Hi team and all,
Happy New Year and all the best!
So: Avast blocks my site hxxp://type2diabetestreatment.net because of positive JS:Script-inf and URL:Mal
The site is absolutely clean.
Please whithelist it.
Thanks a lot in advance.
URL:Mal is never a false positive.
As has been explained many times already, it means the domain and/or IP is blocked and that is true or you would not see the message.
Blacklisted IP (Phishing) :
https://www.virustotal.com/en/ip-address/148.163.92.69/information/
Blacklistings on that ASN :
http://urlquery.net/report.php?id=1483777760699
Wordpress issues :
Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.
ID User Login
1 Dr. Roy Taylor secret-guide-revealed
2 None
Vulnerable library :
http://retire.insecurity.today/#!/scan/8ebaa061d958fa9afce5662f0cdcc78e80588c76d78251bee06ecc50c446b52c
Other things :
- The ad pop-up must go.
- Site is also giving false information.
Thanks. But
- I purchased this domain a short while ago and cannot accept responsibility for the past owners. Additionally: NOT the past owner of my domain did pishing but a completely other domain. Why do block MY domain??? It is on this server just 2 weeks!
- This IP is the IP of my hosting provider. And because of this you block my site??? Nobody can switch a hosting provider every day
3 Pop-up must go? In this case you have to block the whole internet! - Site is giving the false information? Which one? And you have to block the whole internet in this case as well.
- What is user enumeration and why should it be bad?
- How can I remove Vulnerable library ? My WP theme includes this. And again – you have to block the whole internet because of this.
So: please remove this FALSE positive
As I said, it is not a false positive.
1] It is a IP block, not a domain block.
2] And ? There is malicious activity on that IP and that is why it is blocked. You can prevent this by using dedicated hosting.
5 + 6] If you have to ask, you shouldn’t be running a website or hire someone who does know how to run/setup one.
to “2] And ? There is malicious activity on that IP and that is why it is blocked. You can prevent this by using dedicated hosting.
5 + 6] If you have to ask, you shouldn’t be running a website or hire someone who does know how to run/setup one.”
Super suggestion, Eddy! I hope you have already enough money for me for using dedicated hosting and to hire someone to run/setup one!
Shame on you!
With shared hosting there is always the risk the IP gets blocked if a domain on that IP is malicious.
That is the risk you took and now you see what can happen.
There seems to be a script on the website that loads a blacklisted URL or content from a blacklisted URL
On my site? Can it be the script on the hosting itself?
How can I find out what script does this?
Thanks again.
Yes, it is on your site.
Delete the scripts on it one at a time and run a scan on each time you have removed one.
Start with removing the pop-up ad.
to “run a scan on each time you have removed one”
Eddy, you mean a scan using virustotal?
If yes - have I to scan my main URL?
Thanks
Hi tm0 & Eddy,
This is also a problem:
WARNING: Found mail servers with inconsistent reverse DNS entries. You should fix them if you are using those servers to send email.
Server IP PTR (Reverse) IPs
-type2diabetestreatment.net. 148.163.92.69 -we.love.servers.at.ioflood.com. 96.45.82.184, 96.45.83.17, 96.45.83.217, 96.45.82.85
All mail servers should have a reverse DNS (PTR) entry for each IP address (RFC 1912). Missing reverse DNS entries will make many mail servers to reject your e-mails or mark them as SPAM.
All IP’s reverse DNS entries should resolve back to IP address (IP → PTR → IP). Many mail servers are configured to reject e-mails from IPs with inconsistent reverse DNS configuration.
Then we a B-status here: https://sritest.io/#report/6a9a460a-3e51-4edb-aec2-addc59be4dda
polonus
Thanks, Polonus, for this advice.
But now I’m lost and don’t know what to do…
Should be taken up with fabulous dot com - domain name phishing and spam abuse…
Observed subdomains
-www.type2diabetestreatment.net
-karaktervolhaitula.type2diabetestreatment.net
-bolsevikkejeprealistisiin.type2diabetestreatment.net
-koersla.type2diabetestreatment.net
-enmesh1-parmacety.type2diabetestreatment.net
-narcissique.type2diabetestreatment.net
-railstunshapesvleesboom.type2diabetestreatment.net
-obstruer.type2diabetestreatment.net
-jetslag-multiplicaties.type2diabetestreatment.net
-purppurivalssi-fed0.type2diabetestreatment.net
But wait for an Avast Team Member to explain the abuse to you, and why site or IP has become blocked
and site is shown as dangerous by AOS!
Also consider: https://www.virustotal.com/nl/domain/fabulous.com/information/
avast detects JS:HideLink-A [Trj] there. fabulous dot com is your registrar!
polonus (volunteer website security analyst and website error-hunter)
But Fabulous.com is one of the biggest domain registrars worldwide!
Now I don’t understand anything…
Start learning and for now find someone who does have relevant knowledge and let him/her help you to solve the problems.
And yes, it can be you need to get paid help.
Eddy, maybe the paid help is my need, but I don’t have the money for. Please spare such the advises for you. Better give a report why the domain was blacklisted.
Thanks.
We already told you why the IP is very likely blocked.
If you don’t have the money for a hired help, start learning (fast) and solve the problems yourself.
There really isn’t anything we can do as we do not have access to that server and your settings.
Let us wait for an Avast Team Member to comment the situation.
But it seems that there are issues:
https://mxtoolbox.com/domain/type2diabetestreatment.net/ 1 error and 8 warnings.
polonus
Thanks, guys, for the information.
Now I will setup a completely fresh WP and will see if Avast will find some suspicious scripts.
And we wait for an Avast team response.
I deleted all files on my domain, all databases and installed a fresh WP.
There is nothing more what should have the HTML:Script-inf on virustotal.
But Avast shows it.
So: It cannot be my site! WP itself infected?