Need help with getting my site unblocked

Avast users visiting HaylingU3A.org.uk see a message headed ‘Threat blocked’. The reported object is: http://188.65.115.178. The ‘infection’ reported is URL:mal.

You can see a screen shot at http://www.seeita.com/u3aavastfix/ThreatBlocked.png

I’m the site developer and confident (within reason) the site does not have a problem. It shows as clean right now on VirusTotal and has done ever since we first heard the site was blocked several weeks ago. Neither Google nor Bing have ever reported a problem found by their scans. Only Avast users are reporting a problem.

The site uses a recent version of WordPress and PHP. The third-party plugins we use are all reputable (or we developed them ourselves) and have not caused problems for other sites I have developed.

I suspect the problem is that there might be / have been a problem with one of the sites hosted at the reported IP address which is operated by hosting company Vidahost. We obviously have no control over other sites hosted on the same server.

Worse, the block message gives us no diagnostic information we can take to Vidahost (or that would help us investigate a potential issue on our own site).

We have reported a false positive via the link shown in the block window several times over last month, or so but have had no response.

We have used the site to launch a membership campaign in the local press but some potential members are not getting through. The message clearly reflects badly on us.

So, what else can I do to clear the blockage or get some better diagnostic information?

Andy

I am able to access with no problems all areas except the private ones http://haylingu3a.org.uk/

One thing :

Update WordPress, Apache and PHP to the latest versions, especially PHP, it will give you a good performance boost :slight_smile:

SECURITY ISSUES:

USER ENUMERATION IS POSSIBLE.

Also JQuery needs to be retired: http://retire.insecurity.today/#!/scan/72b96380a39ada1f6d91f40f2a1f08f644de3f6af01b142b0fd9f740b0344856

URL:Mal = Domain and/or IP is blacklisted.
avast currently doesn’t block the domain nor the IP, but it can happen anytime soon.

Blacklisted :
http://zulu.zscaler.com/submission/show/65405af909d369f96f91bd937458c455-1457366272
http://multirbl.valli.org/lookup/188.65.115.178.html
http://urlquery.net/report.php?id=1457366714578
http://urlquery.net/report.php?id=1457366708068

Ofcourse the reported object is that IP.
It is the IP from your site.

Like Eddy and Steven Winderlich say, you have insecure plug-in code running there:
-http://haylingu3a.org.uk
Detected libraries:
jquery-migrate - 1.2.1 : -http://haylingu3a.org.uk/wp/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.2 : -http://haylingu3a.org.uk/wp/wp-includes/js/jquery/jquery.js?ver=1.11.2
1 vulnerable library detected

The use of jquery-migrate.min.js?ver=1.2.1 enhances the insecurity of jQuery as such.
Re: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fhaylingu3a.org.uk%2Fwp%2Fwp-includes%2Fjs%2Fjquery%2Fjquery-migrate.min.js%3Fver%3D1.2.1

polonus

Are you saying that Avast didn’t raise a threat warning? I ran updates this morning and got a message saying I was all up-to-date but I still got the threat warning.

Andy

did you reboot after update?

I can access with both Firefox and IE11