10 Sep, 2013

My site is blacklisted. What next?

Quttera's support team is being constantly contacted by website anti-malware monitoring customers whose website(s) were blacklisted. This post lists several (not all) blacklisting authorities and how to submit your site for (re)testing by them.

First, you should make sure your website no longer hosts malware, spam or any other potentially harmful content. You can do it by yourself or if you're ThreatSign customer you can simply let us do it for you.

To check by yourself, you can start with online scanning via VirusTotal and/or Quttera online scanner. When reviewing the reports make a list of vendors that detect your website.
For example in VirusTotal report:
In detection ratio you can see the number of detected engines. Below, in the Analysis tab find URL scanners that mark your site as Malware site. Later we'll see hot to request a retesting by them.
In Quttera security report. In addition to the Blacklisting you see the file-by-file breakdown with all potentially suspicious content. Expand the Scanned files analysis tab and review the threat dump for each file. Go on and check manually each one of them on your server. Remove the threat and try to re-scan again.
Once you're sure your website is clean you can continue to the next stage of the process - submit for review/ re-test.
Submit website for review by blacklisting authorities
First, it is important to mention that it is time-consuming and the results are not immediate. With Google, for example, it might take up to 3-4 days. So the key is to be patient. Below is the list that is not complete but will be a good start. We will update this post if will be required by readers/users.

  • Google Safe Browsing

The process is straightforward via Webmaster Tools and is described here:
What Causes the CVE-2023-23752 Vulnerability?
  • Sophos
We found these two ways to contact this vendor:
Reassessment Request - http://www.sophos.com/en-us/threat-center/ip-lookup.aspx#sthash.Uvzz5Bor.dpuf
and
SophosLabs IP Address Classification Lookup - https://secure2.sophos.com/en-us/threat-center/reassessment-request.aspx
As stated by Sophos you will not be contacted automatically, but they assure that the request will be reviewed in a timely manner.

  •  Fortinet

Submit review request as follows:
1. Enter your website URL here and click lookup
2. When the report is generated scroll down to the Classification/Rating request and fill the form. Click submit. You can add screenshots as well.
If it's not clear by now that this is something to be taken seriously, it should be. Joomla! website operators should also take note of how much potential damage could come from a vulnerability exploit if this is left unchecked, with Joomla malware able to severely damage your operations.
  • Bitdefender

The only way we found is to register in the Forum and ask for a website review.
http://forum.bitdefender.com/index.php?showforum=138
  • Scumware

We found just simple contact form http://www.scumware.org/contact.scumware
In the message section ask them to review your site.
  • McAfee Site Advisor

In the User Feedback page fill in the form and choose the Type of inquiry as Submit a site for (re) testing.
Summary
It is always a head-ache to get out of blacklists, so preventive measures and monitoring are essential steps to avoid this. Let us know if the info in post was helpful and share your experience. Read more about common pitfalls that make your website hacking easier here