Website with Malaware

Viruses and worms
1

Hello guys my website http://www.pronunciaciones.com is showing with avast that is with a malware therefore can’t access my admin page nor my website from google while avast is on. I disabled plug ins and erase any suspicious code from my website. After that I have submitted my url and reported the url as a false positive in order to be out of your blacklist. Also some users are complaining about this big issue. Any help would be appreciate it greatly. Thanks

2

https://securityheaders.io/?q=http%3A%2F%2Fwww.pronunciaciones.com%2F
https://securityheaders.io/?q=https%3A%2F%2Fwww.pronunciaciones.com%2F

Fixing guide for above: https://scotthelme.co.uk/hardening-your-http-response-headers/#server

https://www.virustotal.com/en/url/70b856b8554d09c45ee85ade2efbd3446849888a1a5892b07b3f1490363fec59/analysis/1466197301/

Suspicious Javascript detected: http://quttera.com/detailed_report/www.pronunciaciones.com
Please update Apache and any software/Frameworks in use if possible.

3

Hi Steven Winderlich,

For the suspicious code that you report as detected by Quttera’s, this seems an invalid bug, reported here: https://bugs.jquery.com/ticket/12341

4 domain health issues mentioned here: https://mxtoolbox.com/domain/www.pronunciaciones.com/

Probably an IP block, consider: https://www.scumware.org/report/107.180.28.113.html (riddled with malware).
Slowly website admins and website owners awake to the disadvantage of shared hosting by big bulk hosters. When you share an Ip address with many malicious websites you run the risk of being blocked by a general IP block, as might be the case here.
Final verdict is up to an Avast Team Member as they can exclude domains from a general IP block.
We cannot as we are volunteers with relevant knowledge and expertise, so we can only advise.

We also have to report issues with WordPress: WordPress Version
7.4
Version does not appear to be latest 4.5.2 - update now.
Misconfiguration: Warning User Enumeration is possible :o
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 None pericopericote
2 None patrick-el-teacher
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

polonus (volunteer website security analyst and website error-hunter)

4

A very good reason to keep that IP blocked :
https://www.virustotal.com/en/ip-address/107.180.28.113/information/
https://cymon.io/107.180.2.147

But the block is expected as it is GoDaddy shared hosting.

5

I already replied here: https://forum.avast.com/index.php?topic=127517.msg1319464#msg1319464

I removed the block on pronunciaciones.com :wink: However, as others pointed out, there have been a lot of malicious domains on the same IP recently, which might indicate a server security breach…