Avast prblems with my website

Hi,

I have some trouble with avast and I will explain chronological:

I have two websites xww.radicalglobalchange.org and rgc.autonomousjournalism.org. These are new and they shall replace globalchangefactory.org
Yesterday my friend told me, that avast is blocking always the first two websites because of Maleware (Url:Mal)

I checked the sites for Malware in “1000” different ways. I updated a special phpfile in my installation which is known as a great access for maleware. But no infection was found.
Then i installed avast free on my own computer. And it is blocking my sites too. But not only these. It is blocking any website except google.de. Even Tagesschau.de or anything else.

So please, I need help. At my friends PC it is blocking only our new pages. But maybe her avast is not up to date :smiley:

Is there a way to tell avast to check my websites to update their black and whitelists? Is there anything I can do to stop avast blocking all websites on my PC, except to disable the programm?

Thanks. Falk

EDIT: It doesnt matter which browser. Wether at my PC or the PC of my friend. Allways the same.

URL:mal does not mean infected…but that the urll is on a blocklist

anyway…your wordpress is outdated
http://sitecheck.sucuri.net/results/rgc.autonomousjournalism.org
http://sitecheck.sucuri.net/results/radicalglobalchange.org/

you can report False Positives here. http://www.avast.com/contact-form.php?

I know its outdated but there is an important plugin which doesnt work with the actual wp version :frowning:

thanks for your replay.

http://zulu.zscaler.com/submission/show/0df6149d2ff13e935cddff1053201717-1355656436
http://zulu.zscaler.com/submission/show/330855f716ee273b4d2563b86a6a7d45-1355656550

The original malware for that IP has now been taken down according to VirusWatch.
The suspicious script is on this link for htxp://radicalglobalchange.org/wp-content/plugins/sidebar-login/js/blockui.js?ver=1.0
For a deconstruction see: http://www.keyframesandcode.com/resources/javascript/deconstructed/jquery/ (author = dave stewart)
The suspicious code is found as all of code-line 10.
Validating with a javascript unpacker:
error: undefined variable jQuery
error: undefined variable $.fn
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var $.fn = 1;
error: line:1: …^
and that is being blocked by avast Network Shield.
WordPress version outdated: Upgrade required,

polonus

Thank you both for this.

the plugin sidebar login is deinstalled. All other plugins are disabled. the problem still occurs. btw: all these plugins allready runnning on globalchangefactory, even the content is allmost the same. just the theme changed, but this also worked before on a other website for testing purposes.

The tests you have been running over the sites shocking me. Especially this:

Autonomous System Risk ASN 16265 (Leaseweb) has risk 100.0 This check increased the overall risk score. Netblock Size Risk Netblock size has size 255 This check increased the overall risk score. Zscaler IP Reputation IP address has been identified as risky by one/more sources

Questions:
leaseweb is at risk. but why? how can I change this?
isnt it clear that a server park has a lot of IP’s? how can I change this?
My ip can not really identified by others as a risk, because I got it two weeks before and used it now since three days. Again: What can I do?

Thx, Falk

You’re welcome.

The problem is that this is a block on the IP address 95.211.160.73 not the specific domain name/s that both of these sites are hosted on, there are probably other domains also hosted on this IP (now or previously) and one or more of them may be infected, resulting on an IP block.

Use the on-line contact form as previously mentioned, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.

  • If you are reporting an FP, then you get another input field open, enter the web URL for the site you wish to submit for Network Shield review (IP address block not Domain Name), etc. A link to this topic also wouldn’t hurt.

Ok thx. i did this allready. so I hope I will get an positiv answer from them. Will come back with it and tell you if I have a solution.

Falk

You’re welcome.

I would report it again, especially the comment about network shield review and IP address, etc. and giving a link to this topic which contains lots of information.

DavidR,

The matter is that this is for a wider more general IP block, all of 95.211.160.% range is being blocked.
This while all the remote file injection and unknown html malware on this block have been closed or either are dead now. The initial contributor to VW was http://www.malwaredomainlist.com/mdl.php?search=x9b.org&colsearch=All&quantity=50 (this malware for IP 95.211.160.73 has been declared as dead after just 0.1 hrs. The malware that was found active longest on that block was on for 872.7 hrs (IP htxp://95.211.160.212/) see: http://www.malwarepatrol.net/cgi/search.pl?id=269752 (see: https://www.virustotal.com/file/0880515ea9b82b383ba7e78882d6c04428eb69256d5417927f25e6bdb6204df2/analysis/ )

polonus

And that is the reason to report for network shield review to remove the specific IP block and only hit the malicious/infected domains, which is likely to release these two domains.

Hi DavidR,

Agree with you also because of this: http://www.ipvoid.com/scan/95.211.160.73/

pol

Hello,
URL will be unblocked.

Milos

Hi,

its nice to hear that the URL will be unblocked. Sounds like you have the permission to do that?:wink: If yes, I am very happy with.

To all: Its really interesting what I could learn only trough this thread. Thanks all.

Falk

Yes Milos has the permission/authority to do that he is from the avast Virus Labs team.