AVAST blocking My clean Website

Our website is blocked by AVAST and it is killing our traffic. The site is clean and has been for a very long time. When we send out PR and things like this the site is being blocked so the money we spend on PR campaigns is wasted. I need help getting my site fixed and taken off your list. We have securi on all our sites and servers. The site comes back clean. I have reported this as a false positive many many times to you guys. I even went as far as deleting the entire site and loading up a fresh copy of everything. It is you guys blocking this. Please get this fixed as soon as possible please.
Site is
http://www.standswithfists.com

IP history https://www.virustotal.com/en/ip-address/184.168.52.1/information/

Suricata alerts http://urlquery.net/report.php?id=1449730643634

Is it blocking this IP? it is on shared hosting and i can change this. Would that fix the problem? Or are you seeing my site is infected?

Is it blocking this IP?
I dont know .... one of avast staff is notified, he may be online later with info
I have reported this as a false positive many many times to you guys.
You may post your ticket ID here

As far as I can establish this is a general IP block for which there could be an exclusion request. Whether Avast Team will honour thisrequest, is to be seen.Re: https://www.virustotal.com/en/ip-address/70.103.39.211/information/
-https://www.virustotal.com/en/domain/widget.cdbaby.com/information/

polonus

For the Suricata IDS, see: http://taosecurity.blogspot.nl/2013/02/recovering-from-suricata-gone-wild.html

D

Ok so I took off all the CDBaby widgets Hope this helps

I unblocked the domain now :wink:

Thank you so much.

I have one more website that has the exact same problem.
http://www.webstars.us

It checks out good but is being blocked.

We also run Sucuri on the server side. I do not know why this keeps happening.

Thanks Again
Nate

With avast enabled I can open the site without any problem.
I suggest you run the online scans/checks listed at my website and see what they say.

A huge clue on why it can (and definitely should) be blocked :
http://retire.insecurity.today/#!/scan/47090dbbc8066209964c5b4801fd53ed0b8b367efd10441fc434c6b3a4672ee6

No I also get a URL:Mal alert on the Avast Web Shield.
Quttera says: “The malware entry is cached and may not reflect the current status of the domain.”
Those are the script links here: https://www.mywot.com/scorecard/img1.wsimg.com?utm_source=addon&utm_content=rw-viewsc
Two Fails and Three Warnings on the scan: https://asafaweb.com/Scan?Url=www.webstars.us
2 vulnerable libraries here -http://www.webstars.us/
Detected libraries:
jquery - 1.5.1 :-http://img1.wsimg.com/shared/js/1.5.1/global.20121009.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.8.3 :-http://img1.wsimg.com/ux/1.3.27/js/uxcore.en.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
2 vulnerable libraries detected

Additional IP risks: http://sameid.net/ip/72.167.240.1/ 1385 websites on one and the same IP.
Recent GoDaddy abuse from that IP: https://www.virustotal.com/nl/ip-address/72.167.240.1/information/

polonus

Nate,

this is the second time your are claiming that there are no problems with a website while there very clearly are problems.
I suggest you hire someone to take care of the websites who does have the knowledge for it and who does know what he is doing.

Hi Eddy,

Fully agree with you here, you are so right, when putting up a website one should configure it properly. That means when you use software, the software never can be used as it comes to you out of the box. You should use settings and enable and disable what should be enabled, & disabled. Software producers do not care they just deliver default software as it comes to get less complaints from users on completeness, so you download the whole kaboodle… Someone with the right expertise (often only technical IT staff) has to do the settings, disable retired script and also keep the website updated and patched, upgrade, disable left or vulnerable scripts, plug-ins etc. etc.
The server software should be silenced so that it does not tell everybody about versions of software, PHP etc. DNS should be checked, It should be checked whether the hosting party does a pro-active job and does anything more than just cash in.

If you do not have the expertise to scan, monitor and log all that is going on, you’d better not put up a website as it becomes a threat to everyone visiting it. Simple and clear, else hire someone with the relevant knowledge. Too much websites where we have user enumeration enabled where we can read clear log-in data, and an attacker and hacker also has that ability. Actually people that run such websites/blogs should be protected against themselves.

polonus (volunteer website security analyst and website error-hunter)

I agree with both of you.
I am unblocking the domain as I do not see any malicious activity now, but if you don’t secure it, something similar is bound to happen in the (near) future.