Hello, last week, due to an infection on my web hosting’s control panel, my website was infected by a malware and was blacklisted by many sites and software, including Avast.
However, after cleaning and erasing the whole VPS in which the web is hosted, to ensure that there is not any malware left, Avast keeps blocking the access to it just because it has PHP scripts (these are Wordpress, i also tried with a clean installation of Wordpress and the AV detected it).
Could you re-check my website and remove it from the blacklist? Thanks.
Your Word Press CMS version is outdated, please update.
Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.
ID User Login
1 None piggamers
2 None theraulxp
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Bitdefender still flags your site. Unblocking can only be performed by an avast team member,
we here are just volunteers with relevant knowledge. Wait for one to give a final verdict.
Thanks for all your replies! Avast has already removed our website, and we’ve been updating some things already. While we implement the SSL certificate and apply the recommendations that polonus has given, I would like to thank you!
By the way, all the infected detections that you have been posting, except the Bitdefender one (that we don’t really understand because its a WP file, that is there since December), are because of these are cached results from yesterday or before, when the attack was present.
Google keeps detecting the site as suspicious, it would be superb if you could report a false positive on Chrome too