Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How can I allow IGMP-traffic in FirewallD? Question Question
How to stop udp/tcp ddos attack? Question Question

Question

VPS - Avast showing threat and block site and IP

Posted February 18, 2017 2.9k views
CentOSFirewall

Hi,

I am using CentOS and have three domains on my droplet all are Wordpress.

If I want to access them when AVAST is turn ON get error and Avast block the site. THREAT HAS BEEN DETECTED. Same if I want to access my Direct Admin CPANEL with IP.

If I turn OFF Avast all its working fine.

Add a comment
webjuice
By:
webjuice

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How can I allow IGMP-traffic in FirewallD? Question Question
How to stop udp/tcp ddos attack? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
5 answers
jtittle1 February 18, 2017

@webjuice

Does Avast provide details on what it’s picking up?

I’ve seen some instances where software that’s supposed to “protect” you from visiting harmful sites report false-positives such as when making an HTTPS request on a domain that doesn’t have a valid, working SSL certificate installed.

If you’ve not installed an SSL certificate on cPanel to cover your hostname and links, that may be one flag since, IIRC, cPanel enforces SSL, whether you have a valid certificate or not.

You can do a lookup on your Droplet IP also to see if it’s potentially in one of the well-known lists that many pieces of software use. Simply enter your Droplet IP in the input box on the page below, click submit and let it run.

https://www.whatismyip.com/blacklist-check/

Reply Report
webjuice February 18, 2017

this is my droplet ip: 37.139.25.243 and domains where the SSL is enabled through directadmin.

https://webjuice.ie/
https://webjuice.sk/

there is no anything blacklisted https://www.whatismyip.com/blacklist-check/

Reply Report
hansen February 19, 2017

Seems like that IP-address had/has issues:
https://virustotal.com/en/url/a3476cfb14225e8767f6967c8d43a6fe8d05e9034616a997b8050fe7f39c4945/analysis/
I’ve send a request to Kaspersky to re-scan the url: https://virusdesk.kaspersky.com/

Reply Report
webjuice February 28, 2017

still not answer from kaspersky. Can you please help what to do? thanks

Reply Report
webjuice March 4, 2017

Can you please somebody help. Kaspersky still showing as virus http://37.139.25.243

Reply Report

Related

Looking for something else?

Ask a new question Search for more help