Clean Site Blocked by AVAST

Our site www.sakugacity.com has been blocked by Avast.

I have checked it against blacklists and it comes up clean every time. The site is new and on a shared host, which could contribute to it?

We will be moving to better servers within the next few weeks, but for now, members are reporting not being able to get onto the site and we’ve found that the common denominator is Avast.

Check your headers if possible:

https://securityheaders.io/?q=http%3A%2F%2Fwww.sakugacity.com%2Findex.php
https://securityheaders.io/?q=https%3A%2F%2Fwww.sakugacity.com%2Findex.php

Outdated libraries:

http://retire.insecurity.today/#!/scan/e1dc99c6d63496f0f50cb200f97aa8b2179caee62c77b2c1c6a0de6556c8eb53

Update Apache and PHP to the newest versions, or dump Apache and go with NGinx (free) or LiteSpeed (Free or Paid).

Many blacklisted domains on same IP https://virustotal.com/en/ip-address/107.180.28.96/information/
Click more button under list(s) for more info

So our site is being blacklisted because other sites hosted by GoDaddy on that server are malicious?

If a IP contain lots of malicious activity it may happen, but only somone from avast lab can tell why it is blocked

Check back tomorrow

I will do. Thank you for your help.

Hi ShannonApple,

Yes there are issues for that website: https://mxtoolbox.com/domain/www.sakugacity.com/
Certificate Issues.
Please contact the Certificate Authority for further verification.
You have 1 error
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Info
BEAST
The BEAST attack is not mitigated on this server.
Certificate information
This server uses an Organizationally Validated (OV) certificate. Information about the site owner has been validated by Starfield Technologies, Inc. to help secure personal and financial information.
Common name:
*.prod.iad2.secureserver.net
SAN:
*.prod.iad2.secureserver.net, prod.iad2.secureserver.net
Valid from:
2015-Jan-20 17:58:38 GMT
Valid to:
2018-Jan-20 17:58:38 GMT
Certificate status:
Valid
Revocation check method:
OCSP
Organization:
Special Domain Services, LLC.
Organizational unit:

City/locality:
Scottsdale
State/province:
Arizona
Country:
US
Certificate Transparency:
Not embedded in certificate
Serial number:
00e54c70767dbb74ec
Algorithm type:
SHA256withRSA
Key size:
2048
Certificate chainShow details
Starfield Secure Certificate Authority - G2Intermediate certificate
*.prod.iad2.secureserver.netTested certificate

When you go to your IP address, avast also blocks that IP, see why: https://www.virustotal.com/en/ip-address/107.180.28.96/information/

When your website is hosted by a bulk hoster with many website domains hosted on one and the same IP, you certainly run the risk
of being blocked because of the misdeeds of other website domains on that same IP address.

Big Big Bulkhosting certainly has it’s disadvantages and in the case of GoDaddy some 10402 Blacklisted URLs hosted on their Autonomous System.
See: http://sitevet.com/db/asn/AS26496

My safe bet is your site has been IP blocked by avast. But hear the final verdicht from an Avast Team Member as we are just volunteers with relevant knowledge and experience.

polonus (volunteer website security analyst and website error-hunter)

Yup exactly, there were so many malicious domains that we autoblocked the IPs as well. We do realize that this harms some legit users, so we are in the process of unblocking the IPs and blocking the (malicious) domains manually.
sakugacity.com should be ok in the next update :wink:

Awesome. Thank you so much. :slight_smile:

We will be moving to better servers within the next few weeks
I sure hope you step away from GoDaddy. Also take care of the vulnerable libraries and other things that have been reported.

Thank you. I’ve linked this thread so that our tech people can look into it.

Oh we are for sure. We decided on moving it before this happened. This accelerated the process. We just want to make an informed decision that will last long term.

Hi ShanonApple,

That is not only an informed decision…it is a security responsible one as well.
Congratulations.
That sure is the bonus you gained for reporting here
and your Tech people will certainly know what to do now.
Stay safe and secure both online and offline,

polonus (volunteer website security analyst and website error-hunter)