Site getting detected as unsafe

Hello,

so my friend and me are hosting comunity website (games and stuff) and in last few days users of website started to report that website is fake/unsafe etc. As more and more people reported that website is detected as unsafe by avast i decided to install avast and check where is problem. Soon as i went to my website avast reported problem with my website saying “URL:Mal2”. I didn’t know what that means so i look up and apparently website was blacklisted… So i look on different pages and finally found out which IP is blacklisted. I contacted my host and they said this happened because our website is hosted on shared network (like more websites on same server (i think)) , anyway as i checked there was like 30 pages with same IP and on every page we had same problem… So i requested to change IP with different one so people won’t lose trust in our site. And today we finally got new IP but avast still detect website as unsafe… Any ideas? Bellow are few pages where we made scan on (as i checked what people suggested on avast forums i used same tools to lookup stuff and they look clean for me).

How long does it take for avast to re-check website? (Like for blacklist and stuff)?

If someone could help i would really appreciate :slight_smile:

Blacklisted IP :
http://zulu.zscaler.com/submission/show/97c486a94d4b55773cf7171e93b73008-1452630647
http://multirbl.valli.org/lookup/185.28.23.38.html
https://www.virustotal.com/en/url/241ae7c073427fd11d58792ba927a716daf8db0d991015af87d6fd857e2dcef6/analysis/1452630597/

Problems on that ASN :
http://urlquery.net/report.php?id=1452629574231
http://urlquery.net/report.php?id=1452629674179

TSL/SSL problem (minor) :
https://www.ssllabs.com/ssltest/analyze.html?d=mc-launcher.com

Multiple warnings :
http://www.dnsinspect.com/mc-launcher.com/1452626541

If avast detects that your IP is on a blacklist and you change the IP, avast will check the new IP and when it is not in the blacklist avast will not block it (unless there is another reason for it e.g. malicious content on the site or something like that).

Keep in mind that when you change a IP it is not instantly in the entire internet world.
It wil take some time before all DNS servers have the new information.

Hi teuxro

Apart from the IP related issues already mentioned earlier in this thread, I’d like to draw your attention to the following existing flaws and vulnerabilities. Retire that vulnerable code, save as a zip file for later reference and update or see whether there is need for a particular vulnerable (sink) code combination, as we discuss here below *.

Well there is jquery-migrate-1.2.1.min.js * with a known DOM XSS sink problem: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fmc-launcher.com
Read here about the problems with it here: http://keenthemes.com/forums/topic/jquery-migrate-xss-vunerability/
and also bootstrap.min.js is exploitable. → https://oscarotero.com/embed/demo/index.php?url=https%3A%2F%2Fmc-launcher.com&options[minImageWidth]=0&options[minImageHeight]=0&options[facebookAccessToken]=&options[embedlyKey]=&options[soundcloudClientId]=YOUR_CLIENT_ID&options[oembedParameters]=
At the moment I get a Host: -mc-launcher.com:443 cannot connect.
No response: https://urlquery.net/report.php?id=1452632717451
SSL Status The certificate has expired. (10) - Server name is NOT in the certificate! srv61.hosting24.com -Signature Algorithm: SHA1+RSA
https://urlquery.net/report.php?id=1452613975320 link to -http://s.adroll.com/ blocked by script blocker for me.
and to -http://d.adroll.com/ by an adblocker - on : hpHosts’ Ad and tracking servers • Peter Lowe’s Ad server list • MVPS HOSTS.

Retirable jQuery code library detected: Detected libraries:
jquery - 1.7.2 : -https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery-ui-dialog - 1.8.24 : -https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.24/jquery-ui.min.js
Info: Severity: medium
http://bugs.jqueryui.com/ticket/6016
jquery-ui-autocomplete - 1.8.24 : -https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.24/jquery-ui.min.js
2 vulnerable libraries detected
Hopefully you can further secure your website using the recommendations I gave,
pozdravi,

yours sincerely,

polonus (volunteer website security analyst and website error-hunter)

As I wasn’t able to spot any malicious activity right now, I unblocked the domain :wink:

About warnings of host i can’t really do much about but i will try to fix other things that you said. Thank you for your help :slight_smile:

I just visited my site and yeah it’s good now. Thank you sir :slight_smile:

I will try to fix as many things as i can. Also thank you for taking time and checking all this stuff for me, you’re awesome :slight_smile: