I have a linux server with one website on it: www.cdfotovideo.ro
It’s a new domain, until now i have only index.html with word test in it.
One week ago avast blocked my website with url:mal
I have send many requests but no answer. I have a ticket opened: KFK-953-47860 but no details.
Please someone help me. I need to upload my new site soon but all users who use avast will be stopped by viewing it.
I have 3 applications for personal use, not for public just for me: 1. phpMyAdmin 2. pydio 3. roundcube
Just it.
I have checked my server and no file ware update or something to lead me to malware code.
I really need help: how to remove my domain from avast blacklist. what tools should i use to check my server/website etc.
I have checked your link http://urlquery.net/report.php?id=1395504850920
I see no problems? i am looking at every rows and i see " No alerts detected "
Now i have only one page index.html with one word on it “test”. How this file with one word is considered malicious?
I have one file index.html with one word “test” … how this domain is considered dangerous.
Please help me here, i have over 60 servers in administration, many websites and this is the first case.
I simply don’t know what avast want me to do in order to be clean.
I ask in ticket “please remove me from your database” in that moment i had only index.html with word test. And they reply “you are infected”
i’ll list my web directory from my server for you to see i speak the truth:
[root@sv ~]# ls /var/www/html/cdfotovideo/
index.html
[root@sv ~]# cat /var/www/html/cdfotovideo/index.html
test
From apache:
<VirtualHost *:80>
ServerAdmin alex@ipx.ro
ServerAlias www.cdfotovideo.ro
DocumentRoot /var/www/html/cdfotovideo
ServerName sv.cdfotovideo.ro
<Directory /var/www/html/cdfotovideo>
AllowOverride All
Allow from all
ErrorLog logs/cdfotovideo_log
CustomLog logs/cdfotovideo_log common
Eddy is right that apews base has not been cleansed for quite some time. Land listed at apews and you will stay there forever and a day it seems.
Pondus is right it has everything to do with that IP. So apews was a finger in some right direction but flagged elsewhere. ThreatSTOP has more recent valid threat detection for that IP - 93.115.7.146 - last seen:
27 minutes ago EASTERN EUROPE Threat danger level 1,
30 minutes ago MODIFIED ITAR at the same danger level a
nd 32 minutes ago ROMANIA no threat level included.
Moreover, my good scanning friends, this IP has been reported to WOT, that frowns on IP: two reds - very poor - very poor
Websniffer even refuses to scan it because of the pr0n content (must be the UK filter at work there)
→ https://www.mywot.com/en/scorecard/93.115.7.146 - spamming spammers hitting spamtraps
also a lot of spammers on that IP range.
Not much info here: https://www.robtex.com/ip/93.115.7.146.html
Abusing IP Addresses from the same C block
IP Address Abuse Complaints
93.115.7.2 brute force: 1 complaints
That’s all folks, IP so blacklist issues, the OP should therefore be barking up other trees.
"IP is blacklisted at l2.apews.org" i put in browser http://l2.apews.org and i get "Firefox can't find the server at l2.apews.org."
website is www.apews.org http://whatismyipaddress.com/blacklist/apews
.... however seems to be offline at the moment
l2.apews.org
Level 2 lists IP addresses and netblocks of known spammers, anyone who is spam-friendly, or more worse supporting spammers. Listing starts at single IP’s and can escalate up till the entire netrange of a spammer or spam supporter is listed. The Level 2 list will have some inadvertent blocking (non-spammer IP addresses included in listed blocks), but can still be used by small ISPs or individuals who want a stricter level of blocking/filtering. By having a two style list, you can make the hardcore spamfighters happy; those who want to block first and ask questions later. Also, a listing in the Level 2 list may exert a bit of pressure on spam friendly sites and may keep them from turning totally bad - but that is not really the point, stopping spam is.
Well I have detected now why avast blocks this site, it is because of nameserver is afraid dot org.
With afraid org you do not know who may own your site now.
Steer away from afraid org then report to avast and the site might become unblocked rather soon.
Wait for a reaction from an avast! team member here.
Milos has reported this issue here many times before. See: http://dnscheck.pingdom.com/?domain=cdfotovideo.ro
Whatismyipaddress.com does not recommend the usage of this blacklist. It has the potential to block large segments of IP addresses. If you are listed with them it is generally not a problem.
It seems there is a problem with the server ip and and the afraid dns server?
First of all i have rent a VPS just 2 weeks ago and they gave me 3 different IPs, and i am using one of it.
There might be a chance that ip i'm using it now... could belong in past to someone who did nasty things?
My server has just been setup i never user for email or other things ...
I use afraid because it’s a free dns server. I have 9 domains in there and non of them are reported …
IF avast want me to change the IP of vps with other recevided from virtualizaton company i’ll do that but i need to reconfigure a lot of my server
IF avast want me to use other DNS server then AFRAID , i could install bind on my server and use it as DNS server but again i would take me several hours to tune it right.
I can do all of that just if that is the cost to be clean in your database…
ok i will setup my own dns server right now and reply when changes are done.
Can i still use same ip for website ? or it’s to damaged in blacklists and other databases?
I say it again: i’m using that ip for website since 2 weeks ago when i rent the vps. Can i use it or i need to change it…
Sorry for long time no response but is done. I have installed bind on my own server and made 2 nice DNS servers.
I have setup in my TLD the new dns servers for cdfotovideo.ro
Can you please remove domain cdfotovideo.ro from your database. Here is the output for whois this domain.
% Rights restricted by copyright.
% Specifically, this data MAY ONLY be used for Internet operational
% purposes. It may not be used for targeted advertising or any
% other purpose.
% Este INTERZISA folosirea datelor de pe acest server in oricare
% alt scop decat operarea retelei. In special este INTERZISA
% folosirea lor in scopuri publicitare.
% Top Level Domain : ro
% Maintainance : www.rotld.ro
Also as the TLS said it is registered on “2014-03-03” and the server it isn’t used for email. The email server has just been setup for internal purpose.
I don’t know who had before my server IP but is not right to punish me for the actions of last owner.
I am crystal clear, no mistakes.
The only mistake was in your opinion to user AFRAID as dns servers. Ok, i did what u asked, i setup my own dns servers.
Can you now please remove this domain from your blacklist.