My website is blocked by avast

My website was infected, but now we have clean our website. Unfortunately , avast still blocking our website. As do to not be in the blacklist of avast ?
my website url: studio-kodaly.ch

https://sitecheck.sucuri.net/results/studio-kodaly.ch

Vulnerable libraries: http://retire.insecurity.today/#!/scan/e7bb1c5133eba6e8065d8fc4f724db889364c1d7e42cd47dd1009520c1cffa67

Blacklisted by Bitdefender: https://www.virustotal.com/en/url/4438f12f7c91a19b7e94a109848a2e8988d26f1b7fb3180048d6f207c5660860/analysis/1456140289/

Fake jQuery has been flagged. Theme setting may have been changed
Check the plug-in code: -http://www.studio-kodaly.ch/wp-content/plugins/LayerSlider/static/js/greensock.js?ver=99d70ab2284cddc8b1ddf1d85b5d4b3a
There is strange script in header.php.
See where this lands: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.studio-kodaly.ch%2Fwp-content%2Fplugins%2FLayerSlider%2Fstatic%2Fjs%2Flayerslider.transitions.js%3Fver%3D99d70ab2284cddc8b1ddf1d85b5d4b3a
→ Results from scanning URL: -http://cn.shopfans.com/assets/js/index.4443fe710.js
Number of sources found: 143
Number of sinks found: 46

Check: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.studio-kodaly.ch%2Fwp-includes%2Fjs%2Fjquery%2Fjquery-migrate.min.js%3Fver%3D99d70ab2284cddc8b1ddf1d85b5d4b3a
This is the code flagged as it should be retired - so zipfile for later reference and mitigate.

Also check on: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.studio-kodaly.ch%2Fwp-includes%2Fjs%2Fwp-embed.min.js%3Fver%3D99d70ab2284cddc8b1ddf1d85b5d4b3a

You should wait for the final verdict to come from an Avast Team Member, as we here are only volunteers,
and only Avast Team Members may decide to unblock.

I would of course mitigate the vulnerabilities. You also have insecure Identifiers for 7 third parties.

Then there is SPOF code: Possible Frontend SPOF from:

fonts.googleapis.com - Whitelist
(46%) -
(38%) -
(27%) -

You have a reverse DNS problem also as I get

The web host -h2web36.infomaniak.ch does not exist.

http://toolbar.netcraft.com/site_report?url=http://www.studio-kodaly.ch
web hoste not found

You should take that up with INFOMANIAK NETWORK.

polonus (volunteer website security analyst and website error-hunter)

Theres alot of stuff wrong with your site.

Always keep your sites software up-to-date, AND use CloudFlare or EVEN BETTER Incapsula for protection.

Hi Steven Winderlich,

Why advise “ClownFlare” anyway? Because PHISHers love it?
You should know better by now then to advise on “half-baked” security. :wink:

Damian

I dont want to be unfair, ill let him choose, at least i wrote OR BETTER so he will see that Incapsula is way better than ClownFlare :stuck_out_tongue:

I really do not have a preference where bulk-hosting is concerned.
Know that when you can afford dedicated hosting you are a winner. Or learn to be security savvy yourself! We here did the same helped by the platform avast provided for us and lots and lots of reading, scanning and experience. ;D
Do you have SSL from one end to the other end and not with a MITM problem even better for you. In that case there are no insecure identifiers for others to snoop on. Trackers are less happy, “so mote it be”.
First comes that you know how to keep your website software secure, and whenever you do not have the expertise to accomplish this let others with relevant knowledge do it for a fee for you. There are enough firms into pro-active hosting, monitoring of your website’s security etc.
It is often those people that take the decisions that want to economize in the wrong way and because of their blissful ignorance website security is always a last resort thing and commerce and/or marketing come first.

polonus (volunteer website security analyst and website error-hunter)

Hello

Site was removed from Blacklist yesterday
in VPS update 160222-1, no more alert now.

Great to learn the website is no longer blocked and so free of malcode.
However if I was the owner I would like to mitigate the insecurities and vulnerabilities found to make that website even more secure. Stay secure with Avast both online and offline,

polonus