1

Hello

I have two websites based on same theme and scripts, they are on same hosting but on different accounts. Yesterday i noticed one of sites has been blocked by avast, emarketing-strategy.co.uk with following information: HTML:Script-inf

I have restored backup version of sites scanned thrue sucuri, wordfence and other antiviruses, my hosting provider also checked all files, i have used report from zulu, and few other scanning apps - and everywhere site seems is clean. But I’m still having same problem on avast. Today my second site has been blocked aswell: smartindex.co.uk

Any idea how i can solve this problem ? Sites are based on WordPress system.

Regards

2

Although not related to what you report, there sure are things that need to be taken care of.

Certificate problems :
https://www.ssllabs.com/ssltest/analyze.html?d=emarketing-strategy.co.uk

Vulnerable libraries used :
http://retire.insecurity.today/#!/scan/848fe08a01e1ce2eb6e7f301c4e6157fccdeaecf2bb3df9af24449efc55ba1b5

To report a (possible) false positive > https://www.avast.com/report-a-url.php

3

HTML:Script-inf usually mean there is a script loading content from a URL blacklisted by avast

If you post a screenshot of avast warning popup(s) then we can see exact where avast detect it

4

only this: http://imgur.com/iyrsL99

5

Outdated WordPress plug-ins: woocommerce 2.6.13 latest release (3.0.4) Update required
https://woocommerce.com/
wysija-newsletters 2.7.7 latest release (2.7.10) Update required
http://www.mailpoet.com/
contact-form-7 4.6.1 latest release (4.7) Update required
https://contactform7.com/
types 2.2.8 latest release (2.2.9) Update required
http://wordpress.org/extend/plugins/types/

See further analysis here: -https://aw-snap.info/file-viewer/?protocol=not-ecure&tgt=smartindex.co.uk&ref_sel=GSP2&ua_sel=ff&fs=1
See: https://observatory.mozilla.org/analyze.html?host=smartindex.co.uk
See: http://retire.insecurity.today/#!/scan/c600a894795ec7c85b0d37ce60c296b950c35f095908975256aa416a8ec99f32

Sucuri’s does not flag site. Here Quttera detects: /wp-content/plugins/Ultimate_VC_Addons/assets/min-js/ultimate.min.js?ver=3.16.7
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘-webkit-transition-duration: ms; -webkit-animation-duration: ms; -moz-transition-duration: ms; -moz-’]] of length 120 which may point to obfuscation or shellcode.

polonus (volunteer website security analyst and website error-hunter)

6

This detection means you try to load resources from a blocked URL, in this case from lmknjb1[.]com. What do you use this URL for? Are you using it intentionally?