Hi,
I tried to read the topics and find out about this myself, but I could not seem to do this.
Our site/ server is giving warnings to our users that we have malware on the server. However,
our server is scanned every day for malware and we are unable to find the problem.
How would we go about finding the reason for these warnings?
site: norint.eu with all sub domains ie. elearning.norint.eu, adecco.norint.eu, campus.noring.eu
and so on.
Look forward to hearing from you.
Kind Regards
David
You could upload it to: VirusTotal - Multi engine on-line virus scanner ( https://www.virustotal.com/ ) and report the findings here, post the URL in the Address bar of the VT results page.
If the detections are only limited to avast - you can report a false positive at the on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: Report false virus alert in file; Report false virus alert on website.
Next step is to report it to Avast. If found to be false positive, the fix usually happens
fairly quickly. Give then a link to this topic when replying.
Thanks Bob,
If this is a false positive any ideas, why it would happen like this? Do you know if Avast will let us know if
they see a problem on the site?
Kind Regards
David
You should get a response from Avast once it’s reported to them.
A response could also be posted here.
I am an Avast user I don’t work for them so can’t answer that part of your question.
There are some recommendations that should be reported to those that host these websites.
Well something wrong with DNS: Could not get domain’s name servers from parent servers. Then for the main domain:
FAIL: FAIL: While reading domain NS records at parent name servers, we found name servers without A records.
– ns1.norint dot eu. → ?
– ns2.norint dot eu. → ?
To reach your name servers via IPv4 an A record is needed for each name server.
IP addresses has been seen by at least one Honey Pot.
Risk 1 red out of ten: http://toolbar.netcraft.com/site_report/?url=adecco.norint.eu
Site has been reported to avast WEb Rep on basis of quite an amount of users reporting.
BrightCloud gives a Moderate Risk rate of 50 on the Reputation Index.
PHP Event Calendar is vulnerable to SQL injection.
polonus (volunteer website security analyst and website error-hunter)
Hello Polonus,
Thanks for getting back to me. The avast WEb Rep seems very strange as
all users are people who work for us. I can not believe that they would report
our own site. This does not really make sense.
What would you recommend for these problems?
Kind Regards
David
Hi,
This seems to be a false positive (autoflagged the domain because it was on the same IP as other malicious ones), and I unblocked the domain as well as the IP it resolved to.
Hi,
Thanks, we had students “screaming” at us about this. :D. Could you tell me the domain
that caused the flag so I can make sure that the problem with this domain is solved ?
Kind Regards
David
Thanks Eddy,
Tried all IPs and domains on the ips, but none come up with anything. Anyway the problem is solved for now and
I will try to find the domain that coursed the problem tomorrow.
Thanks everyone that took the time to answer me:)
Kind Regards
David
