Please help. My business blog is being blocked by avast in all browsers. The error is about malware. I need my blog to be unblocked for my avast using customers. What do I do?
We need some info …like what avast say (screen shot would help) and what URL
My blogger site: http://www.squigglytwigsdesigns.com
I’m sorry I don’t know how to do a screen shot.
I'm sorry I don't know how to do a screen shot.you should learn ..... when you have the time, just google it or search youtube for a how to video ;)
anyway avast say URL:mal this means your URL or IP is on a blacklist for whatever reason, it does not have to be infected
this may be a IP block. see here http://urlquery.net/report.php?id=1398976734624 under Recent reports on same IP/ASN/Domain
there you see several domains using same IP with alerts …
like this http://urlquery.net/report.php?id=1398976255443
this http://urlquery.net/report.php?id=1398975890477
and this http://urlquery.net/report.php?id=1398967390420 blacklisted at malwaredomains.com
If you think this is wrong, report it to avast lab here http://www.avast.com/contact-form.php
you may add a link to this topic in case they want to reply here
Ok Pondus, blacklisted URL or IP, might be the case, but there are aslo manifold issues flagged on the site itself.
Main issue again, blog is being hosted at afraid dot org !!!
For the other issues on site, here we go:
JavaScript check: Suspicious
ass=‘widget-content’> document.write(unescape("%3cstyle%20type%3d%22text/css%22%3e%0abody%20%7b background-image %3a%20url%28%22htxp%3a//thecutestblogontheblock dot com/backgro… (DOCU.write example here almost no discussion about insecurity!)
Included Scripts check: Suspect - please check list for unknown includes
Suspicious Script:
wXw.squigglytwigsdesigns.com///cdn2.craftsy.com/js/craftsy/craftlet.js?v=1390921258715
document.write(unescape("%3cstyle%20type%3d%22text/css%22%3e%0abody%20%7b background-image %3a%20url%28%22http%3a//thecutestblogontheblock dot c
404 error check: Suspicious
Suspicious 404 Page:
document.write(unescape("%3cstyle%20type%3d%22text/css%22%3e%0abody%20%7b background-image %3a%20url%28%22htxp%3a//thecu
Here I get a not found: Content-Type: text/javascript
htxp://www.squigglytwigsdesigns.com//www.google.com/jsapi/
404 Not Found
Content-Length: 64100
Content-Type: text/html
htxp://www.squigglytwigsdesigns.com//www.blogger.com/rearrange?blogID=686804351853671662&widgetType=PageList&widgetId=PageList1&action=editWidget§ionId=crosscol/
404 Not Found
Content-Length: 64593
Content-Type: text/html
htxp://www.squigglytwigsdesigns.com//www.blogger.com/rearrange?blogID=686804351853671662&widgetType=HTML&widgetId=HTML38&action=editWidget§ionId=sidebar-right-1/
404 Not Found
Content-Length: 64593
Content-Type: text/html
Weird that our friends at Sucuri’s miss this detection allyogether: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fwww.squigglytwigsdesigns.com
as here: http://zulu.zscaler.com/submission/show/c65ea5f5d060a81ca8d887464d3b9784-1398977596
But there is one issue why avast! is blocking and that is that the blog is hosted at afraid.org.
Steer away from afraid dot org and avast! may unblock with an upcoming update.
See for issue: http://ssltools.com/dns_lookup/www.squigglytwigsdesigns.com
And that was the full security related analysis.
polonus
Thank you. I’m sorry to say I’m a novice at this website/blog thing. I’m not website person. My domain is from bluehost. They used afraid.org to connect the domain to blogger for me. I have no idea how or why. I just went with it. I have no code knowledge. Do you have suggestions for how an unknowing person can get this resolved and my blog working again? I’ve got years of work into this blog and client who need to access it.
Hi debjoecarrie,
Steer away from afraid dot org, when that has been established, report via http://www.avast.com/contact-form.php
Often it was found that Milos or another of the avast! team members then unblocked with a coming update.
Or report to virus@avast.com and point to this thread here. Good luck.
polonus
How do I steer away from afraid dot org? I don’t know what was done or how.
Ask your hosting party where the blog is run to do that for you and then you can report to avast! team and then your blog site will be unblocked.
Snap of squigglytwigsdesigns dot com
Google Inc. logo
WeB BuG
squigglytwigsdesigns dot com
Is Hosted by Google Inc.
Hosting: Google Inc. host the domain squigglytwigsdesigns dot com
WHOIS:
IP Address: 216.239.38.21
Name Servers: ns1.afraid.org, ns2.afraid.org, ns3.afraid.org, ns4.afraid.org
With afraid dot org you really cannot know whether your blogsite is your blogsite any longer, that is why avast! blocks sites with afraid org nameservers, like
ns1.afraid.org [‘50.23.197.95’] (NO GLUE) [TTL=172800]
ns2.afraid.org [‘208.43.71.243’] (NO GLUE) [TTL=172800]
ns3.afraid.org [‘69.197.18.162’] (NO GLUE) [TTL=172800]
ns4.afraid.org [‘70.39.97.253’] (NO GLUE) [TTL=172800]
NS records got from your nameservers listed at the parent NS are:
ns4.afraid.org [‘70.39.97.253’] [TTL=3600]
ns1.afraid.org [‘50.23.197.95’] [TTL=3600]
ns2.afraid.org [‘208.43.71.243’] [TTL=3600]
ns3.afraid.org [‘69.197.18.162’] [TTL=3600]
SOA serial number error: Your SOA serial number is: 1404290001. This does not appears to be in the recommended format of YYYYMMDDnn.
Your wXw.squigglytwigsdesigns.com A record is:
ghs.google.com->wXw.squigglytwigsdesigns.com ->[64.233.171.121]
[Looks like you have CNAME’s]
polonus
Thank you. I’ll find someone to take this for me. I remember the bluehost guy doing these things. He did say, it wasn’t part of his normal job. That he was just helping me out. But, I have no idea how to find a different company to replace afraid dot org. Or how to make the appropriate changes.
Hi debjoecarrie,
Read in this thread why avast! holds that policy viewon “a perceived-shady free DNS provider like afraid.org” : http://forum.avast.com/index.php?topic=141924.msg1032791#msg1032791
A different position is held here in this thread: http://christopherwardforum.com/viewtopic.php?f=3&t=5549 (poster there = JoeIndy)
polonus
Glad I can tell you blogger isn’t blocked any longer,
polonus