking my home server, why?
« Reply #8 on: March 26, 2009, 08:24:37 PM »
I guess it could be a particular plugin or theme that you both use.

Well, there are problems with the main page, so open up the main page, right-click somewhere in the browser (the directions will vary depending on the browser) and click view source.  copy all of that code, and paste it in a post on here.  Then we'll be able to see what the problem is.

For some reason, I can't open your page. I don't know if my avast is blocking it, or if DNS isn't up to date or what.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Avast blocking my home server, why?
« Reply #9 on: March 26, 2009, 08:27:30 PM »
Also, on the avast warning page, you can click the link towards the bottom of that message to "report false positive."
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline Orochium

  • Newbie
  • *
  • Posts: 16
Re: Avast blocking my home server, why?
« Reply #10 on: March 26, 2009, 08:47:48 PM »
I already filed a false positive, but I'm still looking into potential causes.


Here is index.php

Code: [Select]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"  />
<title>Catgirls Don&#8217;t Exist - </title>
<meta name="generator" content="WordPress 2.7.1" />
<meta name="robots" content="follow, all" />
<link rel="stylesheet" href="http://catgirls.dontexist.org/wp-content/themes/pixeled/style.css" type="text/css" media="screen" />
<link rel="alternate" type="application/rss+xml" title="Catgirls Don&#8217;t Exist RSS Feed" href="http://catgirls.dontexist.org/?feed=rss2" />
<link rel="pingback" href="http://catgirls.dontexist.org/xmlrpc.php" />
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://catgirls.dontexist.org/xmlrpc.php?rsd" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://catgirls.dontexist.org/wp-includes/wlwmanifest.xml" />
<meta name="generator" content="WordPress 2.7.1" />


<!-- this product is released under General Public License. Please see the attached file for details. You can also find details about the license at http://www.opensource.org/licenses/gpl-license.php -->


<script type="text/javascript"><!--//--><![CDATA[//><!--
sfHover = function() {
if (!document.getElementsByTagName) return false;
var sfEls = document.getElementById("nav").getElementsByTagName("li");

for (var i=0; i<sfEls.length; i++) {
sfEls[i].onmouseover=function() {
this.className+=" sfhover";
}
sfEls[i].onmouseout=function() {
this.className=this.className.replace(new RegExp(" sfhover\\b"), "");
}
}

}
if (window.attachEvent) window.attachEvent("onload", sfHover);
//--><!]]></script>


<!--[if lt IE 8]>
<link href="http://catgirls.dontexist.org/wp-content/themes/pixeled/ie.css" rel="stylesheet" type="text/css" />
<![endif]-->

<!--[if lt IE 7]>
<link href="http://catgirls.dontexist.org/wp-content/themes/pixeled/ie6.css" rel="stylesheet" type="text/css" />
<script src="http://ie7-js.googlecode.com/svn/version/2.0(beta3)/IE7.js" type="text/javascript"></script>
<![endif]-->



</head>

<body>
<div id="wrapper">

<div id="header">

<div id="logo">
<h1><a href="http://catgirls.dontexist.org">Catgirls Don&#8217;t Exist</a></h1>
<span></span>
</div>


<div id="topright">
<ul>
  <li class="page_item page-item-2"><a href="http://catgirls.dontexist.org/?page_id=2" title="About">About</a></li>
  <li><a href="#searchform">search</a></li>
  <li><a href="#main">skip to content &darr;</a></li>
</ul>
</div>

</div> <!-- Closes header -->



<div id="catnav">
<div id="toprss"><a href="feed:http://catgirls.dontexist.org/?feed=rss2"><img src="http://catgirls.dontexist.org/wp-content/themes/pixeled/images/rss-trans.png" alt="Catgirls Don&#8217;t Exist" width="65" height="24" /></a></div> <!-- Closes toprss -->
<ul id="nav">
  <li><a href="http://catgirls.dontexist.org">Home</a></li>
   <li class="cat-item cat-item-10"><a href="http://catgirls.dontexist.org/?cat=10" title="Anything about the author of Catgirls Don&#039;t Exist specifically, though these will be kept exceedingly few.">Personal</a>
</li>
</ul>
</div> <!-- Closes catnav -->

<div class="cleared"></div>

<div id="main">

<div id="contentwrapper">


<div class="topPost">
  <h2 class="topTitle"><a href="http://catgirls.dontexist.org/?p=3">Under construction!</a></h2>
  <p class="topMeta">by <a href="http://catgirls.dontexist.org/?author=1" title="Posts by admin">admin</a> on Mar.24, 2009, under <a href="http://catgirls.dontexist.org/?cat=10" title="View all posts in Personal" rel="category">Personal</a></p>
  <div class="topContent"><p>Welcome! I am working on getting my server and this software figured out as we speak (currently fighting pesky phantom permissions&#8230;rargh, let me upload damnit!)</p>
<p>Stay tuned!</p>
</div>
  <span class="topComments"><a href="http://catgirls.dontexist.org/?p=3#respond" title="Comment on Under construction!">Leave a Comment</a></span>
  <span class="topTags"><em>:</em><a href="http://catgirls.dontexist.org/?tag=maintenance" rel="tag">maintenance</a>, <a href="http://catgirls.dontexist.org/?tag=website" rel="tag">website</a></span>
  <span class="topMore"><a href="http://catgirls.dontexist.org/?p=3">more...</a></span>
<div class="cleared"></div>
</div> <!-- Closes topPost --><br/>



<div id="nextprevious">
<div class="alignleft"></div>
<div class="alignright"></div>
<div class="cleared"></div>
</div>
</div> <!-- Closes contentwrapper-->



