I have tried to contact support by filling the contact form about my site being set as malicious site by avast. Unfortunately, I never get a reply back or explanation so I raise my issue in this forum, hopefully someone can help me to remove this false report.
I hope in the future, avast team should carefully review any incoming reporting as people may think your product is doing the reverse thing rather than pick up the virus/trojan but reporting the false information.
General security issues found with asafaweb: https://asafaweb.com/Scan?Url=www.overpie.com
a. Red alert Custom Errors:
b. Excessive headers warning:
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
c. Clickjacking Warning: It doesn’t look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack. Add a header to explicitly describe the acceptable framing practices (if any) for this site.
Hello,
any domain hosted on afraid.org can be used by other persons for dns hosting without your control. It happened for your domain, it was misused for malicious purposes - in that case, when nobody has control on subdomains of domain (DNS hijacking), we block the whole domain in order to protect our users. For you, the solution is most probably only changing the dns hosting and letting us know later.
Thanks Milos,
I work in web digital agency, where they use afraid dns to host the dns and I dont find any site is being blocked by you guys at the moment. So not quite sure how the measurement is taken by avast antivirus to determine if the site is safe or not. By the way all the domains are controlled private under my account in free dns so it is not open to public to add subdomains. Btw, if it blocks my domain under that my ip address, why my other site like www.dnninfo.com is completely fine, both of them staying on the same ip address. isnt it suppose to block the other site as well? if it is based on IP address?
so based on this one, i believe it is just blocking based on domain name rather than IP address. if you guys could review it again, it would be good, as I tested all most famous antivirus, it passed the test and even google is saying 100% clean.
Anyway, I will let you guys to do another review. Hopefully, in the future avast algorithm detection could be more better and tweaked correctly.
For the IP server there were some gremlins found.
There is some existing issue with x-content-security-policy and one also has to look into cache-control.
About the server configuration security consider the issues flagged here: https://asafaweb.com/Scan?Url=www.overpie.com
It looks like custom errors are not correctly configured as the requested URL contains the heading “Server Error in”.
You spread excessive header information to the world and attackers
There is a click-jacking warning.
overpie.com points to 91.205.232.162 and 91.205.232.16
On 21th Nov this subdomain was created: anas28za.overpie.com pointing to 192.40.56.226 which is PURE EVIL.
So, despite what you think, even private domain registration on afraid.org does not protect you from this.
And our logic is easy - as soon as ‘your’ domain is not in ‘your’ hands and was used for malicious purposes, it’s malicous.
For comparison, also these domains were hosted on such ip, check their whois - hosted on afraid.org as well.
Hi Jindrich
Thanks for that. I probably will just take the dns out from afraid.org, once i take this out from this free dns. do i need to notify you guys?
Hi Milos,
I have created the ns1,ns2 dns server in godaddy instead and host those ip directly pointed to my private server.
it is now properly directed. you can check it here. http://whois.domaintools.com/overpie.com
Hopefully you can remove my domain…
thanks for the advise though…