Initially I thought it might be a google analytics script, so I removed that from all the web pages. If I temporarily disable avast the site loads fine (to be expected)
I’ve read here about some similar problems, followed some links to sites that scan for viruses, with nothing negative showing up. I’ve emailed avast a couple of times with no luck.
Google search link shows the same behavior when searching for Sams’s Lobster Bakes and clicking on the listing.
Not sure if this has anything to do with it but the hosting sites home page also show the same behavior www.superwebhost.com.
This is above my pay grade, I only do a little web design, and I’m not up to speed on a lot of stuff. Any help would be appreciated.
More than likely a IP block for the IP your site is on:
Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Timestamp Source IP Destination IP Severity Alert2013-07-02 10:56:46 urlQuery Client [[urlquery.net]] 64.40.123.219 1 ET CURRENT_EVENTS Blackhole 16/32-hex/a-z.php Landing Page URI
2013-07-02 10:56:46 urlQuery Client [[urlquery.net]] 64.40.123.219 1 ET CURRENT_EVENTS Blackhole 32-hex/a.php Landing Page/Java exploit URI
Snort /w Sourcefire VRT No alerts detected
and 013-07-02 10:48:41 0 / 3 htxp://superwebhost.com/864ad8773f0e7b90a9261b93573e1286/q.php
But given clean here: 013-07-29 10:52:45 0 / 0 htxp://www.superwebhost.com/support/staff/index.php [[urlquery.net] Canada] 64.40.123.219
thanks. On the road for the last couple of hours and pondered the dilemma a little, and more or less came to the same conclusion, but nice to have it corroborated. I’ve emailed the hosting company, for a second time, but they don’t seem interested in solving the problem. I’m going to get the owner to switch hosting companies is short order if the problem is not addressed quickly.
Well that is a good move. Check the new hosting will have security in mind, that is server hardening, not revealing excessive header information to potential attackers, good http cookie security, check against clickjacking issues. etc.
Example: Another way to pentest on your own website is make a html page with this code:
Code: [Select]
<html>
<head>
<title>Clickjack test page</title>
</head>
<body>
<p>You’ve been clickjacked!</p>
<iframe sandbox="allow-scripts allow-forms" src="http://samslobsterbakes.com :8080" style="width:100%;height:90%"></iframe>
</body>
</html>
Code credits go to ITSecurity’s lakshmi Prudhvi * yoursite = main url of site e.g. www dot mysite dot com
Whenever vulnerable and opened in the browser you see: “You have been clickjacked!”
Well stay safe and secure and you know now where to find us,
polonus
P.S. Do not test until site is no longer flagged by avast else the avast File Shield will block clickjackingtest immediately and remove before it even could be written in notepad!
So the avast shields do a perfect security job here,