O Website de um cliente está no black list, já foi realizado a remoção dos arquivos maliciosos que o hacker incluiu,
Como Proceder para que o site www.bleeds.com.br seja removido do black list do avast?
the website www.bleeds.com.br removed the virus and changed the settings. Please review and remove the blacklist of you
Name Servers Versions
WARNING: Name servers software versions are exposed:
108.179.192.135: “9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6”
108.179.192.136: “9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6”
Exposing name server’s versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system. Learn how to hide version.
WARNING: Found mail servers with inconsistent reverse DNS entries. You should fix them if you are using those servers to send email.
Server IP PTR (Reverse) IPs
bleeds.com.br. 108.179.192.137 br678-ip03.hostgator.com.br.
Sucuri finds: /webacappella_tools.js?v=vek
Severity: Suspicious
Reason: Detected suspicious PHP content
Details: Symbol , occurred too frequent (occurrences count 10) relative to buffer length 100. Relation value 10
Threat dump: View code → http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.bleeds.com.br%2Fwebacappella_tools.js%3Fv%3Dvek
code is vulnerable to exploit kit, see HackHound
Threat dump MD5: BBF7531FDC1E82FB96AF0BCCE01B8183
File size[byte]: 9327
File type: PHP
Page/File MD5: 42E47E16DE48185019C7AC2D8D09BBA3
polonus (volunteer website security analyst and website error-hunter)
Hi,
we block it as a source of Router CSRF - for example this malicious URL: hxxp://www.bleeds.com.br/correntes/k2.php
Let us know when you cleaned it, and we will unblock the domain.