Question

Problem with Malware

Posted June 5, 2014 7.6k views
Hello guys, recently i just created a machine pre installed with Ghost, http://blog.herebecoders.com/ and there are some guys when they enter in my blog that their anti-virus is accusing the site as harmfull... also i found this website which is saying the same: http://trafficlight.bitdefender.com/info?url=http%3A%2F%2Fblog.herebecoders.com&language=en_US The only thing i did was in the nginx config to point the "blog" subdomain to the Ghost blog, and the main domain to is pointing to a index.html file which redirects to blog.herebecoders.com. Can somebody help me with that? Thanks
Add a comment
m.soares2603
By:
m.soares2603

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
8 answers
asb June 5, 2014
Hi!

I ran your site through a few other malware detectors, and it's not showing positive. It's possible that bitdefender uses a list of IPs that previously had malware instead of actively scanning when you enter the sites domain. You could try taking a snapshot and spinning up a new instance of your site on a different IP address. Or you might want to contact bitdefender directly and ask them to rescan the site.

Let us know how it goes!
Reply Report
  • micheleomini February 25, 2019

    Hi, I need malware detection for my website, there are some doubts that my website has some kind of viruses, can you please go over the website?

    Thanks in advance

    Reply Report
m.soares2603 June 5, 2014
Yeah, i think you might be right... i just checked this url:

https://www.virustotal.com/en/url/7d76a1fc21bf33ca92d70b9f2313769672c17e485be316826fdfe25612b5c065/analysis/

And it says that only bitdefender accuses it as a malware...

Could you give some detailed explanations (or maybe a url of digital ocean's tutorial) of how can i do this snapshop and then run a new machine and recover everything i did?

Thanks Andrew for your help!
Reply Report
kamaln7 June 5, 2014
Take a look at https://www.digitalocean.com/community/articles/how-to-migrate-droplets-using-snapshots. Make sure you create the new droplet before destroying the old one so you get a new IP address.
Reply Report
m.soares2603 June 5, 2014
That`s great!

Just one last question, if I create a new Droplet to use the snapshot, will I pay the monthly cost for the 2 droplets? the one I just created, and the one i deleted?
Reply Report
kamaln7 June 5, 2014
You would pay the same amount you would pay if you kept the existing droplet running for the rest of the month. Since you're billed hourly, replacing a droplet with one of the same size shouldn't affect your bill.
Reply Report
m.soares2603 June 5, 2014
Ahhhh cool, i thought it was monthly, not hourly.

Thanks Kamal!
Reply Report
m.soares2603 June 5, 2014
I'd like to make another question about this malware problem...

I Just updated my ngnix version to 1.6.0, and when i run my IP in this malware checker, its says that everything is ok

http://sitecheck.sucuri.net/results/162.243.91.192

But when I run my domain "which is configured to point to this ip", it says that it has some problems, also with the nginx version

http://sitecheck.sucuri.net/results/blog.herebecoders.com

How is that possible if this domain is pointing to this server?

Thanks Guys for all this help.
Reply Report
m.soares2603 June 5, 2014
Sorry but i think i just got the answer...

When I ran my domain on this website, it had the old version of NGINX, and it may have cached this status...

now that i updated, i tried running another subdomain and it's ok

http://sitecheck.sucuri.net/results/www.herebecoders.com

Thx anyway :)
Reply Report

Looking for something else?

Ask a new question Search for more help