Author Topic: False Positive on My Own Website  (Read 5363 times)

0 Members and 1 Guest are viewing this topic.

96Delta

  • Guest
False Positive on My Own Website
« on: September 10, 2010, 06:07:53 AM »
I'm having some trouble here and I hope someone
can help me resolve it.

I host and build my own websites.  This evening,
I visited a site I built and have been using since 2005
without any issues. But tonight, it reported a
Malware alert HTML:Iframe-inf and hostads.cn/.

Here's the URL:
http://david.tenifer.com/forum/phpBB2/index.php

And the site root:
http://david.tenifer.com/aceshigh/

Now I had been visiting this same site all day and
not a hiccup.  Now, all of a sudden I have this
blocked nonsense.  I have not uploaded or edited
the files in any way.

I downloaded the file that was blocked and scanned
it on my PC using AVAST.  Nada.  Nothing found.
Next I added the URL to the Exception list but it
still throws the warning.

Anmy suggestions?

Thanks for your help.
« Last Edit: September 10, 2010, 06:29:21 AM by 96Delta »

Gargamel360

  • Guest
Re: False Positive on My Own Website
« Reply #1 on: September 10, 2010, 06:10:28 AM »
I get no alert through that link currently.

96Delta

  • Guest
Re: False Positive on My Own Website
« Reply #2 on: September 10, 2010, 06:12:23 AM »
That's weird Gargamel.
I'll be able to test it from another computer
with Avast on it tomorrow.  It looks like
the game is afoot!

96Delta

  • Guest
Re: False Positive on My Own Website
« Reply #3 on: September 10, 2010, 02:41:33 PM »
No dice.  The error persists no matter what PC I'm on.

Any suggestions?

Hillbilly

  • Guest
Re: False Positive on My Own Website
« Reply #4 on: September 10, 2010, 05:04:23 PM »
Hi 96Delta, I just checked both links and had no problems viewing the sites whatsoever. No warnings at all, and nothing in the virus chest. 

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86523
  • No support PMs thanks
Re: False Positive on My Own Website
« Reply #5 on: September 10, 2010, 05:05:01 PM »
@ 96Delta
Just visited and also no alerts on either URL.

I'm using firefox 3.6.9, and there have been occasions where there has been no alert on firefox (as it isn't vulnerable to an exploit) yet there have been alerts when IE was used.

I draw the line on my system in checking out sites with firefox and the additional add-ons that I have for it.

I see from your image that you used IE when you first got the alert. Have you tried using a different browser to see if this is a browser specific exploit ?

Edit: Ran IE in limited user and no alerts on either page, however, the hXXp://david.tenifer.com/aceshigh/ gives me the Flash Player pop-up and that would load an activeX Control if you allow it to run, see image and that is definitely a step too far for me.
« Last Edit: September 10, 2010, 05:11:35 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

96Delta

  • Guest
Re: False Positive on My Own Website
« Reply #6 on: September 11, 2010, 02:21:07 AM »
Thanks for trying to help me guys.

I tried it in Firefox and it still throws the alert.
Same goes for Opera.

I've whittled down the problem a bit though.

It seems that the false alert only happens
when I either log into the forum or when
I have set a cookie to automatically log me
in when I re-visit the forum.  If I visit the
forum and don't log in I get no alert.

Does this help anyone diagnose this?
Is this a bug in Avast?

P.S.  DavidR...Airborne all the way m8!
Served in the 82nd Airborne on this side of the pond.  
Put your knees in the breeze!! <Salute>
« Last Edit: September 11, 2010, 02:28:43 AM by 96Delta »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86523
  • No support PMs thanks
Re: False Positive on My Own Website
« Reply #7 on: September 11, 2010, 03:23:49 AM »
Obviously we are only paying a cursory visit and not logging on, so I have had a good look around as a guest.

Unfortunately unless we can actually force an alert we can't analyse the actual file to see what might be the cause. What I can suggest is that whoever is the forum administrator ensure that they are using the latest version of the phpBB forum software (the info at the bottom would indicate that it is either no longer supported or out of date (Powered by phpBB © 2001, 2005 phpBB Group).

It may be that this is only in the actual logon process, so something

Content management software, like PHP, which create pages on the fly so to speak can be exploited if they are vulnerable (out of date versions generally). Whilst I don't think this is the case as I would expect it to be far more wide spread in the forum pages viewed by guests also.

One thing I have to say is that security is something that needs tightened up in what guests are allowed to do. I could access the members list and from that also a user profile. I would suggest that member lists are blocked unless a guest has logged on and the same for accessing a user profile as it is in this forum.

~~~~
I was presented with my American wings during a 4 week visit to fort Bragg NC (Golden Knights) way back in 1972, when I was in the Parachute Regiment's Red Devils. No static lining all free fall from the DC3 and C130. I also got my knees in the breeze in Aviano Italy static lining from Huey Helicopter, on an exchange trip for a week. So I really earned my American wings that trip ;D

Many of the guys didn't like jumping the Huey at all, very cold blooded sat with your legs out held in by a belt across the open door. Nothing like the Herc, where they were confined in darkness before hitting the door.

Happy days.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

96Delta

  • Guest
Re: False Positive on My Own Website
« Reply #8 on: September 11, 2010, 08:06:14 AM »
Thanks for the reply Dave.
Will look into the matter more.

I happen to be the administartor of the site.
It is an older version but I have it tighetend up
fairly well.  The profiles being a available are
no cause for concern as they don't contain any
sensitive data but I think I will try and
implement your suggestions after I get this
alert situation sorted out.

I have a few more things to try to attenpt to
gain some insights into what this is.

-----

BTW, I loved jumping the Huey's.  Most tranquil jumps
I've ever made.  Chute deployment was like landing in a
soft pillow.  Nothing like the twists and violence
of exiting a C-130 or C-141.  Huey jumps were the best!
« Last Edit: September 11, 2010, 08:07:57 AM by 96Delta »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86523
  • No support PMs thanks
Re: False Positive on My Own Website
« Reply #9 on: September 11, 2010, 03:23:33 PM »
You're welcome.

I though it might have been you as a founder member of the site ;D

Old version of content management software PHP, etc. and that would include your forum software are frequently exploited, so if you can update the phpBB software it should be less vulnerable and may also provide additional functions to further block guests access to areas even thought it may not contain sensitive data.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security