Bonjour,

j’administre un site web qui est injustement black listé par Avast.
Le site est hébergé sous WordPress.
j’ai tout vérifié, désactivé tout les plugins, supprimé tout les plugins (pour être sur) et rien y fait.
J’ai revu les sources pour être sur que rien d’anormal ne s’y cache et quoi que je fasse, toujours le même constat, Avast bloque le chargement.

Le site est le suivant : http://www.atelier-creation.fr

j’ai effectué quelques tests afin d’être sur :

UrlQuery : http://urlquery.net/report.php?id=1477819150837

VirusTotal (url) : https://www.virustotal.com/en/url/f74fa73ec33b925d25b8df32d18dfaf187f556a08fae4b7e8ed3ef83288adaca/analysis/1477819478/

VirusTotal (Information IP) : https://www.virustotal.com/en/ip-address/217.147.195.215/information/

Website Malware : https://www.websicherheit.at/website-malware-viren-scanner/?url=www.atelier-creation.fr

Insecurity : http://retire.insecurity.today/#!/scan/0e1238427e66e51666b20f80fc67788760e05b4117b06fea08875481c9f2a0e1 (bon au moins celui la m’aura appris que j’ai une vulnérabilité sur une librairies jQuery, je vais y travailler, mais ce n’est pas non plus un malware pour l’internaute…)

Zscaler : http://zulu.zscaler.com/submission/show/01f33d4b9ec0f387db274fad305e4974-1477819822 (Quelques points a améliorer, j’en prends conscience, mails il n’est pas malicieux pour autant).

De plus, ce problème n’est pas nouveau mais je le pensais résolu depuis le temps.
A l’époque (le site était auto hébergé mais ce n’est plus le cas) j’avais fait l’essai en prenant un second domaine dirigé vers le même serveur, et donc le même site, et Avast ne disait rien, aucun blocage, preuve pour moi que le blocage n’était pas du au site mais plutôt à un blocage “historique”.

Pouvez vous m’aidez, c’est un site professionnel et ce blocage à une incidence sur la fréquentation et donc sur la clientéle.
Je n’irais pas jusqu’à dire qu’il y’a un préjudice financier mais…

Merci d’avance pour votre aide.

Browser difference :
https://www.websicherheit.at/website-malware-viren-scanner/?url=www.atelier-creation.fr

Phishing and malicious (on that ASN) :
http://urlquery.net/report.php?id=1477821601010

Malicious (link to blacklisted domain ) :
https://quttera.com/detailed_report/www.atelier-creation.fr

Vulnerable library :
http://retire.insecurity.today/#!/scan/1be5261a9cb828a37f27a9361d6fca439a395468bff532739658efb8f6ed8403

Wordpress issue :
Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.
ID User Login
1 None gawindx
2 None h-perrot

Advise :

• Fix the issue with the vulnarable library
• Fix the Wordpress issue
• Remove the link to the blacklisted domain
• Get dedicated hosting

OK and thank you

Concerning the remarks:

• Malicious link: deleted
• Enumeration of users: Problem fixed, “.htaccess” is my friend
• Library Vulnerability: I tested all versions since 1.4.1 and all have the same vulnerability (more more …) so I would stay on the most recent version is the one supplied with Wordpress 4.6
• Difference between browser: The first page is dynamic, so it’s normal that the page does not have the same size with 2 successive requests
• Dedicated hosting: can not change (I do not manage that part of the structure) and I do not see why a site should be penalized because others of the same host are not serious. In France it’s called racism.

It is not called racism and it has nothing to do with it.
It is called security/protecting the users.

so I would stay on the most recent version is the one supplied with Wordpress 4.6

I see my very ironic humor does not always happen.

When I say that it’s “racism” I implies that block all sites hosted by the same server under the pretext that one is bad is not safety, is discrimination.
Security would be to analyze the site instead of using a blacklist at each visit; it would be longer but safer because if a site is not yet listed there could be visited while with a Blacklist is allowed the visit as we do not know that we should not go there and even with regular updates, will have one period of time between infection and diffusion.

Regarding the version of jQuery, the 1.12.4 version is the most recent version supplied with the latest version of Wordpress but actually it’s not the latest version of the library.
I forced version 3.1.1 and the site loads correctly, so I am willing to leave it in place => http://retire.insecurity.today/#!/scan/f94d5adfccdc3c9447c57322493a963ab2f56e2bbbc51bd467ba879aae3de9ac

Now the only outstanding point concerns hosting and this will not change for now.

What should I to do now for that the site is no longer blocked by Avast ??

I administrator a website that is unfairly blacklisted by Avast. The site is hosted by WordPress. I have everything checked off all plugins, deleted all the plugins (to be sure) and nothing there. I reviewed the sources to be sure that nothing abnormal and what it hides what I do, always the same conclusion, Avast blocking loading.

The site is the following: hxxp://www.atelier-creation.fr

Hello

Reported to vírus Analist

Hello and thank you.

Now wait and see

This domain was blocked due to suspected DNS hijack / malware at bandinisvbyv.atelier-creation[.]fr. We do not block domains just because wordpress / jquery is outdated, or we would have to block half the internet :). Furthermore, we do not block just because someone uses shared/dedicated hosting. In other words, we do not block preemptively, we only block when we see signs of actual infection. (Of course false positives might happen, but that is a different story. :-X)
What Eddy means is that dedicated hosting gives you MUCH bigger power in battling potential abuse / infections.
I unblocked it now, as I do not see anything malicious coming from it lately

Next to what HonzaZ said, dedicated hosting also prevents that you get victim of a IP block if there are a lot of bad neighbors as can happen with shared hosting.

In my opinion commercial companies should not take the risk of missing out revenues due to shared hosting.

Yup, that is part of what I meant (even though I did not type that out). If you have a dedicated hosting, there is a (non-zero) chance that through one domain, all other domains will become infected, and then we have to block whole IP. Not to mention you can update server apps, such as PHP, whenever you feel like.

Hello and thank you to all of you worked to help me.

Without controversy or debate, I would like to clarify some points.

I work on this site volunteer for my wife’s family at the base to help. The site was originally self-hosted, but because of the distance (300km) and the evolution of the business, site management has been entrusted to a “friend”, supposedly professional, who is proved unreliable and not serious. Therefore, I take back the site management and I recovers its mistakes and technical choices (including hosting) not always wise.

I know that the blocking reasons are not as futile as a version of JQuery or using a shared hosting.

If I react this way regarding shared hosting is that the literal French translation for “Get dedicated hosting” is not an advice but an order, which made me rebel me.

I hear your comments about this type of hosting, both for the shared risk, and for the fact of not manage software changes but I will not change my opinion about the merits of a blacklist because I consider this is an easy solution that often reveals unfair and lacks responsiveness but I understand that this technical choice could be made to ensure the best possible protection to the standard end user.