It appears that in the last couple days my website has been blocked by Avast. It’s just a personal site, no big deal, but I’m trying to figure out why it has been blocked. After looking over the logs on the server, there has been no suspicious login activity, so I started focusing on the software itself. Apache is up to date, as is simple machines. I looked through the other directories on the webserver and couldn’t find anything suspicious. UnmaskParasites didn’t complain about anything on any of the directories.
I’m really at a loss here as to why my site has been blocked. If it’s infected with something, I’ll fix it - if it hasn’t been, why has it been blocked?
Not found on hphosts black list.
Neither on mdl.
up returns ok.
wepawet returns ok.
My virtual machine seems to be messed up. Not able to connect to the internet. Will surely post some update here later. Even if I didn’t find anything.
I too dont believe that wepawet is telling us the right thing. There was a recent attack on apache.org too… may be an apache a related issue… Idk… may be it is not apache problem. my vm is not able to connect to internet.
Full disclosure, I took down the un-used SMF forums I had on the front page to see if that would help anything, replaced it with the “Sup” page that is there now. I did this AFTER the wepawet scan however.
I have upgraded to the latest apache build, even still, I have a much higher traffic site hosted on the same Apache instance which is not being reported as “bad” by Avast or anything else.
So my question is, is Avast actually detecting something live when I go to the site, or is it just because my URL is in a database somewhere that Avast is complaining?
Well you can do it here or send an email to them with the link to this topic in the body. virus[at]avast[dot]com . Idk whether there is any other email id for reporting n/w shield fps. ;D
I really wish there was some more verbosity around these errors. JS:ScriptPE-inf [Trj] apparently is a generic label to any apparently malicious javascript. Except before I removed the forums, I looked, and there wasn’t any there. Anyway, at the very least, there is absolutely NO javascript there now as I replaced the forums with a single static page, and have sent an e-mail to the one nmb mentioned. Hopefully I’ll get some more info.
Asyn, I looked at those topics before writing this, again, no help. The JS just isn’t there, and apparently this is now a blacklist issue not an active detection issue.
Once blacklisted it could take some time…
It would be interesting, how long exactly!
So, please could you post back here, if the issue is solved…!??
Thank you!
asyn
Even in avast 5, network shield blocks it, but if you disable network shield, you will then get the trojan error itself. So I’m getting this multi-pronged block against the site and I have no idea why.
If it is not a blacklist, what exactly is it finding wrong with the index.html containing nothing but “Sup” ? Even using a telnet session to the page to inspect the headers shows nothing out of the ordinary.