I have a website hosted on Microsoft Azure Web Apps located at: hxxp://www.andrei15193.ro. Avast! keeps saying that the site may have infected my PC every time I have WebShield on when I access my site by that address. If I access the site by the address provided by Azure: hxxp://andrei15193.azurewebsites.net/ Avast! has no problem with it. I’m clueless to why it decides to do so, both addresses point to the exact same location, why is accessing through azurewebsites.net ok and accessing through custom domain not ok while they both provide the exact same content? Anyway, what can I do to solve the issue?
Please break the link to the suspect site to prevent accidental exposure, e.g. wXw.andrei15193.ro.
If you can attach a screenshot of the avast alert that will help someone when investigating.
It may well have the same content, but your alert could be based on your HOST if it has multiple sites hosted on the same IP other domains could well be infected/hacked resulting in the blocking of the IP address. Though it is strange if both point to the same site.
This is a warning from Avast Online Security. It says “This website could have harmed your computer”.
What the alert this is based on could be explained best by an Avast team member, I am not,
I am just a volunteer with relevant knowledge. You could mail virus@avast.com and put a link to this thread here.
However you could pay attention to my recommendations given above.
I assume this is a false positive detection for some portion of obfuscation and/or pseudo-code,
I cannot really think of anything else. The hosting party for the website alas has still some work to do.
I have went through your recommendations. The one that yields most suspicion is the one saying it found malware however when I look at the concrete results it thinks that bitbucket.org is malware. I don’t know since when Atlassian makes malware so that is most likely a false positive.
The domains are set up accordingly as Microsoft Azure requires. They are even mapped in the management portal, if they we’re not set up accordingly the portal wouldn’t let the custom domain be set.
The warnings regarding excessive headers is partially solvable. The website is hosted as a Web App inside Microsoft Azure, I do not have direct access to IIS that hosts the site making the server header impossible to remove. The web site has been changed to remove all other excessive headers.
I don’t think the warnings regarding 3rd party libraries could lead to a WebShield block. If they were indeed problematic WebShield would have blocked the site from any address not just the custom domain. This also makes me think there’s still something to be done on the DNS side as that is the only thing that differs from the Microsoft Azure provided domain (DNS lookup + domain name, does Avast! block based on domain name if it matches some pattern? I hardly believe it does but who knows.). I’ll see what can be done on the DNS server as it is hosted inside an Azure Virtual Machine so theoretically it can be configured in any possible way.
Thanks that you take security that seriously, I’d wish all website admins would.
I also hope your contacts with Avast will resolve that remaining Avast issue for that website.
Welcome aboard our forums, as we specially welcome responsible developers and coders,
best greetings,
polonus (volunteer website security analyst and website error-hunter)