Website blacklisted, already been cleaned but Avast keeps detecting it

Hello, last week, due to an infection on my web hosting’s control panel, my website was infected by a malware and was blacklisted by many sites and software, including Avast.
However, after cleaning and erasing the whole VPS in which the web is hosted, to ensure that there is not any malware left, Avast keeps blocking the access to it just because it has PHP scripts (these are Wordpress, i also tried with a clean installation of Wordpress and the AV detected it).

Could you re-check my website and remove it from the blacklist? Thanks.

The website is http://piggamers.es/

P.S.: We are introducing an HTTPS SSL certificate soon to enforce our new security measures.

How to report >> https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

Your Word Press CMS version is outdated, please update.

Warning User Enumeration is possible

The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 None piggamers
2 None theraulxp
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

1 vulnerable jQuery library detected: https://retire.insecurity.today/#!/scan/4ad876a9115a892ba1ca1e53828be0a11eb476cae392acc84bd6c8971222619f

More issues - F-grade status and recommendations: https://observatory.mozilla.org/analyze.html?host=piggamers.es

Bitdefender still flags your site. Unblocking can only be performed by an avast team member,
we here are just volunteers with relevant knowledge. Wait for one to give a final verdict.

Also see: https://www.virustotal.com/#/domain/piggamers.es

polonus (volunteer website security analyst and website error-hunter)

Hi, thanks for your recommendations, we will change that as soon as possible.

Bitdefender has not been updated yet, as we removed the malware about 12 hours ago, we hope that it updates.

Also Norton and McAfee >> https://sitecheck.sucuri.net/results/piggamers.es/

Yep, and there is also this report for that IP: https://stopforumspam.com/ipcheck/94.177.240.50

and this

707: < /html> Content after the < /html> tag should be considered suspicious.

708: < !-- Dynamic page generated in 5.971 seconds. →
709: < !-- Cached page generated by WP-Super-Cache on 2018-03-07 23:07:47 →
711: < !-- super cache →

Bitdefender’s TrafficLight blocks this for instance: -alerts/malware/page_blocked.html?url=hxtp://piggamers.es/wp-json/

polonus

Hello,
URL will be unblocked in next Streaming update (~ 10 minutes).

Milos

Thanks for all your replies! Avast has already removed our website, and we’ve been updating some things already. While we implement the SSL certificate and apply the recommendations that polonus has given, I would like to thank you!

By the way, all the infected detections that you have been posting, except the Bitdefender one (that we don’t really understand because its a WP file, that is there since December), are because of these are cached results from yesterday or before, when the attack was present.

Google keeps detecting the site as suspicious, it would be superb if you could report a false positive on Chrome too :slight_smile:

Thanks!