Avast has been blocking one of my sites, acornhost.com, for months, and they don’t seem to respond to any requests for more info as to why, or to requests to unblock it. Now they are blocking other sites that happen to be on the same server, like emmamccreary.com. Can anyone give me any insight as to why they are blocking it, since they won’t reply? I have not found any other scanner or virus program that finds anything wrong with the server or these sites. It is very frustrating.
That is your problem, the server is hosting malware sites.
emmamccreary.com is blacklisted as a malicious site.
You can report your site as a false positive via the avast pop-up seen when your site is blocked. You would be better hosting on your own VPS / server to avoid these problems.
This is a general IP block, because of malware launched from other domain sharing that same IP. You should take that up with Liquid Web, Inc. to not longer tolerate this or clean up their act - they were attacked via /cgi-sys/defaultwebpage.cgi - Detected BlackHole v2.0 exploit kit URL patterns…
evidence of malware-> http://urlquery.net/report.php?id=9740989
You have issues with your CMS: Web application version:
WordPress version: WordPress 3.8.1
Wordpress version from source: 3.8.1
Wordpress Version 3.8 based on: htxp://emmamccreary.com/wp-includes/js/autosave.js
WordPress theme: htxp://emmamccreary.com/wp-content/themes/justme/
Wordpress internal path: /home/emmamcc/public_html/wp-content/themes/justme/index.php
This on your site is flagged as malicious: htxp://www.taoofprosperity.com/contact/ → http://zulu.zscaler.com/submission/show/74f44882d8f96b1fc017a668b44c80da-1393772611 (80/100% malicious)
also flagged as malicious by Bitdefender’s TrafficLight extension!
Last seen 2 month ago the IP was considered a threat IP - threat AlienVault danger level 3
There is also a live and active threat on that four quads site: http://support.clean-mx.de/clean-mx/viruses?id=14321213 →
HTML/Framer, which avast will detects as JS:Decode-AMQ [Trj]
avast! webshield also blocks various external links from your site: htxp://www.taoofprosperity.com/contact/ & htxp://www.acornhost.com
htxp://www.healerworks.com & htxp://www.cheekyboots.com/ as URL:Mal
polonus
This is my own server, and these are all my sites.
I still do not understand what the actual problem is. Just because it says there is malware doesn’t mean there actually is. My problem is that none of these reports point to actual files.
How exactly is my contact page at taoofprosperity.com/contact/ malicious?
I can’t find any of these reports that actually show a real file that is actually malicious. That is what is so frustrating. How am I supposed to fix it if the reports don’t actually say anything useful? I’ve had my sysadmin scan the entire server for malware. We’re running maldet, etc. There are no malicious files so what exactly is the problem?
For some problems to dive into: http://dnscheck.pingdom.com/?domain=www.taoofprosperity.com×tamp=1393803463&view=1
and here: http://dnscheck.pingdom.com/?domain=acornhost.com×tamp=1393803577&view=1
But here I see this site is no longer being blocked: http://67.227.163.176/ but is for http:// acornhost.com
which is a little weird. Could this have to do with the resolution of that domain?
polonus
There are still problems with several of those sites.
Just two examples:
http://dnscheck.pingdom.com/?domain=www.taoofprosperity.com×tamp=1393803463&view=1
https://www.virustotal.com/en/url/cd013c3aad209266f7c021b7fb63dcf1e938af59c30c4663c2fb7c4689dc1ed3/analysis/1393805194/
Hi,
What do DNS problems have to do with malware?
And the second report just says it is “reported as malicious”, not why…so that isn’t really proof of anything. I need to actually know what the problem is in order to fix it.
Hello,
there was
“acornhost.com/06099ece43caa7d9934030ffdeb976d4/compiled-wolf.php”
“emmamccreary.com/b09cdeea179566965eddd108c34f0614/dressed-neon.php” – this was unblocked recently.
Can you confirm that it was cleaned?
Which way did you use for “requests for more info”?
Milos
Our server is has been scanned, cleaned, upgraded, etc.
I have submitted “false positive” reports via the http://www.avast.com/contact-form.php contact form, probably about half a dozen in the past 6 months. No reply.
Hello,
thanks for the info, maybe we only received report of false positive on “emmamccreary.com”, because I see it already unblocked.
I will unblock the “acornhost.com” – it will be unblocked in next stream update.
Milos
thank you so much!