Hello there!
I’m new to this forum and I’d like to ask for a help.
My website www.carlosrgl.com is being blocked by avast. When i try to get into the site i have a message like URL:mal.
All other antivirus software products said it’s OK.
I am sure that my website is clean, therefore i would like you to take a look at it and remove it from your blacklist.
Here are some links.
Some issues: WARNING: your DNS servers originate from only one autonymous system (network). Locating DNS servers on multiple networks will improve resilience
Site potentially harmful. But seems secure at the moment.
XSS vuln. Results from scanning URL: htxp://code.jquery.com/jquery-latest.min.js
Number of sources found: 43
Number of sinks found: 19 → a.innerHTML="
Plesk shellshock vulnerability.
name server software version is exposed: 50.23.136.173: “Served by POWERDNS 3.1 $Id: packethandler.cc 2579 2012-04-26 11:28:04Z peter $”
Security Headers Report:
Result Category Name Actual Value Our Recommendation
Missing Framing X-Frame-Options Use ‘sameorigin’
Missing Transport Strict-Transport-Security Use ‘max-age=31536000; includeSubDomains’
Missing Content X-Content-Type-Options Use ‘nosniff’
Warning Content Content-Type text/html Use ‘text/html;charset=utf-8’
Missing XSS X-XSS-Protection Use ‘1; mode=block’
Missing Caching Cache-Control Use ‘no-cache, no-store, must-revalidate’
Missing Caching Pragma Use ‘no-cache’
Missing Caching Expires Use ‘-1’
Missing Access Control X-Permitted-Cross-Domain-Policies Use ‘master-only’
Missing Content Security Policy Content-Security-Policy Try Content-Security-Policy-Report-Only to start. Include default-src ‘self’, avoid ‘unsafe-inline’ and ‘unsafe-eval’
Warning Server Information X-Powered-By PleskLin Avoid header
At virustracker I get: carlosrgl.com,5.56.63.214,dns01.gigas.com,Parked/expired,
Registered And Active Website 3 changes on 3 unique name servers over 0 year
DNS report: http://www.dnsinspect.com/carlosrgl.com/1415737506
Malicious domains on host: 94.31.29.53 should be considered Malwr report.
Yes contact avast and ask their advice.
And for the security errors I have found for the server side of your website,
you should contact those that host your website/
Ask them to implement a more secure server configuration.
They can get a scan here to get a more detailed report
on header security hardening via: http://cyh.herokuapp.com/cyh
Your site is not malicious as such,
but websecurity wise there are “some t’s to be crossed and some i’s to de dotted”.
Thank you for the interest you take in your website’s security status.
You are a responsible webmaster that cares about the security of the visitors of your website.
Stay safe and secure both online and offline,
polonus (volunteer website security analyser and error hunter)