Other issues in this category (93)
Let's start with a clean slate
Monday, May 7, 2018
Hello! I bought several domains for my blogs, but then I found out that they’re in the Dr.Web database of unwanted sites, and I don’t know why. Could they have been added to that database before I purchased them (from the previous owner)?
A question for Doctor Web’s tech support
Bad news... Someone registered websites and then used them to spread malicious software or engage in fraudulent schemes. And once those resources were added to blacklists, the cybercriminals who owned them sold them.
So, the new owner, who bought those domains without checking to see whether they were on any protection system blacklists, contacts us, requesting that we make them accessible. What should we do?
The answer: nothing. At the moment the request was submitted to our technical support, the websites still contained malicious/fraudulent content, and our specialists can’t know for sure that the new owners have really been scammed and that they are not fraudsters.
Important! Access to a resource can be blocked not only because it has objectionable content, but also because it’s been hacked and injected with malicious code.
Webpage static analysis involves searching for malicious inserts (java script in most cases), spam links or spam content, phishing webpages and other static elements in a scanned page and in file plugins. The scanning of such fragments is performed on the basis of a signature database or on a specific set of regular expressions. If malicious code is constantly present on a page and in downloaded files, or it is known to the web scanner (i.e., because it’s been added to the signature database), the web scanner will detect it. But that doesn’t always happen. For example, malicious code can be loaded from another resource or it can perform some unauthorised actions under certain conditions:
- once a page is loaded, it’s injected with java script that performs a drive-by download attack
- as the user leaves the page, the code is loaded, and then “popunder” with adult content opens
- the visitor surfs the page for a few seconds, and only then are they redirected to a paid subscription (for SMS)
- and so on
Here are few examples:
The Anti-virus Times recommends
- If you’re buying or selling a website or some other Internet resource, check its reputation. If it’s been added to blacklists by mistake, it will be removed from them almost instantly. You can check whether a link has been added to the Dr.Web Parental Control blacklists here: https://vms.drweb.com/online. On the Internet, you can easily find services to remove addresses from other lists.
- If you bought a website that’s been added to the blacklist and want it removed from there, before contacting us, replace the contents of the website so we can be sure you are not contacting us for fraudulent purposes. After we examine it, we will remove the website’s access restrictions.
- If your site has become a source of spam or viruses and it’s been put on the Dr.Web Parental Control blacklist, when contacting our technical support service, provide them with an anti-virus scan report and the anti-virus log files. Our specialists will help you figure out what’s causing this situation.
To collect system information in a system where an event has occurred, download the Dr.Web SysInfo utility, launch it, and click on the “Generate report” button.
After you see a message telling you that an archive has been formed successfully, you’ll find a link to a file that looks like this: “Computer name. Your user name. Date. zip. report generation time”. Attach it to your technical support request.