Sites blocked by malware scanner

[HansR]

@PaulMy, @Dador:

Please note that both your sites are blocked by my malware scanner. And from the CUtils sites you are the only two which are blocked. This has happened before in the past, it seemed to be resolved but has recurred. It may be that the shared IP causes the detection. You could ask your provider to be changed to another pool? I don't know.

Please also see my remark at the end of this post.

[HansR]

Oh and the effect is there since about 5 days so let's say around the 12th (+/- a day or 2)

[Dador]

Could you send me a screenshot of what Malwarebytes says? I will write to the hosting provider about this.

[Dador]

If you can, please delete cookies for my website in your browser.

I just had my Let's Encrypt https certificate renewed about 5 days ago.

[HansR]

If you can, please delete cookies for my website in your browser.

I just had my Let's Encrypt https certificate renewed about 5 days ago.

Unfortunately it does not work (I first thought it did but I had switched off MB)

[HansR]

Could you send me a screenshot of what Malwarebytes says? I will write to the hosting provider about this.

Translation: Website blocked because of infection.
If you do not want to block this enter it as an exception. (Alas, that does not work)
I will definitely also contact MB.

Schermafbeelding 2025-02-17 113104.png

[HansR]

Note: this has happened before with more sites but now it has recurred only with yours and Pauls

[freddie]

Didn't MB flag the forum at one time? I remember it making me feel a bit panicked! But IIRC it was a false positive.

[broadstairs]

False positives with Malwarebytes is a common issue in my experience. Neither of the reported sites give me an issue.

Stuart

[HansR]

Didn't MB flag the forum at one time? I remember it making me feel a bit panicked! But IIRC it was a false positive.

and @broadstairs:

I agree MB is sensitive yes. But all problems last time referred to Highcharts as an advertising site. As a result nobody (with MB) was able to access sites which included the Highcharts libraries. I managed to resolve that and convince MB that including the libraries is different from accessing a website. Now Highcharts can be accessed without problems.

This seems to be different. I am far from sure this is a false positive, more that the sites use cross reference to multiple CMXs, Multiple themselves, multiple CUtils. And somewhere there I believe lies the problem (I think).

I may well be that it is a false positive, but it may also be that MB detects a weakness which makes access for malware easy.

Note that it even does not work by putting the sites on my 'allow'-list.

[HansR]

Fwiw: I contacted MB and we are in discussion about the false positives (and why).

[HansR]

And in addition: the blockage is only on laptop/Windows.
Phone or tablet have no problem.

[HansR]

I received info by MalwareBytes:

1. komokaweather.com is OK they say:

   that the website has been cleaned up and that the block on this website will be lifted soon. Please allow an hour or so for the updated definitions to be processed

   I can confirm your site is working again @Paul
2. pogodarybnik.pl is more complex:

   Please note that in this case, it's not the website itself that is being blocked but it is the IP address of the server where the website is hosted that's causing the issue.
   
   The server at the IP address 77.55.253.208 has been compromised and is currently being used for brute force attacks and other malicious acts against other networks and computers.
   
   To learn more about the IP address in question, you can visit this link: https://www.abuseipdb.com/check/77.55.253.208
   If you know the site owner then please share the link with them.
   
   This site is on a shared server with other websites on the server It is important to note the risks associated with having a website on a shared server. You can learn more about these risks by visiting the following page: https://wp-wingman.com/the-dangers-of-u ... vent-them/
   
   
   If you are the site owner then It's highly recommended that you speak to your hosting provider to get this issue resolved as soon as possible. Alternatively, you may want to consider changing your hosting company.

   @Dador: I would advise you to request your provider being moved to another server

[PaulMy]

Thanks Hans, great follow up!
I did have a similar 'blocked IP' on my GoDaddy shared hosting last year but that eventually got cleaned up. So glad to hear it is now still fine.

Your advice to @Dador is good, but if the provider is like GoDaddy, then easier said than done.

Enjoy,
Paul

[HansR]

Thanks Hans, great follow up!
I did have a similar 'blocked IP' on my GoDaddy shared hosting last year but that eventually got cleaned up. So glad to hear it is now still fine.

Your advice to @Dador is good, but if the provider is like GoDaddy, then easier said than done.

If a provider does not act properly he is part of the problem so a good reason to move.