Hello!
I have a problem with blocking my website. There was an accident which was fixed already. But some of the site URLs stay in the blocklist and Avast is blocking access. How I can rescan the site and update the threats list? My site is “filigrana-spb.ru”.
Thanks in advance.
Norton safeweb > https://safeweb.norton.com/report/show?url=filigrana-spb.ru
Urlvoid > http://www.urlvoid.com/scan/filigrana-spb.ru/
2016-10-25 21:49:01 hxxp://filigrana-spb.ru/counter/5.bin CD768CA7F5E2347D0FBD338C75A64A20 5.101.152.55 RU PHP/Filecoder.D trojan
If you think it is wrong > https://www.avast.com/report-a-url.php
Large amount of blacklistings on that IP :
https://www.virustotal.com/en/ip-address/5.101.152.55/information/
Blacklisted :
http://www.urlvoid.com/scan/filigrana-spb.ru/
https://sitecheck.sucuri.net/results/filigrana-spb.ru
Blacklistings on the IP and AS :
http://urlquery.net/report.php?id=1484475556059
Vulnerable libraries used :
http://retire.insecurity.today/#!/scan/51e4dc515b7c3e21ccad34a308a6e50c41e5223c3a56939fb2c037b2f86123a1
all that infected blacklisted resources had been removed from the site. the question was how can i speed up blacklist-databases update if it is possible.
The simple answer is that you can’t speed up things.
Only thing you can do is ask the ones who blacklist the domain/IP is to have a look at it and request they remove it from their blacklist.
Advise :
- Get away from that IP (and perhaps even the host).
- Get get dedicated hosting.
- Update the vulnerable libraries (if there are newer version without vulnerabilities), or don’t use them at all.
thanks at all. will think of changing the host
Hi versus2,
Apart form Eddy’s advice, there is room for some general improvement on the website code as well.
Try to generate the appropriate SRI hashes for the two issues seen here: https://sritest.io/#report/aadb2907-42bf-4fe8-8fba-e2212d9861a5
Consider the issues with the F-status scan here: https://observatory.mozilla.org/analyze.html?host=filigrana-spb.ru
The implications of these scan results: http://www.domxssscanner.com/scan?url=http%3A%2F%2Ffiligrana-spb.ru
in relation to these finds of retirable jQuery code: http://filigrana-spb.ru
Detected libraries:
jquery - 1.6.4 : -http://filigrana-spb.ru/js/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery.prettyPhoto - 3.1.6 : -http://filigrana-spb.ru/js/jquery01.js
swfobject - 2.2 : -http://filigrana-spb.ru/js/swfobjec.js
jquery-ui-dialog - 1.10.2 : -http://filigrana-spb.ru/js/jquery-ui-1.10.2.custom.min.js
jquery-ui-autocomplete - 1.10.2 : -http://filigrana-spb.ru/js/jquery-ui-1.10.2.custom.min.js
jquery-ui-tooltip - 1.10.2 : -http://filigrana-spb.ru/js/jquery-ui-1.10.2.custom.min.js
To further support Eddy’s findings on the web server security, these test results to consider,
F-status: https://www.htbridge.com/websec/?id=c94309e85435257890bf9faba4012533433cb1e359cf4b7eefb5b3ff8c6a59e2
Version info proliferation is at the core of the problems for this aspect of the security test.
polonus (volunteer website security analyst and website error-hunter)
Yup, the domain filigrana-spb[.]ru was blocked in autumn 2016 due to it spreading Locky infection. I have now unblocked it ;).