Hello,
So i have received many alerts that’s my website could be infected by malware etc. I got people to clean code & everything up, and we are 100% sure that my code is perfectly clean. But avast is still blocking visitors to enter my website:
Where can I ask Avast to reanalyze the website, update it’s data base and let people in again?
Thank you.
It seems they did a bad clean up job https://sitecheck.sucuri.net/results/idosk8.com
I tried to view the link of Sucuri’s MW:JS:GEN2?web.js.malware.fake_jquery.001 definition page and my Avast popped up a JS.LLLredir-AQ[Trj] blocking warning and Firefox denied access. :o
Because Sucuri display malware code samples on the website 
Over 100(!) alerts :
http://urlquery.net/report.php?id=1447707423248
http://urlquery.net/report.php?id=1447707456187
Blacklisted by Spamhaus, McAfee and many others :
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=185.23.21.13
http://zulu.zscaler.com/submission/show/dd42904a6c1a9e1a221ef21a1bf7dc7a-1447707300
http://multirbl.valli.org/lookup/185.23.21.13.html
SSL problems:
https://www.ssllabs.com/ssltest/analyze.html?d=idosk8.com
Really bad IP history :
https://www.virustotal.com/en/ip-address/185.23.21.13/information/
You have three vulnerable script libraries running there at -http://idosk8.com
Detected libraries:
jquery-migrate - 1.2.1 : -http://idosk8.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.3 : -http://idosk8.com/wp-includes/js/jquery/jquery.js?ver=1.11.3
jquery - 1.8.1 : -http://ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.10.2 : -http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
jquery - 1.8.3 : -http://player.ooyala.com/v3/281bc476baa343bc91db3aeaf6f1a2f5?platform=html5-priority
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
swfobject - 2.2 : -http://player.ooyala.com/v3/281bc476baa343bc91db3aeaf6f1a2f5?platform=html5-priority
3 vulnerable libraries detected
Open to pharmaspam is Results from scanning URL: -http://idosk8.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Number of sources found: 0
Number of sinks found: 3
Are all plug-ins updated and patched or is there left code?
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
wp-postratings 1.82 latest release (1.82)
http://lesterchan.net/portfolio/programming/php/
qtranslate 2.5.39
wp-polls 2.70 latest release (2.70)
http://lesterchan.net/portfolio/programming/php/
captcha 4.1.5 latest release (4.1.5)
http://bestwebsoft.com/products/
akismet latest release (3.1.5)
http://akismet.com/
most-shared-posts 1.1.0 latest release (1.1.0)
http://www.tomanthony.co.uk/wordpress-plugins/most-shared-posts/
contact-form-7 4.3 latest release (4.3)
http://contactform7.com/
User Enumeration is possible… for instance the admin log-in… It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Improve security and retire the outdated script libraries. We are volunteers here and no Avast Team Members. Only an Avast Team Member may unblock your website. You may have to wait for a reaction from one of them or report to
them directly.
polonus (volunteer website security analyst and website error-hunter)
Could you please check my site? Avast is blocking it but I’ve run a number of online screening and they don’t detect anything.
Thanks
balicorreo,
please start your own thread and make the link not clickable.
There is a security issue with your WordPress configuration: Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
/wp-content/uploads/ enabled
Check plug-ins for updates or whether the code has been left by developer:
The following plugins were detected by reading the HTML source of the WordPress sites front page.
plugin_photogallery
asesor-cookies-para-la-ley-en-espana latest release (0.21)
http://webartesanal.com
jetpack latest release (3.8.0)
http://jetpack.me
dropdown-menu-widget latest release (1.9.4)
http://shailan.com/wordpress/plugins/dropdown-menu
addthis latest release (5.2.0)
http://www.addthis.com
google-analyticator latest release (6.4.9.6)
http://www.videousermanuals.com/google-analyticator/
wp-lightbox-2 latest release (3.0.5)
http://wpdevart.com/wordpress-lightbox-plugin
hot_gallery
hot_carousel
Code to be retired, because vulnerable!
Detected libraries:
jquery-migrate - 1.2.1 : -http://resto-web.es/wp-includes/js/jquery/jquery-migrate.min.js?ver=9a4f648a3502a71b116f51b951da98ef
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.3 : (active1) -http://resto-web.es/wp-includes/js/jquery/jquery.js?ver=9a4f648a3502a71b116f51b951da98ef
(active) - the library was also found to be active by running code
1 vulnerable library detected