False positive. Entire website blocked

Please check administracionglobal[.]com for false positive Avast (and AVG) block.

Virustotal and etc. say it is ok. It only uses java script for sane purposes as you can see.
Y don’t understand why it is being blocked.

Thank you!

https://i.imgur.com/9V7KkOp.png

Hi adeleon71.

Site using the server afraid.Follow the suggestion informed.

https://forum.avast.com/index.php?topic=164970.msg1175650;topicseen#msg1175650

There are security problems there :
https://www.ssllabs.com/ssltest/analyze.html?d=usuarios.administracionglobal.com

Hi adeleon71,

Yes, as Eddy states, the security settings with RC4 encryption settings are vulnerable.
RC4 had it’s days and so has to be retired.

F-status here: https://observatory.mozilla.org/analyze.html?host=usuarios.administracionglobal.com (see recommendations).
By the way, sri hashes were properly set, and no retirable jQuery libraries found. :wink:

Two warnings on the asp.net webscan: https://asafaweb.com/Scan?Url=https%3A%2F%2Fusuarios.administracionglobal.com
for excessive server info proliferation and a clickjacking warning! Not all that bad for Microsoft-IIS/8.0. :wink:

See all the sources and sinks here: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fusuarios.administracionglobal.com%2Fvendor.be0bc40d0fac74765937.bundle.js :o
This should be a bit of a concern, but again your same origin settinsg won’t give abusers much chance… ;D

But wait for an official verdict from an avast team member here. We are just volunteers with relevant knowledge.
When your website is found to be clean(sed), they are the one to unblock. Then you are good to go
with the right SSL server settings and steering away from a afraid dot org sub-domain as this is why
avast flags and blocks the site, see: http://www.dnsinspect.com/administracionglobal.com/10125697 :o :-[

polonus (volunteer website security analyst and website error-hunter)

Hi, jefferson sant, polonus and Eddy.
Thank you very much indeed for your quick and accurate advice.

We’ll go on with suggested improvements such as moving away from afraid dot org dns server, which seems to be mandatory. Meanwhile we’ll continue to wait for an official veredict from Avast. Just to cover the whole burden at once. :wink:

Hi adeleon71,

Your welcome. Thanks for reporting and good we all could assist in some way
I think you just solved your problem then.

The avast team member to unblock will be in here after the weekend.
Just wait for his final verdict.

All the best and stay secure both online and offline,

polonus

Hello,
domain will be unblocked in next Steaming update.

Milos

Just to add to that: afraid.org is not the reason, but using the free (public or private) options instead of the paid (stealth) option, and then having the DNS hijacked, is.

Thanks, HonzaZ, for that explanation, that shows the exact problem there.

So when I understand it right, choosing the free public option, one does not know who may own that particular sub-domain.
We will make a note of that, when we see some website scan that shows that particular configuration.

polonus

Right.

With afraid.org, there are 3 options:
public (free): anyone can create a subdomain.
private (free): anyone can create a subdomain, owner of the domain can (afterwards) remove it.
stealth (paid): only the owner of the domain can create subdomains.

Free options sometimes result in bad guys exploiting this, creating subdomains, and pointing them to their (malicious) IP.

Hi.
I want to say thank you to everybody, for your early contribution in this post. polonus, HonzaZ, milos, Eddy & jefferson sant.
We have been studying and will continue to, about this issue.
We already solved that dns (non stealth) subdomain management problem.
On the other hand we attended many other suggested improvements about our site security, and are working on others. E.g. moved subdomain apps to https, and redirected http to it.

However I noted that yet before those enhancements were complete our website was not being blocked by Avast anymore.

Ola adeleon71,

The pleasure is completely on our side. Feel welcome.

Reporting and working to improve website security works two ways.
We are glad to be able to advise you through “cold reconnaissance” analysis by scanning the website.
Our mission is to further enhanced website security in general.
That is what we like to do and grown to be our passion.

As we say: “Every website that turns out more secure through this is gain both for website admins/owners and for visitors alike”.

You reacted quite responsibly in this respect, and now you can reap the benefits thereof, and together we created a win win situation.

Con Dios,

polonus

+1

I wish all website owners would listen and do something with the advise like you did adelon.
That would make the Internet a bit better/safer.

This was the great step you took and recognize that problems and better know how to fix insecurity it in fact if avast had not blocked for sure you would not worry.

You´re welcome : )