Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted May 30, 20168 yr Its been 3 times happening in the past 8 months the last 2 times i reported as false positive and i got removed from block list but today i see again my forum link blocked by 4 antivirus here https://www.virustotal.com/en/url/4cdbced63ae993b07eb786a204ab4bccb7c54333287444bb1bd0e1a6180ce878/analysis/1464627612/ and my main website link is clean https://www.virustotal.com/en/url/c99e00334fd248422e02b2699561b5ac7c38131e96b5278a9b969d4e063cec6f/analysis/1464628189/ I have no idea why i get blacklisted by antivirus and im not been hacked at all the reason must be forum topics or iframe's i use maybe :/ does anyone have any idea what is going on here or to see what exactly is on my forum link that antivirus blocks ??? no idea where to check
May 30, 20168 yr Author I just got a message about my False Positive report and i got removed from one of the antiviruses list which was Dr.Web still 3 blacklisted my website tho no idea why i get blacklisted and no idea where to check or prevent from happening :/
May 31, 20168 yr Your chatbox script, http://hellshammers.net/applications/bimchatbox/interface/chat/chatbox120.js?v=d54530563a is malicious I think, presumably because the site has been hacked rather than because the distributed version is malicious, but I would recommend checking. Actually, it looks like that might be just obfuscated, not malicious, but the following tip is still worth doing: Take your site offline, back up all the files for analysis, then delete most of the files except /uploads/ and /conf_global.php, then reupload everything. The scanners don't seem particularly confident in their conclusion, but it looks like they think the site may have been hacked - see https://csi.websense.com/Report/Index/2800494f-ab34-4fc6-b3c3-a61700415f04. It is possible that they are just seeing that obfuscated file and assuming that it's malicious, but scanning other sites that also have it returns no results. However, I can't find anything malicious myself.
May 31, 20168 yr Author 9 hours ago, Colonel_mortis said: Your chatbox script, http://hellshammers.net/applications/bimchatbox/interface/chat/chatbox120.js?v=d54530563a is malicious I think, presumably because the site has been hacked rather than because the distributed version is malicious, but I would recommend checking. Actually, it looks like that might be just obfuscated, not malicious, but the following tip is still worth doing: Take your site offline, back up all the files for analysis, then delete most of the files except /uploads/ and /conf_global.php, then reupload everything. The scanners don't seem particularly confident in their conclusion, but it looks like they think the site may have been hacked - see https://csi.websense.com/Report/Index/2800494f-ab34-4fc6-b3c3-a61700415f04. It is possible that they are just seeing that obfuscated file and assuming that it's malicious, but scanning other sites that also have it returns no results. However, I can't find anything malicious myself. mmm I have already looked at https://csi.websense.com/Report/Index/2800494f-ab34-4fc6-b3c3-a61700415f04 it shows some of the topic links :/ and i cant check what topic exactly and this might be possible if they contain some malicious links in it, but i cant go to this topic links to check But thanks for the tip i will try to deleted everything even plugins and apps then downloading a fresh files More info: I do not think i have anything dangerous but recently been using this http://simplehtmldom.sourceforge.net/ it is in a trusted source anyways but any ideas? 1 hour ago, duyfr said: do you use plugin or application nulled ? No i do not
May 31, 20168 yr Author never mind now i can see the links that they thinks its malicious url here https://csi.websense.com/Report/Index/2800494f-ab34-4fc6-b3c3-a61700415f04 but i have checked a couple of the links they all seem to be normal and there are no external links used in the topics besides some images for example the first link which is this one http://hellshammers.net/forums/topic/2181-introducing-myself/?do=getNewComment no idea why its suspected as malicious url
May 31, 20168 yr 6 minutes ago, TAMAN said: never mind now i can see the links that they thinks its malicious url here https://csi.websense.com/Report/Index/2800494f-ab34-4fc6-b3c3-a61700415f04 but i have checked a couple of the links they all seem to be normal and there are no external links used in the topics besides some images for example the first link which is this one http://hellshammers.net/forums/topic/2181-introducing-myself/?do=getNewComment no idea why its suspected as malicious url I would be cautious about writing off the issue though - my site has previously been flagged by Avast as being malicious, which we were pretty sure was just a false positive, but about a week later the site was flagged as malicious by Google safebrowsing, and it turned out that it has actually been infected.
May 31, 20168 yr Author Well i just got removed from avira im pretty sure its just another false positive now only 2 antiviruses left https://www.virustotal.com/en/url/4cdbced63ae993b07eb786a204ab4bccb7c54333287444bb1bd0e1a6180ce878/analysis/1464737742/ and i have no idea where to report as false positive for that its weird the topic links show like this here https://csi.websense.com/Report/Index/2800494f-ab34-4fc6-b3c3-a61700415f04 http://hellshammers.net/forums/topic/2172-preussenbub/?do=getNewComment http://hellshammers.net/forums/topic/2182-overwatch/?do=getLastComment http://hellshammers.net/forums/topic/2186-waves-howdy/?do=getNewComment http://hellshammers.net/forums/topic/2161-new-logo-design/?do=getLastComment http://hellshammers.net/forums/topic/2182-overwatch/?do=getLastComment any ideas?
May 31, 20168 yr 1 minute ago, TAMAN said: Well i just got removed from avira im pretty sure its just another false positive now only 2 antiviruses left https://www.virustotal.com/en/url/4cdbced63ae993b07eb786a204ab4bccb7c54333287444bb1bd0e1a6180ce878/analysis/1464737742/ and i have no idea where to report as false positive for that its weird the links show like this http://hellshammers.net/forums/topic/2172-preussenbub/?do=getNewComment http://hellshammers.net/forums/topic/2182-overwatch/?do=getLastComment http://hellshammers.net/forums/topic/2186-waves-howdy/?do=getNewComment http://hellshammers.net/forums/topic/2161-new-logo-design/?do=getLastComment http://hellshammers.net/forums/topic/2182-overwatch/?do=getLastComment any ideas? That's weird. The only thing I can think of is that perhaps you were hacked, but it only shows up on some pages, though unless you updated IPS between when it was first detected and now, it seems strange that it would have stopped. I would still recommend replacing the files, just in case, or at least running a diff tool (the IPS md5 checker is a good start, and is run if you start the support tool ("something's not working correctly", and it's after clearing caches, but before the upgrade check or disabling adverts)).
Archived
This topic is now archived and is closed to further replies.