So created a website, hosted locally, all worked well for a while. Then I bought hosting, and put it there, with my domain name. All seemed well for a couple of hours.
Then Avast started to report a malware HTML:Script-inf.
Only case was one of them said my cPanel is outdated. Nothing I can do about it, but I called the host provider, and they told me they would get a lot more complains if that was the actual problem.
So I started to do some tests. I ended up creating a very simple html file locally, and sure enough, anytime my site is in the html as a src (let’s say for a javascript file) it reports it as a threat.
I called Avast support and they tell me the problem is my machine, something wrong in my registries, and they want to sell me some windows engineer support. I ran CCleaner and everything is fixed/fine, but the issue persist. I ran all the updates.
Anyone here is talented enough and would be willing to look at my site and see if there is a real threat, and if yes, what/where it is? I would gladly fix it!
called the host provider, and they told me they would get a lot more complains if that was the actual problem.
I know for sure that they are getting a lot of complains about it. If you search this webboard, you will find many people that have GoDaddy and complained about it.
I called Avast support
No, that is not avast support. It is a third party and it is really bad.
Yes, it says Url:mal, and when I extract it from quarantine and scan it I see Malware HTML:Script-inf. Sorry I wasn't clear on this.
Sorry no screenshot as I have uninstalled Avast for now (until I get this fixed) on my current machine. I can re-install later and give it a try.
As for michel-roberge.com.htm - I think that’s because it runs the index.php which spouts out HTML and it saves it and parse it (parses the actual output instead of the php).
I did see this, and contacted goDaddy, and like I said, they say that cannot be the reason for no sites would be accessible from their hosts through avast. I would tend to agree this makes sense...
I am not going in denial mode (as I have seen here and there) - all I want is to fix this. I don’t rule out any possibilities. I am all for cleaning / fixing it - but I need to find out WHAT needs to be fixed
I know for sure that they are getting a lot of complains about it. If you search this webboard, you will find many people that have GoDaddy and complained about it.
I just did a quick search on the Avast forum and it seems you are right, there’s a lot popping up! But always the combination of “Only Avast” and GoDaddy.
That’s strange! Who is the culprit? Avast or GoDaddy?
Perhaps I should consider moving everything out of goDaddy…
As you likely know, it is always a good practice to use the latest version of software.
Especially if security flaws are fixed in the latest version.
So if anything is “the culprit”, I would say it is GoDaddy and not avast.
cPanel 11.40.1.11 (as GoDaddy is using) was released on 04-02-2014
Several other version have been released since then.
The latest on is 11.44.1.7 released… Yesterday!
Ofcourse there will be people going into discussion if a av should block websites that use outdated software.
In my opinion, I say yes. It is helping to protect users/visitors and the website owners.
I am asking you to change the text on your website about this, because now you know what is going on.
Perhaps even put a link to this thread there.
Just to avoid misunderstandings, I am not working for avast.
Just like Pondus, you and most people here on this webboard, I am just a user with some (since 1983) experience with computers.
I removed the picture (which is the bad thing I did) and changed the title. The rest of the text is still true - only avast is reporting my site as being bad.
Nonetheless, I am on the line with godaddy and am trying to solve the problem. The lady said “you have been hacked”. I asked “why do you say that?” and she wouldn’t tell me. Turns out she thought I was hacked because of new content… but I was the one who added the content, so I wasn’t hacked.
No, avast is not reporting your site is bad as I have tried to explain.
It is saying that there is a security risk.
Which is true since GoDaddy is using a 5 months outdated cPanel.
The lady said "you have been hacked". I asked "why do you say that?" and she wouldn't tell me
She could have said "I have no clue what I am talking about and I don't care as long as I get paid" At least she would have been honest if she did ;D
But anyway, let’s see what avast says/does now you have asked them to allow the domain.
Not necessarily because of the older cPanel, but that introduces a vulnerability which could be exploited. It is vulnerabilities like this which could lead to a site being hacked.
When URL:MAL is the alert depending on where the alert happens, it normally means that there is a link in there to a malicious site.
Your first post mentions HTML:Script-inf, which normally means script injection on that page, so check any script tags that you have on the page/s, are they yours/legit. Often these happen after the closing html tag, but not always. It would probably be best to check any php template documents.
The main thing is to use the contact form link given by Eddy in Reply #7, asking for a review of your site. A link to this topic wouldn’t hurt.
One of the problems with goDaddy is multiple domains on the one IP address (depending on the hosting package you have). So it is possible you may have an IP address block rather than a domain block (sins of others).
Ok, I sent a link to avast to this thread. My goDaddy host is supposed to be a dedicated IP address, but there is another domain name tracing to the same IP… old stuff maybe?
Now if I replace my domain with the one mentioned earlier (http://wsb7.timetogetthepapers.com/) which - in principle - runs on the same host (godaddy) and on cPanel, then it works (no trigger from avast).
Should I then understand that it’s because Avast goes on http://michel-roberge.com in the root and actually finds something else, or is this site cached as being malicious until further notice? I just am trying to make sure I understand everything right.
ISSUE DETECTED DEFINITION VULNERABLE HEADER
Outdated cPanel Found cPanel Security cPanel 11.40.1.11
But this could not be a reason for the avast! alert/
DNS SOA issues → Connecting to smtp.secureserver.net (68.178.213.203) fails.
Connection to mailstore1.secureserver.net (68.178.213.203) fails.
Sending Mail via IPv4 to dns@jomax.net fails.
Getting Email for SOA RNAME by michel-roberge.com (dns.jomax.net) fails at a test with dns@jomax.net.
I will contact them on this - of course I suspect they will go in denial mode again. I will nonetheless link back to here (again) and if nothing happens in the next few days then I think it is time to consider moving somewhere else…
secureserver.net is and was on several malware domain lists and your IP is “ip-23-229-240-18.ip.secureserver.net”
That could have been a reason, but actually I do not know, not being an avast! team member.
My extrapolations just come from some check-results I performed.
avast! team should answer the question why your address was put on the avast! general URL:Mal block list.
As there is WordPress 3.9.1 “http-generated” there is this vulnerability, e,g,: https://core.trac.wordpress.org/ticket/28610
Did you report to virus@avast.com, giving a link to this thread’s info? Whenever there is something conclusive they are known to react quickly and whenever a general block can be lifted, it sometimes occurs with a forthcoming update.
Anyway thanks for reporting.
