I checked the sites for Malware in “1000” different ways. I updated a special phpfile in my installation which is known as a great access for maleware. But no infection was found.
Then i installed avast free on my own computer. And it is blocking my sites too. But not only these. It is blocking any website except google.de. Even Tagesschau.de or anything else.
So please, I need help. At my friends PC it is blocking only our new pages. But maybe her avast is not up to date
Is there a way to tell avast to check my websites to update their black and whitelists? Is there anything I can do to stop avast blocking all websites on my PC, except to disable the programm?
Thanks. Falk
EDIT: It doesnt matter which browser. Wether at my PC or the PC of my friend. Allways the same.
The original malware for that IP has now been taken down according to VirusWatch.
The suspicious script is on this link for htxp://radicalglobalchange.org/wp-content/plugins/sidebar-login/js/blockui.js?ver=1.0
For a deconstruction see: http://www.keyframesandcode.com/resources/javascript/deconstructed/jquery/ (author = dave stewart)
The suspicious code is found as all of code-line 10.
Validating with a javascript unpacker:
error: undefined variable jQuery
error: undefined variable $.fn
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var $.fn = 1;
error: line:1: …^
and that is being blocked by avast Network Shield.
WordPress version outdated: Upgrade required,
the plugin sidebar login is deinstalled. All other plugins are disabled. the problem still occurs. btw: all these plugins allready runnning on globalchangefactory, even the content is allmost the same. just the theme changed, but this also worked before on a other website for testing purposes.
The tests you have been running over the sites shocking me. Especially this:
Autonomous System Risk ASN 16265 (Leaseweb) has risk 100.0 This check increased the overall risk score.
Netblock Size Risk Netblock size has size 255 This check increased the overall risk score.
Zscaler IP Reputation IP address has been identified as risky by one/more sources
Questions:
leaseweb is at risk. but why? how can I change this?
isnt it clear that a server park has a lot of IP’s? how can I change this?
My ip can not really identified by others as a risk, because I got it two weeks before and used it now since three days. Again: What can I do?
The problem is that this is a block on the IP address 95.211.160.73 not the specific domain name/s that both of these sites are hosted on, there are probably other domains also hosted on this IP (now or previously) and one or more of them may be infected, resulting on an IP block.
Use the on-line contact form as previously mentioned, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.
If you are reporting an FP, then you get another input field open, enter the web URL for the site you wish to submit for Network Shield review (IP address block not Domain Name), etc. A link to this topic also wouldn’t hurt.
I would report it again, especially the comment about network shield review and IP address, etc. and giving a link to this topic which contains lots of information.
And that is the reason to report for network shield review to remove the specific IP block and only hit the malicious/infected domains, which is likely to release these two domains.