Author Topic: network shield blocks a site wrongly!  (Read 14231 times)

0 Members and 1 Guest are viewing this topic.

Shaan2

  • Guest
Re: network shield blocks a site wrongly!
« Reply #30 on: June 07, 2011, 08:48:07 PM »
not all scanners are even looking for this much less being able to detect it.
Could you please point to the malicious code on asrema1 website that Avast able to detect and not the others?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: network shield blocks a site wrongly!
« Reply #31 on: June 07, 2011, 08:52:50 PM »
That is exactly what we have been doing already in this topic.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Shaan2

  • Guest
Re: network shield blocks a site wrongly!
« Reply #32 on: June 07, 2011, 08:59:34 PM »
That is exactly what we have been doing already in this topic.
We believe it's a "false alarm" unless someone could prove otherwise.

kamivh1

  • Guest
Re: network shield blocks a site wrongly!
« Reply #33 on: June 07, 2011, 09:13:20 PM »
Sorry but Sucuri scanner say very infected   :-[
http://sucuri.net/malware/malware-entry-mwjs488

see screenshot
can u take a picture larger than this??
i can see informations in this picture hardly.

kamivh1

  • Guest
Re: network shield blocks a site wrongly!
« Reply #34 on: June 07, 2011, 09:34:38 PM »
not all scanners are even looking for this much less being able to detect it.
Could you please point to the malicious code on asrema1 website that Avast able to detect and not the others?

moderaters could u please point to that codes?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: network shield blocks a site wrongly!
« Reply #35 on: June 07, 2011, 10:09:00 PM »
Larger image of the securi results.

The securi site also shows that your versions of PHP and vbulletin are out of date and vulnerable to exploit, as I mentioned earlier you have to ensure that your content management software (CMS) is fully up to date. This is frequently the reason how sites are hacked but exploiting vulnerabilities in out of date CMS.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

kamivh1

  • Guest
Re: network shield blocks a site wrongly!
« Reply #36 on: June 07, 2011, 10:19:41 PM »
Larger image of the securi results.

The securi site also shows that your versions of PHP and vbulletin are out of date and vulnerable to exploit, as I mentioned earlier you have to ensure that your content management software (CMS) is fully up to date. This is frequently the reason how sites are hacked but exploiting vulnerabilities in out of date CMS.
thanx for large pics and informations.
but just now i got an email from avast! employee.
he said "this domain will be unblocked."

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: network shield blocks a site wrongly!
« Reply #37 on: June 07, 2011, 10:35:33 PM »
Hi kamivh1,

Then also get rid of this abuse status, it has not been rejected nor removed since long:
http://rfc-ignorant.org/tools/lookup.php?domain=asrema1.co.cc
See full results:
http://www.rfc-ignorant.org/tools/lookup.php?domain=asrema1.co.cc&full=1

The plug-in was a heuristic detection.
Here it was also reported: HEUR:Trojan.Script.Iframer h**p://forums.electronicarts.co.uk/clientscript/ncode_imageresizer.js?v=1.0.1
source link: was reported by xDodox94 on that forum, issue now fixed

polonus
« Last Edit: June 07, 2011, 10:48:13 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: network shield blocks a site wrongly!
« Reply #38 on: June 07, 2011, 11:20:59 PM »
Larger image of the securi results.

The securi site also shows that your versions of PHP and vbulletin are out of date and vulnerable to exploit, as I mentioned earlier you have to ensure that your content management software (CMS) is fully up to date. This is frequently the reason how sites are hacked but exploiting vulnerabilities in out of date CMS.
thanx for large pics and informations.
but just now i got an email from avast! employee.
he said "this domain will be unblocked."

Whilst this is good news for you, is is just a first step as the web shield is likely to alert as it did for me when I bypassed the network shield (in one of my early posts). The web admin for the site needs to address the old versions of PHP and vbulletin to avoid possible further exploit.

But what has already been detected in my http://forum.avast.com/index.php?topic=79477.msg653639#msg653639 certainly needs to be investigated and resolved, e.g. why is this obfuscated file being loaded in the index.php file. I don't know why that can only be investigated by the web admin.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: network shield blocks a site wrongly!
« Reply #39 on: June 07, 2011, 11:47:38 PM »
Hi DavidR,

Even when I try to go to that site here: -http://wave.webaim.org/report?url=http%3A%2F%2Fasrema1.co.cc&js=1  I get avast Webshield blocking this as HTML:RedirBA-inf[Trj] and will get disconnected. And then it could eventually be unblocked later, see for a similar case: http://forum.avast.com/index.php?topic=45786.0
The posters in this site really have to inform the site admin of that site to solve the issues there, cleanse, update his web applications, etc. They should mail to supportATturnkeyinternet.net and refer to this thread,

polonus
« Last Edit: June 08, 2011, 12:03:32 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Sirmer

  • Avast team
  • Sr. Member
  • *
  • Posts: 324
Re: network shield blocks a site wrongly!
« Reply #40 on: June 08, 2011, 09:22:12 AM »
Hello,
this was a false positive.
Sorry for your inconvenience:(

kamivh1

  • Guest
Re: network shield blocks a site wrongly!
« Reply #41 on: June 08, 2011, 11:01:29 AM »
Hi
thanks to all of u for helping me.
DavidR,polonus,Gopher John

have a great time.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: network shield blocks a site wrongly!
« Reply #42 on: June 08, 2011, 02:48:20 PM »
Hi kamivh1,

So the issue has been solved, all is well that ends well, welcome to the forums,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!