I keep getting “This Site could have harmed your computer” warning on “expat.ru.” Is Avast now blocking everything with “http” instead of “https”? Seems to be an issue with Chrome, it is not blocked on IE. I don’t have any extensions on Chrome aside from Adblock Plus and the Google Docs.
I set “http://forum.expat.ru/*” as exclusion, but Avast still keeps dumping me out with that warning, and there is no “ignore” button.
Any ideas?
Siste is also blacklisted by yandex
https://virustotal.com/#/url/8e157d051d1e7d9ff45ed98bf04da39f2308c49e9ea61205d4abc7ac810c4e76/detection
Hi fairbro,
While DrWeb does not flag like Yandex: http://online.drweb.com/result/?lng=en&chromeplugin=1&url=http%3A%2F%2Fforum.expat.ru%2F
Pondus is right and not for a reason. Next to the blacklisting there is cloaking, meaning the site differs in what it shows to different parties: Checking for cloaking
There is a difference of 14753 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that’s trying to hide from browsers but make Google think there’s something else on the page see → http://isithacked.com/check/forum.expat.ru
Note! It looks like your domain/URL is currently flagged by Google under the Social Engineering (Phishing and Deceptive Sites) category.
The problem can be narrowed to this
The scan has detected some potential problems in these files. First scroll down through the code listed out after the list of links, this is the code returned by the request for the URL you entered and check for any problems. Next, these link(s) will open the individual URL(s) in this tool, check through the code that is returned, compare the code being returned to a know clean copy, etc.1 → /clientscript/vbulletin-core.js?v=423
Verdict - Note! It looks like your page is using HTTP and is collecting passwords? Google has been flagging HTTP pages that collect user information, passwords etc. as Social Engineering (Phishing and Deceptive Sites) so it is LIKELY the reason for the flag. Google is pushing HTTPS hard. SEE: Google, Social Engineering Warnings and HTTP pages
The scan found some potential problems in the code, the links below should pop you down to the line.
line 114: because
< input
type=“password”
Note: Google has been flagging sites that collect user information (passwords) over HTTP.
Retirable jQuery library detection:
-http://forum.expat.ru/
Detected libraries:
YUI - 2.9.0 : (active1) http://ajax.googleapis.com/ajax/libs/yui/2.9.0/build/yuiloader-dom-event/yuiloader-dom-event.js
Info: Severity: high
http://www.cvedetails.com/cve/CVE-2012-5883/
Info: Severity: high
http://www.cvedetails.com/cve/CVE-2012-5882/
Info: Severity: high
http://www.cvedetails.com/cve/CVE-2012-5881/
(active) - the library was also found to be active by running code
1 vulnerable library detected
While just tghat very code is creating a “same origin” issue because there was no sri hash generated for it,
causing a B-grade status: https://sritest.io/#report/d7b8f823-06c4-4dd5-9ae7-2747871c3736
F-grade status and recommendations: https://observatory.mozilla.org/analyze.html?host=forum.expat.ru
Whois warning and Nameservers’ DNS issues: https://threatintelligenceplatform.com/report/forum.expat.ru/OaFgZ0HqWU
Found name servers which don’t allow TCP connections
-ns1.firstvds.ru
-ns2.firstvds.ru
These finding could be reported to the forum moderation there and also to the hoster АО “ПЕРВЫЙ” in Irkutsk,
certification is installed correctly - Geo Trust extended and tested certificate - report the name server issues however.
Хорошего дня
polonus (volunteer website security analyst and website error hunter)