<div id="sidebars">

<div id="sidebar_full">
<ul>

 <li>
<div id="welcome">


<h2>いらっしゃい!</h2><p>Welcome to Catgirls don't Exist, a quick and dirty guide to our favorite non-existent animal personification, its fanbase, and the ludicrous things we do to them in the pursuit of our most errant fantasies!</p>




</div><!-- Closes welcome --> </li>


 <li>
 <div class="sidebarbox">
 <h2>Recent Posts</h2>
 <ul>
   <li><a href='http://catgirls.dontexist.org/?p=3' title='Under construction!'>Under construction!</a></li>
 </ul>
 </div>
 </li>

 <li>
 <div class="sidebarbox">
 <h2>Browse by tags</h2>
 <a href='http://catgirls.dontexist.org/?tag=maintenance' class='tag-link-12' title='1 topic' style='font-size: 8pt;'>maintenance</a>
<a href='http://catgirls.dontexist.org/?tag=website' class='tag-link-11' title='1 topic' style='font-size: 8pt;'>website</a> </div>
 </li>


</ul>
</div><!-- Closes Sidebar_full -->


<div id="sidebar_left">
<ul>

<li>
<div class="sidebarbox">
<h2>Categories</h2>
<ul>
   <li class="cat-item cat-item-10"><a href="http://catgirls.dontexist.org/?cat=10" title="Anything about the author of Catgirls Don&#039;t Exist specifically, though these will be kept exceedingly few.">Personal</a>
</li>
</ul>
</div>
</li>

</ul>

</div> <!-- Closes Sidebar_left -->

<div id="sidebar_right">

<ul>

<li>
<div class="sidebarbox">
<h2>Meta</h2>
<ul>
  <li><a href="http://catgirls.dontexist.org/wp-admin/">Site Admin</a></li>  <li><a href="http://catgirls.dontexist.org/wp-login.php?action=logout&amp;_wpnonce=f20b52602a">Log out</a></li>
  <li><a href="http://validator.w3.org/check/referer" title="This page validates as XHTML 1.0 Transitional">Valid <abbr title="eXtensible HyperText Markup Language">XHTML</abbr></a></li>
  </ul>
</div>
</li>

</ul>

</div> <!-- Closes Sidebar_right -->


<div class="cleared"></div>
</div> <!-- Closes Sidebars --><div class="cleared"></div>

</div><!-- Closes Main -->


<div id="morefoot">

<div class="col1">
<h3>Looking for something?</h3>
<p>Use the form below to search the site:</p>
<form method="get" id="searchform" action="http://catgirls.dontexist.org/">
<p>
<input type="text" value="Search keywords" name="s" id="searchbox" onfocus="this.value=''"/>
<input type="submit" class="submitbutton" value="Find it" />
</p>
</form><p>Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!</p>
</div>

<div class="col2">
<h3>Visit our friends!</h3><p>A few highly recommended friends...</p><ul><li><a href="http://wordpress.org/development/">Development Blog</a></li>
<li><a href="http://codex.wordpress.org/">Documentation</a></li>
<li><a href="http://wordpress.org/extend/plugins/">Plugins</a></li>
<li><a href="http://wordpress.org/extend/ideas/">Suggest Ideas</a></li>
<li><a href="http://wordpress.org/support/">Support Forum</a></li>
<li><a href="http://wordpress.org/extend/themes/">Themes</a></li>
<li><a href="http://planet.wordpress.org/">WordPress Planet</a></li>
</ul>
</div>

<div class="col3">
<h3>Archives</h3><p>All entries, chronologically...</p><ul> <li><a href='http://catgirls.dontexist.org/?m=200903' title='March 2009'>March 2009</a></li>
 </ul>
</div>

<div class="cleared"></div>
</div><!-- Closes morefoot -->



<div id="footer">
<div id="footerleft">
<p>Powered by <a href="http://www.wordpress.org/">WordPress</a> and <a href="http://samk.ca/freebies/" title="WordPress theme">pixeled</a>. Sweet icons by <a href="http://famfamfam.com/">famfamfam</a>. <a href="#main">Back to top &uarr;</a></p>
<!-- Please don't remove my credits! I worked hard to create this theme and distribute it freely. Thanks! -->
</div>

<div id="footerright">
<a href="http://wordpress.org" title="WordPress platform" ><img src="http://catgirls.dontexist.org/wp-content/themes/pixeled/images/wpfooter-trans.png" alt="WordPress" width="34" height="34" /></a>
</div>

<div class="cleared"></div>
</div><!-- Closes footer -->

</div><!-- Closes wrapper -->

</body>
</html>

Offline Orochium

  • Newbie
  • *
  • Posts: 16
Re: Avast blocking my home server, why?
« Reply #11 on: March 26, 2009, 08:50:21 PM »
I can't seem to post anything from the ../wp-admin/ applications php, which is what reports the HTML:Script-inf positive, its saying its over 10000 characters and won't let me code-paste it  ::)

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Avast blocking my home server, why?
« Reply #12 on: March 26, 2009, 08:56:39 PM »
Can you attach it?  Click additional options on the bottom of your post window and paste it as a .txt file

EDIT - I worded that weird.  It's not "pasting".

What I meant was to save the source code in a text file, then upload it via the "attach:" function in the additional options of a post.
« Last Edit: March 26, 2009, 09:05:07 PM by scythe944 »
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline Orochium

  • Newbie
  • *
  • Posts: 16
Re: Avast blocking my home server, why?
« Reply #13 on: March 26, 2009, 09:22:41 PM »

Alright, see attached (wp-admin.txt)

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Re: Avast blocking my home server, why?
« Reply #14 on: March 26, 2009, 09:25:05 PM »
***

An attempt to download that attachment will give a warning from avast ... connection aborted.


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM