Site Blocked

Hi all, I got my site blocked by Avast.

The url is: “http://www.bonnyread.com.tw/

I suspect the issue was due to an invalid SSL Cert that the site hosting was using; It should be fixed by now by removing the certificate when trying to access the url with https port.

I wondering how can I get my site unblocked from avast. I have contacted avast with the contact form from the website but I haven’t heard of them since more than a week.

Any help or suggestions would be greatly appreciate it as I have been struggling with this issue for quite a long time, losing tons of sales and customers since it is blocked.

Thanks in Advance.

Tony

https://www.virustotal.com/en/url/406f8963d59c6eeacb7744275bc7409a7521e5122d68f2de5c18693f18d10baf/analysis/1416047808/
http://urlquery.net/report.php?id=1416047964640
http://multirbl.valli.org/lookup/54.169.44.140.html
https://www.ssllabs.com/ssltest/analyze.html?d=bonnyread.com.tw

Hi Eddy,

Thanks for the info and reply. Initially the SSL used was different from the Domain, thus, I suspect it is why we got blocked. I have fixed the issue by removing the SSL cert, so the site doesn’t have SSL now, and hopefully fixing the issue. But the problem is that that avast and other blockers like BitDefender still have th site in their blacklist. I wondering how we can request them to remove it from the list or to make another analysis if possible.

Thanks

You can report it here http://www.avast.com/contact-form.php

WARNING: MX records duplicates (same IP address):
68.178.213.203: [mailstore1.secureserver.net. smtp.secureserver.net.]
Although technically valid, duplicate MX records have no benefits and can cause confusion.
See: http://www.dnsinspect.com/bonnyread.com.tw/1416095547

For server
One correct security header → Content Content-Type text/html; charset=utf-8 Use ‘text/html;charset=utf-8’
Eight missing and four with warnings check details and scan here: http://cyh.herokuapp.com/cyh
Excessive header info proliferation Server: Apache/2.2.29 (Amazon)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.17
Clickjacking warning. RUM could break filemanager.

There are also IDS alerts on site here: http://urlquery.net/report.php?id=1415682615915
SURICATA TLS invalid handshake message

External track data found: https://www.virustotal.com/nl/ip-address/5.10.73.70/information/

This is the error report as I see it, furthermore avast sees the site as insecure.
One could file a FP report and wait for a reaction.
We here aren’t avast team member that can unblock, just forum users with relevant knowledge.

polonus (volunteer website security analyst and error-hunter)