Remove website from blacklist

system · March 25, 2015, 9:34am

Hi,

we manage a site (hxtp://www.assocoral.it) that was blacklisted by Avast for worms and malicious content injected in .

We have remove all suspicious files and clean the site, how can remove it from Avast blacklist?

Best regards

Pondus · March 25, 2015, 9:38am

report it here https://support.avast.com/ > avast virus lab

Pondus · March 25, 2015, 9:41am

you still have outdated joomla http://sitecheck.sucuri.net/results/www.assocoral.it

http://blog.sucuri.net/2012/12/website-malware-sharp-increase-in-spam-attacks-wordpress-joomla.html

HonzaZ · March 25, 2015, 10:09am

Hi,
The domain was blacklisted because of this URL: assocoral.it/libraries/simplepie/idn/pulign/e21ee970e49fa0774483d260fa2c7521/processing.php?amp=&cmd=_processing&dispatch=5885d80a13c0db1fb6947b0aeae66fdbfb2119927117e3a6f876e0fd34af4365dd58144dd51162b02a657b9ceb85d5cadd58144dd51162b02a657b9ceb85d5ca

Please make sure you have removed the infection, then update all systems (Joomla first and foremost, as Pondus pointed out), then change all passwords, then PM me for unblocking :-)!

system · March 25, 2015, 12:47pm

Hi,
the specified folder (idn/plugin) is not present on server, we have moved the site to another webserver and removed all…maybe there’s a cache of old contents? Thank you in advance

Eddy · March 25, 2015, 1:08pm

You still haven’t updated Joomla.

polonus · March 25, 2015, 2:24pm

Hi Eddy,

Not only that Web application version:
Joomla Version 2.5.6 found at: hxtp://www.assocoral.it/administrator/manifests/files/joomla.xml
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.26 or 3.3.5

Furthermore the site is very much still being flagged as a PHISH: https://www.virustotal.com/nl/url/a6abc27492ced7aa2b307b1332788ff2a51238ff486d4be7ce13afbb5dcb4522/analysis/1427293086/

For the Fortinet’s flags also see: https://urlquery.net/report.php?id=1427293203507
IP listed here: http://comments.gmane.org/gmane.comp.security.phishings/48825

polonus

system · March 26, 2015, 9:28am

Hi,

we have updated Joomla and all plugins / modules installed.

We have checked the files specified at the URL https://urlquery.net/report.php?id=1427293203507 , but they seems to be normal Javascript files without any injected code.

Please tell us for further actions to made in order to leave the site from blacklist.

Best regards

Eddy · March 26, 2015, 12:31pm

What to do if you believe everything is fine has already been told in reply #1

Pondus · March 26, 2015, 12:38pm

more correct, in reply Nr#3 from HonzaZ

Please make sure you have removed the infection, then update all systems (Joomla first and foremost, as Pondus pointed out), then change all passwords, [b]then PM me for unblocking :-)[/b]!

HonzaZ · March 26, 2015, 1:32pm

Unblocked, thanks for the PM ;-)!

system · March 26, 2015, 3:48pm

Thank you very much!

best regards

Eddy · March 26, 2015, 5:10pm

I hope not only the problem is fixed (at least for the avast part), but you also have learned from it.
Keep your software up-to-date, especially when a new version fixes security issues

Remove website from blacklist

Announcements