My site still blocked by avast - cleanead up

system · 2015-11-16T20:46:19.000Z

Hello,

So i have received many alerts that’s my website could be infected by malware etc. I got people to clean code & everything up, and we are 100% sure that my code is perfectly clean. But avast is still blocking visitors to enter my website:

idosk8.com

Where can I ask Avast to reanalyze the website, update it’s data base and let people in again?

Thank you.

Pondus · 2015-11-16T20:50:58.000Z

It seems they did a bad clean up job https://sitecheck.sucuri.net/results/idosk8.com

system · 2015-11-16T20:54:39.000Z

I tried to view the link of Sucuri’s MW:JS:GEN2?web.js.malware.fake_jquery.001 definition page and my Avast popped up a JS.LLLredir-AQ[Trj] blocking warning and Firefox denied access. :o

Pondus · 2015-11-16T21:00:36.000Z

Because Sucuri display malware code samples on the website

Eddy · 2015-11-16T21:13:17.000Z

Over 100(!) alerts :
http://urlquery.net/report.php?id=1447707423248
http://urlquery.net/report.php?id=1447707456187

Blacklisted by Spamhaus, McAfee and many others :
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=185.23.21.13
http://zulu.zscaler.com/submission/show/dd42904a6c1a9e1a221ef21a1bf7dc7a-1447707300
http://multirbl.valli.org/lookup/185.23.21.13.html

SSL problems:
https://www.ssllabs.com/ssltest/analyze.html?d=idosk8.com

Really bad IP history :
https://www.virustotal.com/en/ip-address/185.23.21.13/information/

polonus · 2015-11-16T22:42:36.000Z

You have three vulnerable script libraries running there at -http://idosk8.com
Detected libraries:
jquery-migrate - 1.2.1 : -http://idosk8.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.3 : -http://idosk8.com/wp-includes/js/jquery/jquery.js?ver=1.11.3
jquery - 1.8.1 : -http://ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.10.2 : -http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
jquery - 1.8.3 : -http://player.ooyala.com/v3/281bc476baa343bc91db3aeaf6f1a2f5?platform=html5-priority
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
swfobject - 2.2 : -http://player.ooyala.com/v3/281bc476baa343bc91db3aeaf6f1a2f5?platform=html5-priority
3 vulnerable libraries detected

Open to pharmaspam is Results from scanning URL: -http://idosk8.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Number of sources found: 0
Number of sinks found: 3

Are all plug-ins updated and patched or is there left code?
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

wp-postratings 1.82 latest release (1.82)
http://lesterchan.net/portfolio/programming/php/
qtranslate 2.5.39
wp-polls 2.70 latest release (2.70)
http://lesterchan.net/portfolio/programming/php/
captcha 4.1.5 latest release (4.1.5)
http://bestwebsoft.com/products/
akismet latest release (3.1.5)
http://akismet.com/
most-shared-posts 1.1.0 latest release (1.1.0)
http://www.tomanthony.co.uk/wordpress-plugins/most-shared-posts/
contact-form-7 4.3 latest release (4.3)
http://contactform7.com/

User Enumeration is possible… for instance the admin log-in… It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Improve security and retire the outdated script libraries. We are volunteers here and no Avast Team Members. Only an Avast Team Member may unblock your website. You may have to wait for a reaction from one of them or report to
them directly.

polonus (volunteer website security analyst and website error-hunter)

system · 2015-11-17T11:22:39.000Z

Could you please check my site? Avast is blocking it but I’ve run a number of online screening and they don’t detect anything.

http://resto-web.es

Thanks

Eddy · 2015-11-17T11:46:08.000Z

balicorreo,

please start your own thread and make the link not clickable.

Pondus · 2015-11-17T11:48:03.000Z

balicorreo post:7:

Could you please check my site? Avast is blocking it but I’ve run a number of online screening and they don’t detect anything.

http://resto-web.es

Thanks

INFECTED https://sitecheck.sucuri.net/results/resto-web.es

polonus · 2015-11-17T14:02:02.000Z

There is a security issue with your WordPress configuration: Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled

Check plug-ins for updates or whether the code has been left by developer:
The following plugins were detected by reading the HTML source of the WordPress sites front page.

plugin_photogallery
asesor-cookies-para-la-ley-en-espana latest release (0.21)
http://webartesanal.com
jetpack latest release (3.8.0)
http://jetpack.me
dropdown-menu-widget latest release (1.9.4)
http://shailan.com/wordpress/plugins/dropdown-menu
addthis latest release (5.2.0)
http://www.addthis.com
google-analyticator latest release (6.4.9.6)
http://www.videousermanuals.com/google-analyticator/
wp-lightbox-2 latest release (3.0.5)
http://wpdevart.com/wordpress-lightbox-plugin
hot_gallery
hot_carousel

Code to be retired, because vulnerable!
Detected libraries:
jquery-migrate - 1.2.1 : -http://resto-web.es/wp-includes/js/jquery/jquery-migrate.min.js?ver=9a4f648a3502a71b116f51b951da98ef
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.3 : (active1) -http://resto-web.es/wp-includes/js/jquery/jquery.js?ver=9a4f648a3502a71b116f51b951da98ef
(active) - the library was also found to be active by running code
1 vulnerable library detected

Announcements