Site detected as infected

system · October 31, 2016, 1:14pm

Hey guys! My site jorgebecerra.co is always detected by Avast (in my smart phone) as a site that contains malware. However, I have already performed malware analysis on sucuri and have contacted the hosting company, but they told me everything is ok. I don’t know wherther my site has entered a black list. In that case, could you help me fix this problem? Thanks in advance.

Pondus · October 31, 2016, 1:20pm

what is the exact message from avast?

How to report > https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

Eddy · October 31, 2016, 3:39pm

Phishing going on on that IP/ASN :
https://www.virustotal.com/en/ip-address/162.144.21.248/information/
http://urlquery.net/report.php?id=1477928084106

That host often has sites that are spreading malware/performing malicious activity.

There are (security) problems with the site :
Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 None jprb99
2 None

Warning Directory Indexing Enabled

Vulnerable library used :
http://retire.insecurity.today/#!/scan/74bca2e8bf4b446d2fbb6bd6d3d96416a0f9c2e8f6ea853023cba6f30805004e

polonus · October 31, 2016, 4:13pm

Well as Eddy states, there certainly is insecurity,
but the site is flagged because of bad neighbours on that same IP,
Particulary see the urlquery dot net scan results he presents.

But there are unmentioned security issues as well.
Let’s discuss some of these issues.

Meagre F-results here: https://observatory.mozilla.org/analyze.html?host=jorgebecerra.co
No X-XSS-Protection Header, Content-Security-Policy (CSP) Header, X-Frame-Options Header Header & X-Content-Type-Options Header.
4 sri-hashes missing - C-Status only: https://sritest.io/#report/15f56756-8c62-451c-b756-c04c3206f4c9

Name server versions exposed and other issues: http://www.dnsinspect.com/jorgebecerra.co/1477928873

Site also has insecure IDs tracking: 50% of the trackers on this site could be protecting you from NSA snooping.
Tell -jorgebecerra.co to fix it.

All trackers
At least 8 third parties know you are on this webpage.

-Google
-Google
-s0.wp.com
-stats.wp.com
-jorgebecerra.co
-i0.wp.com

i1.wp.com
-i2.wp.com -i2.wp.com

polonus (volunteer website security analyst and website error-hunter)

HonzaZ · November 2, 2016, 12:04pm

This was blocked back in 2014, so I am unblocking it now, believing whatever the reason for blocking was, it is now irrelevant

system · November 3, 2016, 1:10am

So what is the actual process for having a url removed from the blacklist? I cannot find it.

My site (jvincephotography.com) had an UNREAL amount of DNS hijacking that took me a few months to clean, but it is all clean. So what is the process…

Pondus · November 3, 2016, 6:49am

You report it, see my post above

HonzaZ · November 3, 2016, 8:29am

I unblocked jvincephotography[.]com now

Site detected as infected

Announcements