Avast is blocking my website.

Hello, I am the owner of http://www.mvhacks.net/

Avast is blocking my website, it is a false positive and it is diverting members away from my forum. I submitted a ticket with Avast, but I wanted to report it here as well because I would like this to be resolved as soon as possible.

There are no Virus’ or anything malicious hosted on my website.

an what does avast say when blocking?

if it is URL:mal it means URL or IP is on a blacklist for whatever reason…it does not have to be infected

your IP is blacklisted here http://www.apews.org/

CASE: C-131 Unallocated CIDR, no traffic until allocated, or allocated to bad reputation provider or allocated but dynamic / generically named IPs, or bogons, see www.cidr-report.org, or orphaned IP / CIDR in routing table

urlQuery http://urlquery.net/report.php?id=9782641
See Recent reports on same IP/ASN/Domain where you see several domains wih detection and using same IP as you
like this one http://urlquery.net/report.php?id=9438469

If you think this is wrong…

You can report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)
you may add a link to this topic in case they reply here

Not your website is blocked, but the IP.
Here are some reasons for it:
http://168.144.32.45/blacklist/bl/99.225.243.0/#_
http://whatismyipaddress.com/blacklist-check
https://www.virustotal.com/nl/url/f3ae892334fd1b4d90bf25a26766f50c7002b5ff819f4da3e15ecf182c730602/analysis/1394052237/
http://urlquery.net/report.php?id=9782720

If you are sure that your website is not infected and doesn’t try to spread malware etc, you can ask avast to allow your website through the contact form.
http://www.avast.com/en-us/contact-us.php

It looks like a general IP block there because of bad IP .
You could ask for an exclusion for your domain here: www.avast.com/contact-form.php‎

ThreatSTOP alerted 9 months ago for an AlienVault threat danger level 3, earlier IP was on bogons list.
history of IP’s badness: https://www.virustotal.com/nl/ip-address/108.162.199.83/information/
This not helping here 243 domains on one and the same IP: http://sameid.net/ip/108.162.199.83/3/
avast! is not the only scan to flag your site, also Bitdefender TrafficLight blocks it as with malware.
There is other malware from that same IP launched: http://support.clean-mx.de/clean-mx/viruses.php?ip=108.162.199.83&sort=id+DESC
some coming from a RBN IP and Detected a Dynamic DNS URL as e.g. TrojWare.HTML.Ransom.iFrame.C
Google browser diff: First difference:
hacks."> //<![cdata[ try{if (!window.cloudflare) {var cloudflare=[{verbose:0,p:1394045916,byc:1,owlid:“cf”,bag2:1,mirage2:0,oracle:0,paths:{clo…
wXw.mvhacks.net,108.162.199.83,Multiple IPs,
See also here: http://iphostinfo.com/108.162.199.83 Not trustworthy, The IP: 108.162.199.83 is a blacklisted bot

Make your own conclusions about being associated with such an Autonomous System and have your domain hosted there ;D

CloudFlare is essentially the easiest way to MITM yourself.
quote from "throwaway-o" as posted on on Reddit/r/bitcoin.

polonus

I already reported it to avast, but I wanted to discuss this here.

It cannot be my website IP, those websites say my server IP is not black listed. When you ping my website you will get a cloudflare IP, so I don’t understand why this is happening. Isn’t there anything you can do about it?

Isn't there anything you can do about it?
we dont work for avast .....report it to avast and see what happens..

This isn’t Avast’s official forum? Avast’s anti virus is the only anti virus on the planet that says my website is malicious, and unfortunately for me a lot of people use Avast because it’s free. Hopefully they read those submissions, because the IP it’s resolving is a cloudflare IP, not mine, and it should understand that. I cannot control who back links me, but there is nothing malicious on my website.

It is for sure that your IP is blacklisted.
Look at the links again, they proove it.

Ping has nothing to do with the content hosted on a IP.
URL and IP are not the same things.

Make sure your website is not infected, trying to spread malware e.t.c.
Than ask avast to allow your website by using the contact form.
http://www.avast.com/en-us/contact-us.php

If you don’t understand the difference between url and IP, I strongly advise you to hire someone who does.

