Remove website from blacklist

system · 2015-03-25T09:34:03.000Z

Hi,

we manage a site (hxtp://www.assocoral.it) that was blacklisted by Avast for worms and malicious content injected in .

We have remove all suspicious files and clean the site, how can remove it from Avast blacklist?

Best regards

Pondus · 2015-03-25T09:38:23.000Z

report it here https://support.avast.com/ > avast virus lab

Pondus · 2015-03-25T09:41:23.000Z

you still have outdated joomla http://sitecheck.sucuri.net/results/www.assocoral.it

http://blog.sucuri.net/2012/12/website-malware-sharp-increase-in-spam-attacks-wordpress-joomla.html

HonzaZ · 2015-03-25T10:09:54.000Z

Hi,
The domain was blacklisted because of this URL: assocoral.it/libraries/simplepie/idn/pulign/e21ee970e49fa0774483d260fa2c7521/processing.php?amp=&cmd=_processing&dispatch=5885d80a13c0db1fb6947b0aeae66fdbfb2119927117e3a6f876e0fd34af4365dd58144dd51162b02a657b9ceb85d5cadd58144dd51162b02a657b9ceb85d5ca

Please make sure you have removed the infection, then update all systems (Joomla first and foremost, as Pondus pointed out), then change all passwords, then PM me for unblocking :-)!

system · 2015-03-25T12:47:42.000Z

HonzaZ post:4:

Hi,
The domain was blacklisted because of this URL: assocoral.it/libraries/simplepie/idn/pulign/e21ee970e49fa0774483d260fa2c7521/processing.php?amp=&cmd=_processing&dispatch=5885d80a13c0db1fb6947b0aeae66fdbfb2119927117e3a6f876e0fd34af4365dd58144dd51162b02a657b9ceb85d5cadd58144dd51162b02a657b9ceb85d5ca

Please make sure you have removed the infection, then update all systems (Joomla first and foremost, as Pondus pointed out), then change all passwords, then PM me for unblocking :-)!

Hi,
the specified folder (idn/plugin) is not present on server, we have moved the site to another webserver and removed all…maybe there’s a cache of old contents? Thank you in advance

Eddy · 2015-03-25T13:08:29.000Z

You still haven’t updated Joomla.

polonus · 2015-03-25T14:24:59.000Z

Hi Eddy,

Not only that Web application version:
Joomla Version 2.5.6 found at: hxtp://www.assocoral.it/administrator/manifests/files/joomla.xml
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.26 or 3.3.5

Furthermore the site is very much still being flagged as a PHISH: https://www.virustotal.com/nl/url/a6abc27492ced7aa2b307b1332788ff2a51238ff486d4be7ce13afbb5dcb4522/analysis/1427293086/

For the Fortinet’s flags also see: https://urlquery.net/report.php?id=1427293203507
IP listed here: http://comments.gmane.org/gmane.comp.security.phishings/48825

polonus

system · 2015-03-26T09:28:03.000Z

polonus post:7:

Hi Eddy,

Not only that Web application version:
Joomla Version 2.5.6 found at: hxtp://www.assocoral.it/administrator/manifests/files/joomla.xml
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.26 or 3.3.5

Furthermore the site is very much still being flagged as a PHISH: https://www.virustotal.com/nl/url/a6abc27492ced7aa2b307b1332788ff2a51238ff486d4be7ce13afbb5dcb4522/analysis/1427293086/

For the Fortinet’s flags also see: https://urlquery.net/report.php?id=1427293203507
IP listed here: http://comments.gmane.org/gmane.comp.security.phishings/48825

polonus

Hi,

we have updated Joomla and all plugins / modules installed.

We have checked the files specified at the URL https://urlquery.net/report.php?id=1427293203507 , but they seems to be normal Javascript files without any injected code.

Please tell us for further actions to made in order to leave the site from blacklist.

Best regards

Eddy · 2015-03-26T12:31:34.000Z

What to do if you believe everything is fine has already been told in reply #1

Pondus · 2015-03-26T12:38:16.000Z

Eddy post:9:

What to do if you believe everything is fine has already been told in reply #1

more correct, in reply Nr#3 from HonzaZ

Please make sure you have removed the infection, then update all systems (Joomla first and foremost, as Pondus pointed out), then change all passwords, [b]then PM me for unblocking :-)[/b]!

HonzaZ · 2015-03-26T13:32:04.000Z

Unblocked, thanks for the PM ;-)!

system · 2015-03-26T15:48:23.000Z

HonzaZ post:11:

Unblocked, thanks for the PM ;-)!

Thank you very much!

best regards

Eddy · 2015-03-26T17:10:51.000Z

I hope not only the problem is fixed (at least for the avast part), but you also have learned from it.
Keep your software up-to-date, especially when a new version fixes security issues

Announcements