Just made a routine check to see if my site was running fine: Opalond.com
To my surprise Avast blocked the connection, stating that it was malicious.
I am pretty sure that i haven’t added any malicious code
But i went through the file anyway to make sure that the ftp wasn’t hacked.
My search turned up nothing, so i resorted to contacting One.com support.
According to the guy this was a known problem, and they where working on resolving the issue.
I asked if this was affecting all sites hosted by One.com, his response where “For all that use Avast Antivirus”
Using some online page checkers i can verify that the site is not malicious.
I have also reported it as a false positive.
How long does unblocking a site usually take?
Can someone else verify that the page is not infected?
EDIT:
According to urlvoid.com/ip/46.30.211.55
We can see that several sites on our IP are blacklisted.
So it should only be this group of sites that are affected.
Hopefully it will be resolved quickly
The only two potentially suspicious files flagged by Quttera’s are the following
/wp-content/themes/soundmaster/js/jquery.carouFredSel-6.1.0-packed.js?ver=3.5.1
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method eval __tmpvar1274965395 = eval;
&
/wp-content/plugins/easy-digital-downloads/templates/edd.css?ver=3.5.1
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [['data:application/octet-stream;base64,AAEAAAAPAIAAAwBwRkZUTWKUVToAAAD8AAAAHE9TLzJWNGNEAAABGAAAAFZjbWF']] of length 5821 which may point to obfuscation or shellcode.
As more and more JavaScript code now often come full of hacks to make them more pluri-functional (not malicious per se)
and full of obfuscation, these files are prone to be taken as FP’s by finetuned av, which might be the case here as well.
Site is verified clean here: http://sitecheck.sucuri.net/results/montluson.com/
One issue should be looked into - Update part of WP appl…
Web application version:
WordPress version: WordPress 3.5.1
Wordpress Version 3.5 based on: htxp://montluson.com//wp-admin/js/common.js
WordPress theme: htxp://montluson.com/wp-content/themes/soundmaster/
And although I also have WP installed on one of these, the alerts came before I even installed anything, when there was absolutely nothing on the site.
Having the same issue (i just bought my domain and uploaded my site a few days ago) i also use one.com. I noticed this issue yesterday. My site is a small html site without any kind of javascript. Its just my portfolio page sort of. Avast blocks the site for various reasons every time i visit it. One time it was one of my png pictures, the next it was my favicon and so on. The site is clean, scanned it and reuploaded the files. I hope this gets fixed soon :/!
The probable FP could be because of runescapo dot com flagged for the IP 46.30.211.55 a verified PHISH
If more domains on IP 46.30.211.55 are being blocked by !avast this would explain the FP’s
So in that case datingknowledge.nl as a domain on that IP should be blocked by avast! Network Shield and it is.
With over 20.000 domains on one IP you run some risk with a broad IP range block FP.
Re: http://www.urlvoid.com/scan/nothingtonpost.eu/
There are several domains on that particular IP that should be blocked because of a generic malcode findings. For instance: htxp://diamantcraft.org/popesued.html and also unknown html malware on: htxp://wildcatrock.de/
Also long overdue malware launched from: htxp://rotolandia.es/list.php?category/29-Asia-and-Pacific
So that IP range has certainly some long outstanding security issues, but not to an extent for a full IP domain range block…
You correctly interpreted my message. Hope that the domain range for that IP FP will soon be fixed, eventually with a new upcoming avast update. If FPs are found, avast team is known to react real soon. Stay safe and secure online is the wish of,
I’m webmaster. I’ve the same probleme with a lot of sites by One.
See the answer of One :
It currently has a problem with the software AVAST anti-virus, which has blocked our IP address
Our technical team has already contacted Avast and ask them to unblock the situation because it seems that Avast has blocked one of our IP address. We can not tell you exactly when the problem will be completely resolved because it depends Avast. This could take hours or a few days.
I have any problems with old sites (more than 3 months)
If there is a network shield block for a particular IP with thousands of domain names assigned to it, one could easily land in such a situation.
There are some issues with several domains on this IP that the hoster has not handled and are known to be with status LONG OVERDUE.
IP has also some flagged and verified PHISH sites.
That is why sites owners are advised to change hosting. Well at leat this was advised by one of the avast team members.
There are issues to be blocked see: http://www.google.com/safebrowsing/diagnostic?site=AS:51468&hl=en
3 urls are being blacklisted on that AS for being malicious URLs, having badware, having exploit servers and current events going on…
One could easily imagine the IP block problem going here: http://sameid.net/id/46.30.211.55/
So this should be blocked at the moment by avast: wXw.haarby-karosseri.dk and we’ll find it is actually being blocked as containing URL:Mal
