Website cdfotovideo.ro false positive mal:url someone please help

Hi there,

I have a linux server with one website on it: www.cdfotovideo.ro
It’s a new domain, until now i have only index.html with word test in it.
One week ago avast blocked my website with url:mal
I have send many requests but no answer. I have a ticket opened: KFK-953-47860 but no details.

Please someone help me. I need to upload my new site soon but all users who use avast will be stopped by viewing it.
I have 3 applications for personal use, not for public just for me: 1. phpMyAdmin 2. pydio 3. roundcube
Just it.

I have checked my server and no file ware update or something to lead me to malware code.

I really need help: how to remove my domain from avast blacklist. what tools should i use to check my server/website etc.

Thank you very much .

http://urlquery.net/report.php?id=1395504850920

Bitdefender also reports it as malicious.

Upload the site, make sure it is clean, than ask avast to allow it:
http://www.avast.com/contact-form.php

Please use the search option on this webboard before posting as this has been told many times already.

IP is blacklisted at l2.apews.org

apews says nothing. They have a lot of very old info in their database.

hi again,

Thank you for replies,

I have checked your link http://urlquery.net/report.php?id=1395504850920
I see no problems? i am looking at every rows and i see " No alerts detected "
Now i have only one page index.html with one word on it “test”. How this file with one word is considered malicious?

“IP is blacklisted at l2.apews.org” i put in browser http://l2.apews.org and i get “Firefox can’t find the server at l2.apews.org.”

I have one file index.html with one word “test” … how this domain is considered dangerous.

Please help me here, i have over 60 servers in administration, many websites and this is the first case.
I simply don’t know what avast want me to do in order to be clean.

I ask in ticket “please remove me from your database” in that moment i had only index.html with word test. And they reply “you are infected”

i’ll list my web directory from my server for you to see i speak the truth:

[root@sv ~]# ls /var/www/html/cdfotovideo/
index.html

[root@sv ~]# cat /var/www/html/cdfotovideo/index.html
test

From apache:

<VirtualHost *:80>
ServerAdmin alex@ipx.ro
ServerAlias www.cdfotovideo.ro
DocumentRoot /var/www/html/cdfotovideo
ServerName sv.cdfotovideo.ro
<Directory /var/www/html/cdfotovideo>
AllowOverride All
Allow from all

ErrorLog logs/cdfotovideo_log
CustomLog logs/cdfotovideo_log common

Now seriously …

Hi Pondus and Eddy,

Eddy is right that apews base has not been cleansed for quite some time. Land listed at apews and you will stay there forever and a day it seems.
Pondus is right it has everything to do with that IP. So apews was a finger in some right direction but flagged elsewhere.
ThreatSTOP has more recent valid threat detection for that IP - 93.115.7.146 - last seen:
27 minutes ago EASTERN EUROPE Threat danger level 1,
30 minutes ago MODIFIED ITAR at the same danger level a
nd 32 minutes ago ROMANIA no threat level included.

Moreover, my good scanning friends, this IP has been reported to WOT, that frowns on IP: two reds - very poor - very poor

Websniffer even refuses to scan it because of the pr0n content (must be the UK filter at work there)
https://www.mywot.com/en/scorecard/93.115.7.146 - spamming spammers hitting spamtraps
also a lot of spammers on that IP range.
Not much info here: https://www.robtex.com/ip/93.115.7.146.html
Abusing IP Addresses from the same C block
IP Address Abuse Complaints
93.115.7.2 brute force: 1 complaints

That’s all folks, IP so blacklist issues, the OP should therefore be barking up other trees.

polonus

"IP is blacklisted at l2.apews.org" i put in browser http://l2.apews.org and i get "Firefox can't find the server at l2.apews.org."
website is www.apews.org http://whatismyipaddress.com/blacklist/apews .... however seems to be offline at the moment
l2.apews.org

Level 2 lists IP addresses and netblocks of known spammers, anyone who is spam-friendly, or more worse supporting spammers. Listing starts at single IP’s and can escalate up till the entire netrange of a spammer or spam supporter is listed. The Level 2 list will have some inadvertent blocking (non-spammer IP addresses included in listed blocks), but can still be used by small ISPs or individuals who want a stricter level of blocking/filtering. By having a two style list, you can make the hardcore spamfighters happy; those who want to block first and ask questions later. Also, a listing in the Level 2 list may exert a bit of pressure on spam friendly sites and may keep them from turning totally bad - but that is not really the point, stopping spam is.

you can check your IP here http://whatismyipaddress.com/blacklist-check

Hi alex.munteanunow,

Well I have detected now why avast blocks this site, it is because of nameserver is afraid dot org.
With afraid org you do not know who may own your site now.
Steer away from afraid org then report to avast and the site might become unblocked rather soon.
Wait for a reaction from an avast! team member here.
Milos has reported this issue here many times before. See: http://dnscheck.pingdom.com/?domain=cdfotovideo.ro

polonus

http://whatismyipaddress.com/blacklist/apews
Site is up and running.

