I’ve been trying to figure out how to unblock a website for almost two hours now, it isn’t under blocked urls and adding it to exclusions doesn’t help either. I’m pretty frustrated between that and trying to decipher those verifications codes that I’m about ready to find new antivirus software. Which is really unfortunate because I’ve been using avast for over 10 years. Can anyone help?
What is the exact message avast is giving you ?
What exact version of avast and vps ?
What website is it ?
Please make the link not clickable.
Change http to hxxp or something.
................and trying to decipher those verifications codes..............forum spam protection, and it is only first 3 posts ;)
I would attach a screenshot but I’m not sure what to do with just image tags.
Avast webshield has blocked a harmful webpage or file.
Object: long url
Infection: html:redirme-inf [trj]
Process: c:\program files.…\firefox.exe
I have the free version. 2015.10.0.2208
I’ve been going to that website for years. I understand why there’s verification codes, but these are so hard to read with the speckles and lines.
To start with, you have a old version of avast installed.
I suggest you perform a clean installation of the latest version.
https://forum.avast.com/index.php?topic=169255.msg1203279#msg1203279
Blacklisted:
http://zulu.zscaler.com/submission/show/cf9b2636885b7b5a00fb3e7083bafec9-1429039522
Suspicion of Spam:
/> <link href="/temp…
Problems on that ASN:
http://urlquery.net/report.php?id=1429039874039
http://urlquery.net/report.php?id=1429039909690
Outdated software:
https://sitecheck.sucuri.net/results/dokuga.com
DNS problems:
http://dnscheck.pingdom.com/?domain=Dokuga.com
HUGE(!) security problems:
https://www.ssllabs.com/ssltest/analyze.html?d=dokuga.com
Pointing to blacklisted site:
http://quttera.com/detailed_report/Dokuga.com
If avast wasn’t blocking access to it, it wasn’t doing its job
Be glad that avast protected your system from malicious things.
I heard that the moderators for dokuga have cleared out the hack and their hosting site says they’re clean now. They’ve been trying to get Avast and AVG to rectify the issue but haven’t heard back from them. I know that if this issue isn’t resolved soon, I’m going to look for an alternate anti-virus. I love that site and I should be able to visit it without any problems. I’m also sure that there are a lot of AVAST and AVG users that feel the same as I do.
They sure have done something.
They made it worse.
Now there is also a browser difference.
Not identical
Google: 44546 bytes Firefox: 44597 bytes
Diff: 51 bytes
And a phishing link was added.
http://safeweb.norton.com/report/show?url=dokuga.com
All other problems are still there.
If their hosting says everything is fine, they are lying.
A hosting company that is using outdated server software and Joomla can’t be trusted when it comes to security and detection of malware.
Avast, avg and all others will not remove the block until everything is fixed and up to date.
You can switch to another av, but that will not solve anything at all.
Besides, why do you want to visit a malicious website on a non trusted hosting… :-
Just be glad that avast is protecting you against malicious websites like that.
Eddy,
I’m the one that “fixed” it…
A wildcard DNS entry was added (God I hate web admin tools) that was pointing to a different IP than what the actual host for the site is. The phishing/malware links were the only issue reported at the time.
And for your list …
BlacklistedEh? It's not listed under SURBL as blocked on that link.
Suspicion of SpamWhat's wrong with the CSS file? I'll need to look at it again to verify, but there's no code that will be executed in that file... especially with a type of 'text/css'. So, that's spam? I know the code from joomla is crap, but calling it spam is a bit much...
Problems on that ASNUmm... again, I see nothing under these that jumps out and yells "problem". Am I missing something?
Outdated software*sigh* Yeah... I've back ported some updates, but it's not feasible to do a full update without rewriting custom code ... and I just don't have the time to do that, and I didn't write it originally. So... This version it stays with the patchwork that can be done. :/
DNS problemsA singe NS listed in the SOA is a DNS problem?? Yeah, for the site, but not anyone else. For the SOA warning ... well, no kidding the reverse isn't found. We don't control it.
$ dig -t SOA dokuga.com | grep -A1 'ANSWER' | grep ^dok
dokuga.com. 86376 IN SOA ns1.dokuga.com. dokugasitemail.gmail.com. 2015040801 10800 3600 604800 10800
Notice something that is different from the others in that? Here…
$ whois 74.125.204.26 | grep ^OrgName
OrgName: Google Inc.
That DNS check is making assumptions, and if it falls outside of those assumptions then it’s “bad”.
HUGE(!) security problemsYeah, I'd like to get an actual SSL cert. But the way the vhost'ing is currently configured it'd be a pain... *sigh*. The current SSL cert is self signed, and only really works with the web administration... The http roots for SSL and non-ssl are different.
Pointing to blacklisted siteHuh... tinypic got blacklisted eh? *shrug* Not surprising. Sites that allow user content get blacklist constantly.
Google: 44546 bytes Firefox: 44597 bytes Diff: 51 bytes
Now… huh? What exactly are you talking about difference? If you’re talking about what’s sent… yeah, good luck. What the server sees for avail compression, if the browser detection code works right, etc… you’re going to get differences. Comparing what two different browser receive is comparing two (IE should add in a 3rd!) different beasts unless you’re just looking at the rendering. And, the data received from the site can change from minute to minute since it does allow user postings and they do go to the front page. Edit: Chrome and Firefox should be pretty close on the size IIRC. I think there may have been one specific webkit check that changed a function slightly. Edit 2: Oh yeah. There’s also a “Random Artwork” section that changes on every request, so the links to those thumbnails will change every time as well.
And a phishing link was added.No... that was the original problem. If you look at the URL it's in the form of: blah.blah1.blah2.domain.com .... This is from the wildcard DNS entry that was added (i.e. *.domain.com).
If their hosting says everything is fine, they are lying. A hosting company that is using outdated server software and Joomla can't be trusted when it comes to security and detection of malware.
I am the one that says it’s “fine”. I am the one that fixed the DNS wildcard issue. It’s as fine as it can be anyway. There are issues I know of, but without a complete rewrite (and more time on my side to actually do that re-write), it isn’t being updated as much as would be nice. So, patchwork security it is. sigh
-J