own domain blocked

[Kossu]

Hey,

It seems Avast is blocking my domain: upit.cc and I would like it to be unblocked.
It is most likely blocked due to an incident a few weeks ago where a rogue user uploaded a virus. I have an automatic virus scanner system implemented which will scan each file with 43 different virus scanners, the script worked fine but the virus was FUD and nothing was found (yes your product failed as well). At a later stage the virus had been detected by virus scanners, but the file had not gone through a second time scan yet and then some kids reported the domain etc, so it currently shows up on unreliable antivirus sites.

Even though this was taken care of less than 12 hours after it happened, Avast still decides to block it, which I guess is because your blacklist consists of sources which are maintained by incompetent people such as clean-mx.de?

Thanks.

[Lisandro]

I guess is because your blacklist consists of sources which are maintained by incompetent people such as clean-mx.de?

avast is a serious company... I don't know about clean-mx.de, but if it is bad, why are you relating it with avast?

Generally, avast detection is accurate in these cases.
Isn't it an encrypted/obfuscated script or iframe?

Check here how to clean and make a website secure.

The vast majority of malware today is distributed over the web, mostly by means of hacked (otherwise legitimate) sites. The attacker usually injects malicious some scripts into some (or all) pages on the site, waiting for an unsuspecting user to visit the site and possible infect his/her machine.

And this is where avast’s detection capabilities really excel. Its abilities to detect these web-based malicious scripts are second to none, and thanks to the Web Shield and Script Blocking providers, they are used exactly when needed, doing an excellent job stopping the web-based malware right on the entry point.

[Kossu]

I guess is because your blacklist consists of sources which are maintained by incompetent people such as clean-mx.de?

avast is a serious company... I don't know about clean-mx.de, but if it is bad, why are you relating it with avast?

Generally, avast detection is accurate in these cases.
Isn't it an encrypted/obfuscated script or iframe?

Check here how to clean and make a website secure.

The vast majority of malware today is distributed over the web, mostly by means of hacked (otherwise legitimate) sites. The attacker usually injects malicious some scripts into some (or all) pages on the site, waiting for an unsuspecting user to visit the site and possible infect his/her machine.

And this is where avast’s detection capabilities really excel. Its abilities to detect these web-based malicious scripts are second to none, and thanks to the Web Shield and Script Blocking providers, they are used exactly when needed, doing an excellent job stopping the web-based malware right on the entry point.

I am relating it with Avast due to the fact that lo and behold after a bogus report was found on that site Avast starts blocking the domain. Coincidence? Doubt it.
http://support.clean-mx.de/clean-mx/viruses.php?ip=92.243.8.87 each report shows nothing found.

There are no obfuscated scripts, and there are no iframes.

[Lisandro]

You need to wait for a virus analyst to look at this "tomorrow" morning.

[Kossu]

You need to wait for a virus analyst to look at this "tomorrow" morning.

Alright thanks.

[Pondus]

Report   2011-05-29 08:32:22 (GMT 1)
Website   upit.cc
Domain Hash   644560174eaabc8a313b314cf52e06d4
IP Address   92.243.8.87 [SCAN]
IP Hostname   xvm-8-87.ghst.net
IP Country    FR (France)
AS Number   29169
AS Name   GANDI-AS Gandi SAS - Domain name registrar - ...
Detections   3 / 23 (13 %)
Status   DANGEROUS
      
Scanning site with:   AMaDa     CLEAN
Scanning site with:   BrowserDefender     CLEAN
Scanning site with:   DNS-BH     CLEAN
Scanning site with:   DShield SDL     CLEAN
Scanning site with:   Google Diagnostic     CLEAN
Scanning site with:   hpHosts     UNRATED
Scanning site with:   joewein.de LLC     CLEAN
Scanning site with:   Malc0de     CLEAN
Scanning site with:   Malware Domain List     CLEAN
Scanning site with:   Malware Patrol     CLEAN
Scanning site with:   MyWOT     CLEAN
Scanning site with:   Norton SafeWeb     CLEAN
Scanning site with:   ParetoLogic URL Clearing House     DETECTED
Scanning site with:   PhishTank     CLEAN
Scanning site with:   SCUMWARE     DETECTED
Scanning site with:   SpamhausDBL     CLEAN
Scanning site with:   SURBL     CLEAN
Scanning site with:   Threat Log     CLEAN
Scanning site with:   Trend Micro Site Safety Center     DETECTED
Scanning site with:   URIBL     CLEAN
Scanning site with:   VSCAN     CLEAN
Scanning site with:   Web Security Guard     UNRATED
Scanning site with:   ZeuS Tracker

[DavidR]

I'm not getting blocked and no alert (using firefox 4.0.1), I can visit the site, but for sure I'm not going to register just to get inside to check further.

[Pondus]

which are maintained by incompetent people such as clean-mx.de?

and why are they incompetent   

[Kossu]

I'm not getting blocked and no alert (using firefox 4.0.1), I can visit the site, but for sure I'm not going to register just to get inside to check further.

Just tried as well, worked fine for me now (tried with the free version). It must have just recently been updated. I will check with some users.

which are maintained by incompetent people such as clean-mx.de?

and why are they incompetent   

I've been trying for a week to get them to remove me from the blacklist but their system is apparently broken which makes them incompetent. Also if you click the clean-mx url I pasted earlier you can see that there was no virus found yet they blacklist me, awesome.

[polonus]

Hi Pondus,

Site has been abused, and has been cleansed since.
But still there is this issue (for which there is no evidence)
http://www.virustotal.com/latest-report.html?resource=bf03546918fdc1a342cce81c3e5c65a3
Quote from Pondus

and why are they incompetent

Probably for the same reason as the people of Trend Micro Site Safety Center and ParetoLogic Inc. should have been incompetent, see: http://www.urlvoid.com/scan/upit.cc
But it could also be the folks at urlvoid are incompetent as well.

If it reads closed and response dead your are no longer blacklisted for the files that
were cleansed on the same day...
..while ParetoLogic should have lifted their blacklist...they are overdue here;
The following has been cleansed now - since 2011-05-09
: -http://upit.cc/files/ (no responses) HTTP/1.1 302 Found; HTTP/1.0 404 Not Found; GET /favicon.ico HTTP/1.1 - HTTP/1.1 200 OK
And the link to this malware is also dead: 4f631e90.exe (backdoor trojan - exploit- keygen)
Scanned against jsunpack, situation now: abuse down.. (php vulnerabilities (serve.php), (java.js))
Scannable: -http://upit.cc  
-index.php  
-news.php  
-register.php  
-login.php  
-index.php?url=1  
-index.php?advanced=1  
-stats.php?time=24  
-tos.php  
-contact.php  
-donate.php  
-./java.js  
-http://upit.cc/serve.php?mode=files&req=index.html   404   application/x-empty

Sucuri scan gives the site an all green, and  SOSWebscan: No Malware or badwares found.  
Webutation record 100 out of 100: upit.cc see: http://www.webutation.net/go/review/upit.cc
  
polonus