This shows for every page on each site across the domain.
Google webmaster tools, avg and norton do not show any issue. Ive run the site through several security scanners and they say its clean.
Obviously Im concerned, but Im wondering if this may be an avast false positive ? I want to investigate as I dont want to ignore it an the problem get worse and I get deliested by Google as that will be expensive to me.
I have no proof either way really but am concerned. I was inquiring to see if anyone could offer any adice to swing me either way as I dont want to jump in and spend endless hours on the server and site if its a false positive, but conversely I dont want to be band by Google if I ignore the warning.
So what happens when you submit a false posive report ? I submitted a few days back now and it still appears Im blacklisted. No other anti virus or search engine inclusiding google is blocking my site. Avast is makeing me loose customers and income.
Thankyou so much for your help, Im sure you appreciate that times like this can be rather stressfull when your site income depends on all possible customers reaching your site.
The avast alert was for hxtp://www.whitbyseaanglers.co.uk/wp-includes/wp-mail.php
Code hick-up ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=3.6.1 benign
[nothing detected] (script) ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=3.6.1
status: (referer=wXw.whitbyseaanglers.co.uk/wp-includes/wp-mail.php)saved 92629 bytes ae49e56999d82802727455f0ba83b63acd90a22b
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
suspicious:
Read how your site might have been infected: http://digwp.com/2009/06/xmlrpc-php-security/
Core code from WP is mostly secure and updated regularly against insecurities and vulnerabilities,
but there are many plug-ins and extemsions for WP that are less secure and may be vulnerable.
The xmlrpc-php-security issues should be taken up with your hoster as these are web server attacks.
See code
46:< link rel=“EditURI” type=“application/rsd+xml” title=“RSD” href=“htxp://www.whitbyseaanglers.co.uk/xmlrpc.php?rsd” />
47:< link rel=“wlwmanifest” type=“application/wlwmanifest+xml” href=“htxp://www.whitbyseaanglers.co.uk/wp-includes/wlwmanifest.xml” />
There is also an issue with this backlink: https://www.eff.org/https-everywhere/atlas/domains/vimeocdn.com.html
see:
GET /p/flash/moogaloop/5.5.0b29/moogaloop.swf?clip_id=62537288 HTTP/1.1
Host: a.vimeocdn.com
HTTP/1.1 200 OK
Content-Type: application/x-shockwave-flash
If you cannot trace this: administrator/plugins/system/pc_includes/ajax_1 2.js%7C%3E%7Bgzip%7D|>{ gzip} then you are not affected by what avast flags,
else your site was maliciously hacked and infested with an image hack. If you are free of this you can file a FP report,
Sorry to be a pain, I already logged false positive and they emailed me back saying - “It’s detected due to this: whitbyseaanglers.co.uk /wp-includes/wp-mail.php%7c%3e%7bgzip%7d”
However when I look on my server that file does not exist.
Please could you help me by advising where I find that. Is it in public_html/wp-content/plugins or is it somewhere else because I dont know where to find administrator/plugins/system/pc_includes
Right guys Ive spoken to a lot of people including wordpress. They say this is false positive. I am beginning to get a little angry now as this has rumbled on for over a week and we are no further forward. Avast are costing my customers and Money. This is the latest response from a moderator at Wordpress support
I am saying I don't show you hacked and neither do 8 other sources according to Securi.
If Avast is the only one showing a problem then they are better than all the rest or it is a false positive.
Please can you advise on how to move forwards please.
This seems like your site was hacked (usually through outdated WP, link seems like a part of blackhole ) but now it seems to be clear so I changed detection and it should be OK in next VPS