Hi, Hope somebody can help. Avast has been blocking access to my website for a few days. I am absolutely sure there is no problem with it. The website backup is on my hard drive and is also scanned by Avast and no problems are found. The virus database signature numbers are 160129-0 and 160130-0 which say my website is malicious. I can assure you it isn’t. I have even reloaded the complete site and contact form just in case. This has never happened before. What can you do?.
The site in question is hxxp://www.kevinelvin.me.uk/
Thanks
Kevin E
URL:Mal = IP and/or domain is blacklisted/blocked
It doesn’t mean by default that the website is infected.
Running scans now.
Will post results soon.
Blacklisted :
http://urlquery.net/report.php?id=1454232311503
http://urlquery.net/report.php?id=1454232344771
http://zulu.zscaler.com/submission/show/6c87f7f3f556136aff418e2f45fefff2-1454232154
http://multirbl.valli.org/lookup/188.65.115.178.html
If you believe avast should allow your site, submit a ticket and ask them.
Hi kevin_elvin,
What comes up with a scan and is probably what Avast flags could be either iFrame or IP related:
First the iFrame scan that came up:
iframes
Any iframes? Yes there are. show.
Some sinks and sources here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.kevinelvin.me.uk%2Fforms%2Fcontact_me%2Fscripts%2Fgen_validatorv5.js
Reverse DNS is vulnerable to Heartbleed, take that up with your hoster, certificate issue: http://toolbar.netcraft.com/site_report?url=https://omicron.srv2.com
More on Nameservers there for your site:
Name Servers Versions
WARNING: Name servers software versions are exposed:
-188.65.116.176: “PowerDNS Authoritative Server 3.3.1 (-jenkins@autotest.powerdns.com built 20150710191720 root@nsmk.srv2.com)”
-188.65.118.219: “Served by POWERDNS 3.1 $Id: packethandler.cc 2579 2012-04-26 11:28:04Z peter $”
Exposing name server’s versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system. Learn how to hide version.
Your website is insecure in these respects: 33% of the trackers on this site could be protecting you from NSA snooping. Tell kevinelvin.me.uk to fix it.
Unique IDs about your web browsing habits have been insecurely sent to third parties.
8a63081xxxxxxxxfba41dedf16fa343c -www.kevinelvin.me.uk phpsessid
-local.adguard.com __cfduid
At least 3 third parties know you are on this webpage.
-Google
-www.kevinelvin.me.uk
-local.adguard.com -local.adguard.com (extension, also Blur has access).
The main issue for the eventual blocking as far as I can see it, is that you share that IP with other domains that are blocked: https://www.virustotal.com/en/ip-address/188.65.115.178/information/
Ask Avast for an exclusion for that IP-address-block, this should be done by an Avast Team Member,
as we here are just volunteers with relevant knowledge.
polonus (volunteer website security analyst and website error-hunter)
We do not block the domain, but the IP (188.65.115.178) instead. Please move to another IP, there is so much going fishy with that IP that I do not see it being unblocked in the near future.