Apologies in advance if I don’t cover all the basics here - I’m new to the board…
I run a small shared server on which, for a brief period about 3 months ago, there was an infection which I cleared with maldet. It lasted a couple of days and appeared to affect a couple of sites - alexmarwood.com and 33rdfoot.co.uk. Once the server was cleaned and I’d reloaded the sites from my own local backups, I continued to get the warnings from Avast and so submitted the false positive reports on both URLs, noting that the sites HAD been infected but were now clean.
Three months on and the sites are still being blocked, not only on my machine but on a friend’s 200 miles away (and on a different ISP).
I recall that when I posted the false positive report, the system advised me that the site would be cleared after the next update, but this doesn’t appear to have happened.
Can anyone advise me what I can do? I’ve had several contacts from colleagues to say that they can’t get to the site, and all are using Avast. I can hardly tell them all to reinstall Avast, and of course that only affects people who know me…
Oooops 109.104.78.40 is currently listed in APEWS :-(
Entry matching your Query: E-439231
109.104.72.0/21
CASE: C-17
[b]Spambots, zombies, contaminated CIDR, bad reputation provider[/b]
History:
Entry created 2010-12-23
and i see that your other URL (33rdfoot.co.uk) is using the same IP
I get an error when doing a DNS check like invalid SOA RNAME for alexmarwood dot com hostmaster
mail address is wrongly specified for SOA RNAME field, a mistake that will often be made.
Site has been compromised as htxp://.js etc has been found.
Can anyone advise me what I can do? I've had several contacts from colleagues to say that they can't get to the site, and all are using Avast. I can hardly tell them all to reinstall Avast, and of course that only affects people who know me...
report it to avast lab again and see what happens
you may add a link to this topic in case they reply here
My Domain registrar account was hacked a while ago and DNS redirects put in place, which explains the [police . domain . com] addresses mentioned at https://www.virustotal.com/en/ip-address/109.104.78.40/information/. I’ll leave aside any comments on the security at my domain registrar, although it was covered by the press at the time. All the redirects were cleared.
I’ve just run another maldet scan across the whole shared server and it’s come back clean, so I’m confident that the server is good, as are the sites on it (after the hack I reloaded all the sites from my backups). IN addition, there’s now beefed-up security on the server, so I’m hopeful that it’s fairly well protected against future attacks.
So who should I notify? From reading what you guys have kindly posted, it looks as though Avast is referencing other malicious URL lists…
When the site is as you state malcode free and an avast team member agrees that is the site’s status,
avast! is known to quickly react as with a next update even, so send your report with a reference to this thread.
We here are just volunteers with a bit of expertise and relevant knowledge,
doing this for the “good of our soul” and the avast! community.
Hope your site will be unblocked soon,
