1

Hello,
I have clean up my website portalcienciayficcion[.]com and now it’s free of viruses. However, Avast still warms about an infection if you try to visit it. How can I solve it, please? Can I ask for a review somewhere? Thanks in advance!!

2

avast doesn’t warn about it being infected.
URL:Mal means the domain and/or IP is blocked or it has a link to one or more blacklisted websites.

Running scans at the moment, but first scan already shows that you are using outdated software which is a security risk.
https://sitecheck.sucuri.net/results/www.portalcienciayficcion.com

3

Website shows up different code to Google as Googlebot, that is suspicious and called cloaking: http://isithacked.com/check/http%3A%2F%2Fwww.portalcienciayficcion.com%2F (52 bytes difference).

SRI hashes not generated B-status: https://sritest.io/#report/ea972b33-456a-4b99-b45b-2ad2931296f4

And then this: http://retire.insecurity.today/#!/scan/3406a6bb382f55c11855c888ded3cc8fdc6f0a8abb4c353b4db69e008c593df8
About this particular script I wrote recently - XSS-Dom attack vulnerable: https://forum.avast.com/index.php?topic=204977.msg1406113#msg1406113 - could be because you used something like this: https://www.w3schools.com/tags/tryit.asp?filename=tryhtml5_input_type_hidden

In your website’s case, these were not shown: Rover Curiosity.jpg and Blade runner.jpg, that is all we know.

polonus

4

Browser difference and other things :
https://www.websicherheit.at/website-malware-viren-scanner/?url=www.portalcienciayficcion.com

Blacklistings :
http://urlquery.net/report.php?id=1499184387908
https://www.virustotal.com/en/ip-address/62.149.140.146/information/

65(!) suspicious files :
https://quttera.com/detailed_report/www.portalcienciayficcion.com

My advise is to start solving the jquery issue and get dedicated hosting to start with.

5

Hi portalcienciayficcion,

I would like to join Eddy here on his advice, we both come to the same conclusions.

Fully update and patch and retire the vulnerable code library and indeed get dedicated hosting.

polonus

6

Just skimming over the links, I stumbled upon errors here: hxtp://www.portalcienciayficcion.com/modules/mod_yoo_search/mod_yoo_search.js

error: line:3: SyntaxError: missing ; before statement: error: line:3: * Copyright (C) 2007 - 2009 YOOtheme GmbH */ eval(function(p,a,c,k,e,d){e=function(c){return(c35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c error: line:3: ^
Vulnerability exploit could be targeted. Theme code has been hacked badly in the past (2016): https://yootheme.com/support/question/102557 could be PHISHING with script not flagged.

polonus

7

Glad you cleaned it up. I am unblocking portalcienciayficcion[.]com, but please do follow others’ advice so you are less likely to be targeted (and blocked) in the future.