Is it possible to get some kind of human to review a website that has been blocked.
Not if you don’t mention the website 
Make the link non clickable.
www.clicksilver.org
Kaspersky dont like it
https://www.virustotal.com/en/url/56e40665a5962282221de99a1ba2f5f9b9517c20de8436ac33f4071ccc6be471/analysis/1464290783/
All shields enabled, AOS active and avast is not blocking it.
There is a JQuery problem that should be fixed :
http://retire.insecurity.today/#!/scan/d6d732d85c0b5118672228e9e21eb623646e52f8ab264aefec8c9e1ace309419
I’l look in to that. I don’t now what happened while the address was supposed to be parked but it currently doesn’t contain malware. Is that Kaspersky flag the reason avast is preventing me opening my site? The icon in the toolbar says it was due to votes.
Is that Kaspersky flag the reason avast is preventing me opening my site?No that would be why those with kaspersky should see your site blocked
Thanks for the info, I’ll talk to them as well.
Norton jumps up on Drive-Bys: https://safeweb.norton.com/report/show?url=www.clicksilver.org
Please check the website headers: https://securityheaders.io/?q=https%3A%2F%2Fclicksilver.org%2F
Howto: https://scotthelme.co.uk/hardening-your-http-response-headers/#server
Potentially suspicious file found: http://quttera.com/detailed_report/clicksilver.org
The googleapi jquery file is Potentially Suspicious?
You are using a old version that has vulnerabilities
There is no imminent threat there, but there is insecurity.
One of the certificate issues on the redirect to the https site is Warnings
Root installed on the server.
For best practices, remove the self-signed root from the server. GoDaddy Group Root Certificate installed.
Insecure IDs tracking: 100% of the trackers on this site could be protecting you from NSA snooping. Tell clicksilver.org to fix it.
All trackers
At least 7 third parties know you are on this webpage.
-maxcdn.bootstrapcdn.com
-netdna.bootstrapcdn.com
-www.clicksilver.org
-Google
-shaaaaaaaaaaaaa.com
-Google
-fonts.gstatic.com Google
Take this up with the hoster for the OCSP server, it is vulnerable :o
DROWn exploitable: https://test.drownattack.com/?site=http%3A%2F%2Focsp.godaddy.com
So there is no actual malware threat, but the website comes AOS flagged for which we should hear from Avast Team Member to know the reason why this site is being flagged. There certainly is insecurity that should be mitigated or taken up with the hosting party. Best policies not maintained, so site could be configured considerably more secure.
polonus (volunteer website security analyst and website error-hunter)
Not at the time that scan was run.
It all depends. Code vulnerabilities are always for code that has been tested and given free to use as “fit to use” until later it appears it better could be retired, so zip filed for later reference and replaced by a later version, sometimes could even lead to malware issues, but not always. We sometimes see vulnerable and invulnerable code parade alongside on one and the same website. For the code given as potentially suspicious by Quttera this means it depends for the vulnerability to be a threat where the code has access, for instance when there is not “same origin”, external script with mising SRI hashes implemented and then we have an advanced risk factor. In that case we skim through the javascript and get
[detected] script
info: [decodingLevel=0] found JavaScript
error: line:3: SyntaxError: missing : after property id:
error: line:3: [[{returnnull!=a%26%26a===a.window},isNumeric:function(a){varb=a%26%26a.toString();return!n.isArray(a)%26%26b-parseFloat(b)+1>=0},isPlainObject:function(a){return"object"!==n.type(a)||a.nodeType||n.isWindow(a)?!1:a.constructor%26%26!k.call(a.constructor.p
error: line:3: .............^
The vulnerability of it all depends on the complicated chain issues to know how that risk should be validated (low, medium, critical).
I would not take chances.
The SSL (in)security that is offered by GoDaddy’s and comes i.m.o. as “under par”
and that is your decision to offer your visitors less security than they could have with for instance dedicated hosting.
polonus
SSL through godaddy might be subpar but I’ll take an ssllabs A+ https://www.ssllabs.com/ssltest/analyze.html?d=www.clicksilver.org (Granted I didn’t have Public Key Pinning earlier today.)
Isn’t that only a problem if you allow sslv2 connections.
Hi Michael341,
Not allowing isn’t enough, supporting it is already enough to be vulnerable.
It is medium risk for all servers up in the chain and you really won’t be knee-jerked until the moment
you have an eventual CryptoLocker issue at your hands.
If you have you will have a completely different situation to cope with and some explanation to do to your CEO.
That GoDaddy did not mitigate the medium DROWn vulnerability cannot be taken as a big advert for their public services to put it mildly.
Often cost-effectiveness wins over end-user security. So their vulnerabilities are their concern (GoDaddy’s).
As I said before do not speculate or take chances.
We report to you as far as we have relevant knowledge, mitigate the issues reported to you as best you could and feel more secure.
Some folks are still copying code on the Interwebs and so they copy the bugs and insecurity of other coders too. A bad habit.
Test the code chain yourself and feel more secure.
polonus
Hey Michael,
SSL is now available for free by providers such as Cloudflare https://www.cloudflare.com/ and Let’s Encrypt https://letsencrypt.org/.
If you’re paying for GoDaddy SSL, may I suggest switching to one of these providers after your plan is up? This is just a suggestion and by no means do you have to change your provider. As a developer myself, I love free things. Now that strong SSL is virtually free for any website, I can’t imagine paying for SSL certificates again.
Donovan
I would not go for free services for it always comes “at a cost”, else it would not be free.
A ‘toy’ certificate is not what a company would want.
polonus