How long for a domain to be cleared from blocking?

To my eternal horror and shame, a successful hack meant that bicon.org.uk (then 178.62.7.183) was serving malware for two days in October - 18th to the 20th. Someone reported it to our server hosts on the 20th and the infection was removed that day.

That server was then replaced with a new one, with a new IP address (46.101.19.135), the DNS updated and the old server destroyed. (Much easier with VPSes!)

But a month later, it’s still being blocked by Avast.

I have reported this (today - yes, I know, but today’s the first time I have been told Avast is doing this) but how long are domain names put in the list without actually checking the info remains correct?

sitecheck.sucuri.net/results/bicon.org.uk/ - 10 lists say clean

urlquery.net/report.php?id=1448211933453 - 6/7 lists say clean: it would help if mnemonic.no’s contact form actually worked…

zulu.zscaler.com/submission/show/78cf963d05eeb0b4351ca31f9898c493-1448211900 - says clean (but their geolocation database is wrong: per everyone else, the IP is in London, UK)

Normally it takes between a few minutes and a couple of days.
Depends how busy it is at avast, if there is a holiday, if it is weekend etc. etc.

Edit it is on several blacklists.
You may want to contact them as well and ask for removal.
https://www.virustotal.com/en/url/917ab12af8703f6da8dd13333909059c64096e8aee030847bbdb1972f318fce4/analysis/1448213952/
http://www.urlvoid.com/scan/bicon.org.uk/
http://urlquery.net/report.php?id=1448214057354
http://urlquery.net/report.php?id=1448214060678

Nice to hear that it was cleaned - I have unblocked the domain now :wink:

virustotal.com’s list - done MBL, who said they were removing. Auto Shun’s owners don’t have any proper contact, but emailed. It had (rightly) been on many more of those lists, but they managed to remove it themselves.

urlvoid.com’s list: malware.com.br, emailed.

urlquery.net’s domain lookup list: mnemonic.no - neither their English nor their Norwegian contact forms work (both 404), so emailed.

The combination of this sort of thing plus the way it was added to several lists days after the infection was removed makes me think that far too many lists are run by people only interested in the size of their lists (‘we protect against two beeellion malware sites’) than trivia like them being accurate.

One of those sites saying its lists are “Fast and accurate. Constant updates” produces a very hollow laugh here.

Thanks, and I have also had an email in response to my contact form submission.

Any idea how long before the updates are pushed to users? I have people tearing hair out over the false positives.

Hi superian,

Avast Team Member, HonzaZ, is known to react rather quickly when he found ground to do so. When something comes unblocked by him or by one of his colleagues the change can be as quick as the next coming update of the software. Great that it worked for you, stay safe and secure with Avast both online and offline,

polonus

Any idea how long before the updates are pushed to users? I have people tearing hair out over the false positives.
Ask them to run a manual update and reboot computer (cache / temp files may need to be cleared)

Exactly what others say - unblocking a URL usually takes a couple of minutes, but sometimes Avast at a user’s PC takes a bit longer to recognize it if the domain was accessed from it when it was still blocked. In other words, say I tried to access the domain yesterday. Even though it was unblocked yesterday evening, I might continue to notice issues with accessing it, unless I restart shields/service/Avast/PC. This happens because sometimes Avast does not flush the cache often enough, and (due to performance optimization) doesn’t actually check it again, but fetches the last known result.

I’ve tried visiting it today with a PC with Avast and it’s fine, great!

Thank you!

You’re welcome.

In case you need/want it (in the future), I have many online scanners listed at my simple website.
http://www.ache.nl

… and bounces because the email address they publish on their own site doesn’t work!

I’m not saying several lists are run by complete cowboys, but I can hear moo-ing and smell an awful lot of BS.

UrlVoid is not maintaining a blacklist, they use many resources for the reports.
http://www.urlvoid.com/about-us/