When did I imply that a domain and an IP are the same thing? I didn’t. I know what you’re talking about, my cloudflare IP is black listed for some reason, and avast is the only anti virus that shows the false positive detection. I know nothing is infected, I am on a virtual private server and I control every file that is hosted.

Yes this is the official avast webboard (not forum).
And no, avast is not the only av that is blocking it.
If you really have looked at the links I gave you would have known BitDefender is also doing it.
And no, avast is not the only company that offers a free av.
There are others also.
Not as good avast, but they do excist.

It is you who has chosen to use cloudfare, not the visitors of your website.

There is no false detection!
The IP is blocked because malicious websites are hosted on the same IP.

Again:
Make sure your website is not infected, trying to spread malware e.t.c.
Than ask avast to allow your website by using the contact form.
http://www.avast.com/en-us/contact-us.php

What part of it is it you do not understand?

Hi Snyper27,

No, but you are not answering to our hints, you’d hike over somewhere else with the perils of the service Cloudflare offers you now with 243 sites on one and the same IP. Do you realize what I am saying there. Your site is clean, but are the other 243.
And you do not want to discuss that aspect. It is not that your domain or site is infested, that IP is allowed to have malcode on it and that is Cloudflare’s responsibility to close down.

Your issue should not be with avast! or Bitdefender, but with CLOUDFLARENET - CloudFlare, Inc.

I told you what to expect.
Some malware from your IP stayed up and active and has status long OVERDUE with 1127.6 hrs and one with 1193.6 hrs even - bit sloppy from Cloudflare isn’t it? Normal malware stays on from a couple of minutes to a couple of hours.
Proof here: http://support.clean-mx.de/clean-mx/viruses.php?ip=108.162.199.83&sort=id+DESC

Wait till all 243 domains on the IP are no longer spreading malware or you are depending on what others do on that IP and risk the next general IP block.
Read about some of the issues: http://news.netcraft.com/archives/2013/10/07/phishers-using-cloudflare-for-ssl.html
Historical badness for the AS is improving, I agree, see: http://sitevet.com/db/asn/AS13335
But being on one and the same IP with 243 other domains is taking such risks.

polonus

Even if I remove cloudflare the problem still exists.

Last try:
Make sure your website is not infected, trying to spread malware e.t.c.
Than ask avast to allow your website by using the contact form.
http://www.avast.com/en-us/contact-us.php

What part of it is it you do not understand?

I KNOW my website is not infected, what part of that do you not understand?

I already asked avast via that contact form, however I feel like it’s a long shot that they will reply to that. If they do, that will restore my faith in avast.

I came here for support, not to be disrespected and patronized by you.

Hi Snyper27,

We speak in due respect and with your best interests at heart. Do not take our expertise as patronizing.
We also like to see your site unblocked as soon as possible, when malcode free, as you say it is and I think that you are right there.
When you go to a new host and IP, you still should report the site as clean here: http://www.avast.com/en-us/contact-us.php
I am sure avast will no longer flag site then.
We cannot take these decisions here as it is a matter for avast team members only and we are not,
we only report here as volunteers with “some” expertise.
It is known in such cases the unblocking could be as fast as with a new coming update.
They may not react here in this thread, but they certainly will look into the matter, 100%

polonus

I don’t think I am going to be changing hosts, I didn’t even say who is my hosting provider, but they are reputable. I am on a VPS with a dedicated IP so I can change it whenever I want to, however that’s irrelevant because it seems no matter what my IP is, avast still blocks it. I disabled cloudflare and changed the DNS back to my host, and the problem persisted. This is very frustrating to me, and I’ve seen plenty of threads here where people have had the same issue from a long time ago, I tried to access their site with avast enabled and I couldn’t get to them, which tells me the staff at Avast didn’t do much for them either… It doesn’t seem very promising.

See: http://dnscheck.pingdom.com/?domain=server.grupocybermedia.com&timestamp=1394060322&view=1
and: http://dnscheck.pingdom.com/?domain=grupocybermedia.com

zone consistency test for grupocybermedia.com.
SOA on address 162.144.92.223 has consecutive number 2014012004.
SOA on address 74.220.195.131 has consecutive number 2014012004.
SOA on address 69.89.16.8 has consecutive number2014012004.
All SOA records have a consistent consecutive number/
2 different SOA records found.

polonus

What are you trying to imply with this?