Hi,
I am the owner of this website, and AVAST it is freaking some customers, and they accuse me of trying to infect them with viruses.
The website is not on any block list, it uses java script … I scan it with a dozen tools, and I could not figure out why AVAST has it blocked.
=))
U make me laugh ;).
I wonder what, because an avast user told me that 5 days ago he did not have a problem visiting the site.
And now he can not. In the mean time i did not change anything on the scripts.
Most actual issues were already being addressed by my forum friend, Eddy.
Some additional findings about this website’s security.
When kicking up urlquery dot net I got a connection time out from 2014-10-09
→ http://www.urlquery.net/report.php?id=1412856958671
There is a benign server redirect found:
Code: 301, htxp://fundatiacomunitaragalati.ro/semimaraton/
No redirects to other websites
Here the site is been given the OK: http://zulu.zscaler.com/submission/show/7d8e88f91ce8f21fd49fbc168c284c31-1412859618
External links to be checked were:
htxp://www.fundatiicomunitare.ro/ → ‘’
htxp://www.arcromania.ro/ → ‘’
hxtp://www.ffcr.ro/ → ‘’
htxp://www.repf.ro/ → ‘’
htxp://www.mott.org/ → ‘’
htxp://www.raiffeisen.ro → ‘’
htxp://www.rafonline.org →
Server Software & CMS
open http Apache httpd 2.4.6 ((Ubuntu)) Outdated Web Server Apache Found Vulnerabilities on Apache 2.4 Apache/2.4.6
2 disallowed entries in robots.txt
|_http-generator: WordPress 3.9.2 has various 0-day vulnerabilities.
CMS wordpress 4.0
So patch and protect!
HTTP-Header Insecurities to be addressed:
X-Frame-Options does not appear to be found in the site’s HTTP header, increasing the likelihood of successful clickjacking attacks.
Strict-Transport-Security does not appear to be found in the site’s HTTP header, so browsers will not try to access your pages over SSL first.
Nosniff does not appear to be found in the site’s HTTP header, allowing Internet Explorer the opportunity to deliver malicious content via data that it has incorrectly identified to be of a certain MIME type.
We didn’t detect any mention of X-XSS-Protection in headers anywhere, so there’s likely room to improve if we want to be as secure as possible against cross site scripting.
We did not detect Content-Security-Policy , x-webkit-csp, or even x-webkit-csp-report-only in the site’s HTTP header, making XSS attacks more likely to succeed.
Server: was found in this site’s HTTP header, possibly making it easier for attackers to know about potential vulnerabilities that may exist on your site!
X-Powered-By was found in this site’s HTTP header, making it easier for attackers to know about potential vulnerabilities that may exist on your site!
Permitted-Cross-Domain-Policies does not appear to be found in the site’s HTTP header, so it’s possible that cross domain policies can be set by other users on your site and be obeyed by Adobe Flash and pdf files…
See XSS vulnerable htxp://fundatiacomunitaragalati.ro/semimaraton/wp-content/themes/pictorico/js/skip-link-focus-fix.js?ver=20130115
Site is vulnerable, but as far as I can establish not malign, so contact via www.avast.com/contact-form.php
In the above website analysis I speak about a particular third party WP application pictorio has.
Not clear that innerHTML sink going to cause a false positive because we only into third party scanning here.
But it could be wise for the coder to drop the use of innerHTML altogether and change to using html2dom -
the code there has 43 sources and 13 sinks found for DOM XSS evaluation. The sinks in the software DATA are starting points
where untrusted input data is taken by an application - innerHTML is a so-called HTML Element Sink like document.write etc.
So these issues should be taken up with the coder of skip-link-focus-fix.js
See: http://jsunpack.jeek.org/?report=a3d616bf4f36bb4e6117476dce909c20b561a2c3
Above link for security research only - open up with NoScript active and inside a VM/sandbox
But all that was not the cause of the avast! blocking. The blocking was because site is hosted at afraid dot org.
Name server ns1.afraid dot org
Name server ns2.afraid dot org
Name server ns3.afraid dot org
Name server ns4.afraid dot org
All websites at afraid dot org are being blocked by avast. Steer away from afraid dot org and an avast team member may unblock site.
I cannot unblock because I am a volunteer website analyst with relevant knowledge and not an avast team member.
So contact them after the site has another nameserver via www.avast.com/contact-form.php
Hello,
any domain hosted on afraid.org can be used by other persons for dns hosting without your control. It happened for your domain, it was misused for malicious purposes - in that case, when nobody has control on subdomains of domain (DNS hijacking), we block the whole domain in order to protect our users. For you, the solution is most probably only changing the dns hosting and letting us know later.
My site it is not hacked.
I use afraid org, but if anyone wants to attache to my domain I have to give permission. I use afraid org, because it is a free dns provider that is very good till now. Do you have other ideas, other free dns?
Yes, Eddy is right, read the first line in Milos’s reply. He is an avast! team member and he gives the reason for avast! blocking sites with afraid dot org nameservers ( at least 3 or rather 4). The security there is “out of your hands” and that is the reason your site us being blocked to protect the avast"user community.
However there are some free alternatives:
No-IP
Redundant high speed dynamic DNS service. Well tested and reliable/durable. Server monitoring also available.
XName DNS
Another popular free DNS provider, supports IPv6, and auto-import to migrate from your old DNS provider.
ChangeIP
ChangeIP offers dynamic DNS and email services.
Eddy is right again, but I like to precise that a bit further for you.
I would say a decent host is a dedicated host and not a hosting party where your domain shares one and the same IP with one hundred to a few thousand other domains, which environment could get you a general IP blocking when that IP is not kept benign enough and free of malware ridden domains. Often where money comes first website security is often not a first priority.