Website marked as infected.

Hello,

So we’ve been having issues with users of your antivirus solutions (Avast and AVG) getting blocked from our websites due to being “URL:Mal”.

This is incredibly frustrating to figure out, especially since the software’s logs do not explain the actual reason that the website is considered “infected” with malware.

Anyway, we have read another post about a similar issue here: https://forum.avast.com/?topic=161167.0

We have checked:

  • we are not on a free dns service (ie: afraid.org)
  • our CDN’s IPs (Incapsula) are listed as hosting malware - we have removed the CDN and we are falling back to our own IPs which don’t appear in any blacklist.

The domains remain blocked in Avast and both AVG.

The domains affected are:

  • umusic.ro
  • getmusic.ro

Please let us know how can we get these unblocked.

umusic.ro is not blocked by avast
URL:Mal means that the IP and/or Domain is blocked (can be a link to a blacklisted domain on the site).

Outdated software (update required):
https://sitecheck.sucuri.net/results/umusic.ro
youtube-embed-plus 11.4 latest release (11.7.1) Update required

Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.
ID User Login
1 Universal Music Romania admin
2 Malina Mindrutescu m

Vulnerable library (needs to go) :
http://retire.insecurity.today/#!/scan/0aa3438e1e7fa2d304b91e0cd9fbea02266871685de5e86ee683a748b816f6a2

I understand the impact of the vulnerable wordpress plugin (and that is up to the agency to fix, will be fixed).

So umusic.ro is blocked because it links to getmusic.ro;

But there is absolutely no explanation as to why getmusic.ro is blocked, even after the IP change. IP which doesn’t appear in any blacklist.

Suspicious script and browser difference :
https://www.websicherheit.at/website-malware-viren-scanner/?url=getmusic.ro

Vulnerable library :
http://retire.insecurity.today/#!/scan/4f8255d662a390d0a107b5d9fd98d1adf65f6fd5fcbf46e155111075d106f199

Malware detected :
http://urlquery.net/report.php?id=1494424878827

https://www.avast.com/report-a-url.php

I have unblocked getmusic[.]ro :wink: But please keep in mind Eddy’s recommendations!

Thank you.

I recommend to be more verbose towards site owners as to why it’s blocked by avast/avg.