I maintain a blog website, and we have been receiving reports that Avast is blocking access to our website. I submitted a ticket for a false positive, as site scanning websites report the site as clean.
Avast replied back that it was not a false positive "…because of this: themommynest.com/0ca7gxhjv87bik "
I am using Joomla as a cms, and being a dynamic website, any bad urls just redirect to the main page, which is what this one does. I cannot find any instance of this url on the website, and I have no idea where to go from here.
As Sucuri scan reported this issue also should be tackled: Web application version:
Joomla Version: 2.5.6
Joomla Version 2.5.x - 3.0.x for: htxp://themommynest.com/media/system/js/caption.js Joomla version outdated: Upgrade required.
Also look at the code at from themommynest dot com/components/easyblog/assets/images/loader.gif
via : http://jsunpack.jeek.org/?report=e51768ce4223a47e0fa7b64b301e672bcfefb411
(View link in browser with NoScript and RequestPolicy extensions active and in a sandbox or VM - for security researchers only)
Furthermore a code hick-up here:
info: [script] ps-us.amazon-adsystem dot com/domains/thmone01-20_f2ad21c9-3e63-40f6-b367-28434cffde05.js
info: [decodingLevel=0] found JavaScript
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
error: line:3: SyntaxError: missing = in XML attribute:
error: line:3:
error: line:3: …^
Check EasyBlog for vulnerabilities: http://www.exploit-db.com/exploits/27129/
e.g. in some scripts as a HTML injection vulnerability in /hr/blog/blogger/mortetm?type=
→ htxp://1337day.com/exploits/21036 This just to let you be aware!
What about the reason Avast said it was blocking me? A url that doesnt exist on my site.
Now, Im just confused and not sure where to go from here… since the “risky” things arent really anything I can do about.
The Joomla is the latest version in the 2.5 line. 3.0 requires a total database migration I’m not sure I want to do yet.
How do I go about dealing with the IP issue?
I cant really do much about EasyBlog…
Hello,
avast! does not block IP but only the domain, because we saw there “themommynest.com/0ca7gxhjv87bik”. It looks it was hacked (exploited) through vulnerable cms.
Where are you “seeing” this url? I cannot find anything on the server that references that. Clicking the link only leads to the main site, like any bad url would.
I am trying to fix this so we can get unblocked. We’ve already had a blogger quit because she can no longer access the site.