Whatismyipaddress.com does not recommend the usage of this blacklist. It has the potential to block large segments of IP addresses. If you are listed with them it is generally not a problem.

The reason why avast blocks everything that has to do with afraid.org and will not unblock it:
http://forum.avast.com/index.php?topic=141924.msg1032791#msg1032791

Eddy… did you try www.apews.org ?

afrid.org info from Milos
http://forum.avast.com/index.php?topic=144105.msg1045857#msg1045857

Thank you very much.

It seems there is a problem with the server ip and and the afraid dns server?

First of all i have rent a VPS just 2 weeks ago and they gave me 3 different IPs, and i am using one of it.
There might be a chance that ip i'm using it now... could belong in past to someone who did nasty things? 
My server has just been setup i never user for email or other things ... 

I use afraid because it’s a free dns server. I have 9 domains in there and non of them are reported …

IF avast want me to change the IP of vps with other recevided from virtualizaton company i’ll do that but i need to reconfigure a lot of my server :frowning:
IF avast want me to use other DNS server then AFRAID , i could install bind on my server and use it as DNS server but again i would take me several hours to tune it right.

I can do all of that just if that is the cost to be clean in your database… :frowning:

2Pondus,

apews dot org does not respond.
It’s not just you! http://apews.org looks down from here.

@alex.munteanu
Well you leave afraid dot org for something else, else avast won’t unblock I am afraid.

pol

ok i will setup my own dns server right now and reply when changes are done.

Can i still use same ip for website ? or it’s to damaged in blacklists and other databases?
I say it again: i’m using that ip for website since 2 weeks ago when i rent the vps. Can i use it or i need to change it…

Think you can use that, I have reason to believe it is exclusively the afraid dot org issue.

polonus

This site was hosted on 1 network including AS58207 (M247-EUROPE-SRL).

http://www.google.com/safebrowsing/diagnostic?site=AS:58207

http://www.google.com/safebrowsing/diagnostic?site=cdfotovideo.ro

the page is unavailable
http://www.cdfotovideo.ro/
http://www.cdfotovideo.ro/test404page.js
Hosts…
[b]
…malicious URLs? No

…badware? No

…botnet C&C servers? No

…exploit servers? No

…Zeus botnet servers? No

…Current Events? No

…phishing servers? No

…spam servers? No

…spam bots? No

…spam activity? Yes

http://sitevet.com/db/asn/AS58207

Hi again.

Sorry for long time no response but is done. I have installed bind on my own server and made 2 nice DNS servers.
I have setup in my TLD the new dns servers for cdfotovideo.ro
Can you please remove domain cdfotovideo.ro from your database. Here is the output for whois this domain.

[root@sv named]# whois cdfotovideo.ro
[Querying whois.rotld.ro]
[whois.rotld.ro]

% Whois Server Version 3.0 - whois.rotld.ro:43

% Rights restricted by copyright.
% Specifically, this data MAY ONLY be used for Internet operational
% purposes. It may not be used for targeted advertising or any
% other purpose.

% Este INTERZISA folosirea datelor de pe acest server in oricare
% alt scop decat operarea retelei. In special este INTERZISA
% folosirea lor in scopuri publicitare.

% Top Level Domain : ro
% Maintainance : www.rotld.ro

Domain Name: cdfotovideo.ro
Registered On: 2014-03-03
Registrar: ROSPOT SRL
Referral URL: http://rohost.com

Nameserver: ns1.ipx.ro
Nameserver: ns2.ipx.ro

Domain Status: OK

Please delist this domain from your blacklist or tell me what to do

Thank you very much

Also as the TLS said it is registered on “2014-03-03” and the server it isn’t used for email. The email server has just been setup for internal purpose.
I don’t know who had before my server IP but is not right to punish me for the actions of last owner.
I am crystal clear, no mistakes.
The only mistake was in your opinion to user AFRAID as dns servers. Ok, i did what u asked, i setup my own dns servers.

Can you now please remove this domain from your blacklist.

Thank you very much

it will be removed i nnext VPS update