WebSiteBlocked
Level 2: Rookie

Broadband Protect is Blocking My Site

Hi Telstra,

 

Could you please help in relation to whitelisting a previously hacked website?

 

The affected domain name is: https://www.beed.com.au

 

The site had been infected with Malware. In response to this, we have:

  1. changed hosting providers,
  2. restored the site from the original backup,
  3. connected a SSL,
  4. ran all files through Norton and Virus Total without virus identification,
  5. changed the site's administration password, and
  6. executed a full backup of the clean site, storing off-server backups.

PLEASE NOTE: The current Name Severs shown on Virus Total relate to the previous host, not the new one.

 

In addition, Google has reviewed the site and has declared it clean. Please refer to attached screenshots for validation.

 

Could you please unblock the site, so that I can further strengthen its security?

 

Thank you very, very much for your assistance.

 

Kind regards,

Russ

 

Was this helpful?

  • Yes it was, thank you
  • No, I still need help
9 REPLIES 9
343GuiltySpark
Level 23: Superhero
Level 23: Superhero

Re: Broadband Protect is Blocking My Site

You'll need to click on the report as safe link when it comes up as blocked then wait for it be unblocked.
I work for Telstra, but my opinions are my own and not that of Telstras
ForensicsGuru
Level 21: Augmented

Re: Broadband Protect is Blocking My Site

Fresh scan on virustotal still reports: G-Data: Phishing, Fortinet: Spam
You will need to get those to give you green light first
google is NOT an ultimate source of sites being clean or not clean...
DISCLAIMER: I do not work for Telstra or any other ISP. I never did. I have wealth of practical knowledge in Computer Security and Forensic Computing. I have been in the field since 1985.

Likes (formerly Kudos) and solutions are appreciated!!!
The comments expressed by me reflect my user experience and personal opinion.
WebSiteBlocked
Level 2: Rookie

Re: Broadband Protect is Blocking My Site

Thanks, but I just receive the following notice.  Telstra doesn't seem to do anything.  Should it take longer than 4 days?

 

Thanks for responding.

 

Best regards,

Russ

WebSiteBlocked
Level 2: Rookie

Re: Broadband Protect is Blocking My Site

Thanks, but VirusTotal is still showing Name Servers that were changed 4 days ago. Thus, it's far from current in terms of the results it provides.

Telstra can check the NSs on VirusTotal and run a simple whois lookup / Terminal command to see that VirusTotal isn't even pulling through current DNS records.

Appreciate your efforts, though.

Best regards,
Russ
Jupiter
Level 25: The Singularity
Level 25: The Singularity

Re: Broadband Protect is Blocking My Site

I just tried going to your site and McAfee stopped me dead in my tracks.
Never be afraid to back yourself when trying new things, just always make sure you have 3 escape routes if things go wrong.
WebSiteBlocked
Level 2: Rookie

Re: Broadband Protect is Blocking My Site

Thank you, but a clean install has been deployed. Unfortunately Telstra and McAfee don't seem to have current results. The problem is, I'm with Telstra and cannot further strengthen the site's security, because Broadband Protect won't let me into my site. Should I switch telcos to Optus?

ForensicsGuru
Level 21: Augmented

Re: Broadband Protect is Blocking My Site

@WebSiteBlocked, just a very rough scan of your site:

 

DISCLAIMER: I do not work for Telstra or any other ISP. I never did. I have wealth of practical knowledge in Computer Security and Forensic Computing. I have been in the field since 1985.

Likes (formerly Kudos) and solutions are appreciated!!!
The comments expressed by me reflect my user experience and personal opinion.
WebSiteBlocked
Level 2: Rookie

Re: Broadband Protect is Blocking My Site

Hi ForensicsGuru,

Thank you to going to the trouble to assist me - it's truly appreciated.

That's really strange, there are no Joomla file contained in the installation or server.

I just gzipped all files within the director and ran it through VirusTotal and Norton, with No Engines Detected. It was fresh gzip scanned through at 11.11am Queensland time, AU.

Again, thanks for your efforts :-)

 

Best regards,

Russ

ForensicsGuru
Level 21: Augmented

Re: Broadband Protect is Blocking My Site

I used https://pentest-tools.com/website-vulnerability-scanning/web-server-scanner to get those.
I am guessing that you are having it hosted somewhere where you do not have a full control over the full system, but just your "site".
But following
would really worry me... I have not seen a site with open telnet port (even tcpwrapped) for ten years now... And that applies to few more...

 

PORT      STATE SERVICE    VERSION
21/tcp    open  tcpwrapped
22/tcp    open  tcpwrapped
23/tcp    open  tcpwrapped
79/tcp    open  tcpwrapped
|_finger: ERROR: Script execution failed (use -d to debug)
80/tcp    open  tcpwrapped
81/tcp    open  tcpwrapped
110/tcp   open  tcpwrapped
119/tcp   open  tcpwrapped
143/tcp   open  tcpwrapped
443/tcp   open  tcpwrapped
444/tcp   open  tcpwrapped
587/tcp   open  tcpwrapped
|_smtp-commands: Couldn't establish connection on port 587
666/tcp   open  tcpwrapped
700/tcp   open  tcpwrapped
993/tcp   open  tcpwrapped
995/tcp   open  tcpwrapped
1001/tcp  open  tcpwrapped
1025/tcp  open  tcpwrapped
1026/tcp  open  tcpwrapped
1075/tcp  open  tcpwrapped
1092/tcp  open  tcpwrapped
1096/tcp  open  tcpwrapped
1108/tcp  open  tcpwrapped
1131/tcp  open  tcpwrapped
1213/tcp  open  tcpwrapped
1217/tcp  open  tcpwrapped
1287/tcp  open  tcpwrapped
1443/tcp  open  tcpwrapped
1720/tcp  open  tcpwrapped
2003/tcp  open  tcpwrapped
2035/tcp  open  tcpwrapped
2111/tcp  open  tcpwrapped
3306/tcp  open  tcpwrapped
3371/tcp  open  tcpwrapped
4111/tcp  open  tcpwrapped
4321/tcp  open  tcpwrapped
6009/tcp  open  tcpwrapped
|_x11-access: ERROR: Script execution failed (use -d to debug)
6666/tcp  open  tcpwrapped
|_irc-info: Unable to open connection
6969/tcp  open  tcpwrapped
7000/tcp  open  tcpwrapped
|_irc-info: Unable to open connection
8080/tcp  open  tcpwrapped
8089/tcp  open  tcpwrapped
9415/tcp  open  tcpwrapped
15660/tcp open  tcpwrapped
31337/tcp open  tcpwrapped
32774/tcp open  tcpwrapped

 

Seems to me that the server is hosting much more than just your web... Among others TOR and several games? Definitely not a good practice to mix business with other stuff...

Or again, you just have a virtual webserver on machine that does all of this without you being aware of it...

DISCLAIMER: I do not work for Telstra or any other ISP. I never did. I have wealth of practical knowledge in Computer Security and Forensic Computing. I have been in the field since 1985.

Likes (formerly Kudos) and solutions are appreciated!!!
The comments expressed by me reflect my user experience and personal opinion.

Set it & forget it

With direct debit there’s no need to give paying your bill another thought.

Avoid queuing up and never worry about late fees again.

Setup direct debit