Site Blacklisted

My site has been blacklisted wXw.culpeperbusinesses.com it is a clean site and actually a fresh install of wordpress was even done. I never had a problem with any of my sites prior to moving over to HostGator. I know it’s shared hosting but am I getting dinged due to others sites with the same IP being dirty? I have submitted the form to remove my site
from the list but no idea how long that takes.

Thks

Zulu URL Risk Analyzer
http://zulu.zscaler.com/submission/show/64eb2eef2e4c6785924d1f8baddd3ac0-1332348403

URLVoid
http://www.urlvoid.com/scan/culpeperbusinesses.com/

WOT (scroll down to user comments)
http://www.mywot.com/en/scorecard/culpeperbusinesses.com

Ok and if I look at those links especially the last one it says this:

Malicious URLs on culpeperbusinesses.com

/~toxicok/wp-content/languages/nicenice.exe
/~toxicok/wp-content/languages/home.exe

The “~toxicok” is not my URL (6673 other active domains were found on 1620 IP(s)

So I know it’s not my URL that is infected.

First make that link non-click-through with hxtp or wXw
IP address has been identified as risky by one/more sources
ASN 21844 (ThePlanet) has risk 70.0
Suspicious rep index 50/100
Your WordPress software needs updating: Wordpress internal path: -/home/culpeper/public_html/wp-content/themes/directorypress/index.php
This code should be checked:
culpeperbusinesses dot com/wp-content/themes/directorypress/directorypress/js/_defaults.js suspicious
[suspicious:2] (ipaddr:174.121.2.194) (script) culpeperbusinesses dot com/wp-content/themes/directorypress/directorypress/js/_defaults.js
status: (referer=culpeperbusinesses dot om/)saved 945 bytes a0d67d4d75ab97212ea74dfe48d8a2345b504b38
info: [decodingLevel=0] found JavaScript
suspicious,

polonus

I am running WordPress 3.3.1. which is the newest version

Not sure what you mean by: First make that link non-click-through with hxtp or wXw

And on this “This code should be checked:
culpeperbusinesses dot com/wp-content/themes/directorypress/directorypress/js/_defaults.js suspicious”

Where do I check it?

Also, what if I move the site completely to a different hosting location? I never had this problem when I was using ICDSoft. Exact same site and never ever an issue
what it being blocked for anything (for years)

This is another of my sites just setting it up: Xhttp://174.121.2.194/~timeis/
And the report i’m getting is this: http://zulu.zscaler.com/submission/show/5a6f023fceaf298da77e6ad05e457316-1332360149
Site is not dirty it’s brand new not even published with a URL yet.

Hi cmonova,

That IP is questionable and had instances (now dead) of TR/Crypt.XPACK.Gen2 and mdl_zeus v2 drop zone & Trojan-Spy.Win32.Zbot.bcuu on it.
Blacklisted on the Zeustracker IP list: $IPTABLES -A $CHAIN -s 174.121.2.194 -j $ACTION
Use your Word Press security scanner plug-in from here: http://wordpress.org/extend/plugins/wp-security-scan/
and us give back the results. Also consider this info: http://www.urlvoid.com/scan/culpeperbusinesses.com/

polonus

I installed and waiting results now.

But, what can I run on this one? wXw.computerrepairbusiness.net This is an html website no wordpress and again never an issue till I moved to HostGator.

YOUR WEBSITEDEFENDER SECURITY REPORT

The latest WebsiteDefender scan on culpeperbusinesses.com has detected the following security issue/s:

Low severity alerts:

Email address found (1 alert)
Insecure PHP settings detected (1 alert)
Default WordPress table prefix in use (1 alert)

Informational alerts:

New web application detected (1 alert)

This was the re-analysis: http://zulu.zscaler.com/submission/show/523048b29fa9e7eb9476c6593f9d6ce2-1332368803
IP address has been identified as risky by one/more sources
and ASN 21844 (ThePlanet) has risk 70.0
Did you run this scan: http://evuln.com/tools/php-security/

There is not much you can do at the moment, because probably you encountered a IP-range block, see: http://zulu.zscaler.com/submission/show/c64de9e6a31e3c28d26e35208fac4564-1332368465

The ASN produces the following sitevet report:
AS Name: THEPLANET-AS - ThePlanet.com Internet Services, Inc.
IPs allocated: 1532928
Blacklisted URLs: 17708

Hosts…
…malicious URLs? Yes
…badware? Yes
…botnet C&C servers? Yes
…Zeus botnet servers? Yes
…Current Events? Yes

polonus

Ok so is my safest bet to move these problem sites I have on hostgator elsewhere? I think they are all on the exact same range of IP’s at hostgator.

Hi cmonova,

Or report FP here: http://www.avast.com/contact-form.php? to get the blacklisting lifted for your domains.
I think initially your problems came because of that notorious hoster, ASN 21844 and IP 174.121.2.194 . Whenever malware is overdue (not taken down or not longer responsive within a certain time span, and hosted at that IP, blacklisting is a sure result.
Anyway Zeus bot herders are known to comply and migrate their crime-circus elsewhere (called migration),
so you might be a victim of recent activities of others there.
An active zeustracker IP is not easily unblocked…

polonus