Avast Blocking My Websites

Hi,
I was wondering why Avast is blocking a couple of my websites, I sent a false positive report many time but as yet have had no response.

http://zulu.zscaler.com/submission/show/809bc06b4324f063c267090fc194aa8b-1450004708
http://www.urlvoid.com/scan/choresindoors.co.uk/
http://zulu.zscaler.com/submission/show/f75a86648030e2a67da05ea0a68250b1-1450005586
http://www.urlvoid.com/scan/heatmypool.com/

Any thoughts would be appreciated

shajazzi

301 Moved Permanently is not normal for a website.

Blacklisted :
https://www.virustotal.com/en/url/e2e340ba098ef4e9e39b64525df87d208bcf6fa2450c3e0845efe0fb1d173595/analysis/1450006899/
http://urlquery.net/report.php?id=1450007012556
http://urlquery.net/report.php?id=1450007054149
http://multirbl.valli.org/lookup/92.27.14.201.html

Outdated software (Joomla) used :
https://sitecheck.sucuri.net/results/choresindoors.co.uk

Spam coming from that IP :
http://www.spamrats.com/bl?92.27.14.201

No Secure Protocols supported :
https://www.ssllabs.com/ssltest/analyze.html?d=choresindoors.co.uk

If you are running a business, get and use a dedicated server that supports secure protocols.
It will help to avoid a lot of problems.

I now unblocked enclose-my-pool.com and heatmypool.com, which are the only 2 domains that are on that IP, but take heed of what Eddy says to prevent the problems in the future…

Hi Eddy,
I have started cleaning stuff up and thanks for the advice, however I cannot see any reason why Kaspersky is suggesting that there is Malware on my site.

shajazzi

I cannot see any reason why Kaspersky is suggesting that there is Malware on my site.
Virustotal URL scan is a blacklist check, it does not scan the site for malware. So site is Blacklisted by Kaspersky for whatever reason and there can be many

As Pondus already pointed out, VirusTotal does not scan websites but checks blacklists.
If a site is on a blacklist, it doesn’t mean by default the site is malicious.
It can be, but doesn’t have to be.

Other reasons why it can be on a blacklist are (but not limited to) :

  • Malicious in the (recent) past
  • Malware spreading through the same IP as the site is on.
  • Spam coming from the same IP as the site is on.

A scan/check is one thing, but the result doesn’t mean anything if you don’t know how to read/interpret the result shown :wink:

If you want to run scans/tests (now or in the future), I have a pretty decent list of online scanners on my website.
In case of a problem they may help to find out what is wrong and where :wink:

Seems the main domain name for site does not resolve: -http://choresindoors.co.uk./ → http://www.dnsinspect.com/choresindoors.co.uk/1450260271
For the www version I get an AOS alert and 404 padlock icon
-www.choresindoors.co.uk.
Alerts (1)
Insecure login (1)
Password will be transmited in clear to -http://www.choresindoors.co.uk/
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.choresindoors.co.uk%2F
Three warnings here: https://asafaweb.com/Scan?Url=www.choresindoors.co.uk

polonus (volunteer website security analyst and website error-hunter)

@shajazzi: Please update Apache to the latest version: http://prntscr.com/9et345

Also your Debian version is really outdated, youre running version 6, while the newest is 8.2 if im not mistaken :slight_smile:

You may want to take a look at OpenSUSE as server OS, no need for reboots even for kernel updates, rock-stable
and snapshots every hour or even more frequently in case you mess something up or the system breaks down.

Hi Guy,
Thanks for your help!!
After a server crash I build an all singing and dancing server with all the latest versions of apache2, php and Mysql, however as all the websites were out of date none of them were compatible with the latest version of php5 so I built another that works with the websites.

I know this is not ideal but until I have more time I will have to live with it.

shajazzi

@shajazzi, did you follow Eddy’s suggestions to prevent this in the future?
Didn’t Honza actions solve your issues?

Hi Lisandro,
I have started to implement Eddy’s suggestion but still need to get the Secure Protocols issue sorted which I should manage by the week end.
Honza’s actions did solve the problem with all but one website so far.

I found that Spamrats wouldn’t remove my Ip from their database until the reverse DNS problem was sorted.
http://www.spamrats.com/bl?92.27.14.201

shajazzi

I get an all green spam rats report: http://www.spamrats.com/lookup.php?ip=92.27.14.201

polonus

Hi Guys,
Thanks for all your help so far but I still finding that http://www.choresindoors.co.uk/ is still black listed by your system although it’s now showing clean.
https://www.virustotal.com/en/url/44e1082f89a003031a180d1467c3b0c64ecb5a7f9074536dd345ac7c1f245904/analysis/1452066499/

shajazzi

After a quick check, your site looks clean to me.
Wait for Honza, he’s the one who can unblock it.

Some software (Joomla, Apache,PHP) needs to be updated as soon as possible!

http://prntscr.com/9mq49q

PHP newest Version: Version 7
Apache newest is: 2.4.18 (https://httpd.apache.org/)
Joomla newest is: 3.4.8 (https://www.joomla.org/)

I have an updated server but until I have finished updating the websites to make them compatible with the latest version of apache/php I will have to live with this old version for now.

shajazzi