While working on a webpage that I am building for my business (that needs to go live in July) I found out that my site had been blacklisted by Avast.
The blacklisted domain is: https://www.baronatelier.com
For context, I am using Wix, and have not added any customization to the page beyond the default components of the platform.
I also checked with several malware detection pages and the only issue found was one detection by CRDF on VirusTotal, which I have seen as a common theme with other similar posts on this forum.
This issue has been going on for over 10 days now, and I have run out of ideas. I’m desperate as I cannot delay the launch of the business.
First off, thanks a lot for your reply. I had read that they were no longer replying, but without feedback and the site remaining blocked, I did not know what to do…
With regards to the reports you sent:
[i]
Potentially suspicious content reported here - https://quttera.com/detailed_report/baronatelier.com[/i]
From the looks of it, seems to have to do with the cart, but I did not alter anything form the original code from wix. I am looking into it, any ideas are welcome.
[i]Not sure if this isn’t a host related issue - https://www.abuseipdb.com/check/185.230.63.171[/i]
I assume it must be, I have only had this domain since a couple of months ago, but the alerts go way back. Also, the site was published for some time without issue, so I assume if the blacklist was due to this it would have triggered earlier.
I am a bit puzzled by the /cart suspicious code. I’m afraid I am not that savvy when it comes to coding. If anyone could take a look and point me in the right direction, that would mean the world.
Just got off the phone with Wix’s support team, they said the following:
On the /cart code issue: In all honesty, I do believe they did not review the code that I sent on my call request… however, I am inclined to agree with their logic. They said that since the code is the default Wix implementation it cannot be faulty, as millions of sites run it without issues with Avast.
As a side note, I have tried to access the bit of code myself and it does not seem to be possible to alter that section within Wix’s editor other than selecting the font and the display.
And with regards to the firewall: they said that the site is “fully secured” with Wix’s own security; that the site does have a firewall and that everything is running smoothly…
So, back to square one…
I know they don’t usually answer, but Is there any chance at all to get someone from Avast to provide any feedback, or to look at the case again? I am so sorry for asking, but I really do not know how to proceed from here.
If anyone has any idea about how to move forward, please, I am desperate…
Wix’s support has suggested contacting Quttera directly to report the case as a false positive. I have just done so. Hopefully that alert will get removed soon.
As for the rest of the issues, I have been digging into wix’s documentation and I don’t believe there isn’t a lot I can do about security headers or the site’s firewall as those seem to be managed by wix.
Unfortunately as an Avast User I’m limited in what I can do - one thing I have seen before is historic web domains/Ips with previous issues remain an issue.
This certainly isn’t my area of knowledge web site development.
I don’t know if it will help, but I got good news regarding the other false positives:
I wrote yesterday to CRDF asking them to remove the alert and they have done so.
Also, Quttera wrote back and they also removed their alert, so now, the site should not rise any flags on virustotal!
San oversight:
HOSTING DETAIL
Web Server:
Pepyaka
IP Address:
34.149.87.45
Hosting Provider:
GOOGLE-CLOUD-PLATFORM
Shared Hosting:
317 sites found (use Reverse IP to download list)
Title:
Inicio | Baron Atelier
0 issues
Issues found during a high level analysis of the target site. It is recommended that further active scanning be undertaken for a more accurate assessment.
Blacklists and Threat Intel
A check of threat intelligence sources and blacklists was performed against the hostname and IP address of the target. The findings will identify reputation issues or even the presence of malicious code.
DShield CLEAN
AlienVault OTX
CLEAN
Cisco Talos CLEAN
abuse.ch (Feodo) CLEAN
URLhaus CLEAN
Spamhaus (Drop / eDrop) CLEAN
Google Safe Browsing is maintained by Google and used to by Chrome to warn users that they are about to visit a malicious site. Use the link to perform a live check of the target site.
Virus Total is a powerful analysis engine that uses threat intelligence and antivirus to help researchers track malware. References found on Virus Total may contain live malware. Use with caution.
If the IP address of a shared hosting server is listed in a blacklist, it may simply indicate one of the hosted websites has been compromised. It does not neccessarily indicate an immediate threat to another site on the same host, but should be investigated. Multiple listings from a shared hosting server may indicate a hosting service with poor reputation or poor security practices.
Take care visiting the listed threat intelligence resources. Links, hosts and references may contain live malware and should be treated with caution.
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.
There are likely more plugins installed than those listed here as the detection method used here is passive. While these results give an indication of the status of plugin updates, a more comprehensive assessment should be undertaken by brute forcing the plugin paths using a dedicated tool.
Reputation checks have been performed on the IP address for each of the linked sites. Hosts found on blacklists with poor reputation may be a threat to users of the site. Hosting and locations are also included in the results.
Externally Linked Host Hosting / Company Country pinterest.com FASTLY instagram.com FACEBOOK
Javascript Resources