Avast has blacklisted Ripway again

I love Avast I have been using it for years. I also love using Ripway as an image/file host. Been using them for years too.
The last time this happened I was told that it was because Ripway had accidentally been blacklisted and it was fixed right away. Now it is happening again. The favicon and other images hosted by Ripway on my blog were not showing up so I went to log in at Ripway and my Avast started screaming and throwing up warnings. Just logging into the front page of Ripway.

If Avast is going to keep blacklisting them could someone please let me know of another good host for .ico and .pdf files? I can just use PhotoBucket and Flickr to host images for my blog.

Hope they correct the false positive soon.
But… are you sure the site wasn’t hacked and it is really a false positive? ???

I emailed Ripway. It was not easy to get to anything on their website because every single page, even the help pages are setting off warnings on Avast. I hope that Ripway and Avast can get it straightened out soon.
It has to be a false positive.

Can you please do a screenshot of the warning?

It is a webshield detection.

Network shield=blacklist

Webshield= alert based on detection…

Being a webshield detection, it would appear that this is accurate and it seems that the favicon.ico of the the site has been hacked. I get two alerts on this, just visiting the homepage:


10/17/2009	9:56:32 PM	1255812992	SYSTEM	1516	Sign of "HTML:Script-inf" has been found in "http://www.ripway.com/favicon.ico" file.  
10/17/2009	9:56:35 PM	1255812995	SYSTEM	1516	Sign of "HTML:Script-inf" has been found in "http://www.ripway.com/favicon.ico" file.  


Well since that is where I normally host screen shots :frowning:

All of the warnings say the same number on them…
file name h**p://ripway. com
Malware name HTML Script-inf
Malware type Virus/Worm
VPS version 091017-0, 10/17/2009

I did email Ripway support and even gave them a link to this thread. The last time Ripway and Avast worked together. But that time I was not getting warnings from Ripway’s website like I am now.

Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

For Vlk, image1 is the alert, there are two consecutive alerts on the home page, when it tries to load the favicon.ico file.

OK it looks like the site has been hacked and the favicon.ico file has been modified, see image2, that points to a probable malicious site 8866.org:

Registrant City:Changzhou Registrant State/Province:Jiangsu Registrant Country:CN

Thank you so much guys!
One thing I would like to point out, I am so very glad that Avast works when it needs to.
So I guess I am off to search Google for another file host. Thank you all so much for helping me out with the information.

You’re welcome.

There is unfortunately that in finding a new host, that they (and subsequently your site) too won’t get hacked in the same way. It is at that point that you find out just how good they are support wise.

  • This is commonly down to old content management software being vulnerable, PHP, Joomla, Wordpress, SQL, etc. etc.

– Every 3.6 seconds a website is infected http://forum.avast.com/index.php?topic=47096.msg396648#msg396648.

My blog did not get hacked. After Ripway was hacked or whatever happened to them, the images and favicon that I had hosted at Ripway disappeared from my blog.