My website, BraunforPresident.US, has been wrongly blocked from Avast. Help us.

[REDACTED]

http://braunforpresident.us/ has been blocked.  Please note we have checked with several anti-virus/malware websites, and all of them found our website to be completely free of such viruses.  Please let us know if there is anything we can do to assist you to get our website unblocked. 

[Pondus]

Report a URL  >  https://www.avast.com/report-a-url.php

Contact avast  >  https://support.avast.com/support/tickets/new

[HonzaZ]

This was blocked due to infection long ago - I hope it has since been healed, so I am unblocking it now

[Eddy]

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   worker   worker
2   Harry Braun   harryb
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Vulnerable Library used :
http://retire.insecurity.today/#!/scan/f370b1bed65b8c4ef406cbbdbff5f3d9c50ba6eb7ead625de9b5de1edfc2bbde

Really bad IP history :
https://www.virustotal.com/en/ip-address/107.180.40.107/information/

Over 10.000(!) blacklisted urls on that ASN :
http://sitevet.com/db/asn/AS26496

Things to do :
1] Step away from shared hosting and GoDaddy
2] Fix the vulnerable library problem
3] Setup Wordpress more secure

[REDACTED]

This was blocked due to infection long ago - I hope it has since been healed, so I am unblocking it now

Thank you very much for unblocking. We are investigating the links that were provided to find out how to prevent this again.

[polonus]

Hi hb3,

Eddy covered most of the insecurity aspects of that web site's configuration, also please consider following results:
F- and E-Status: https://observatory.mozilla.org/analyze.html?host=braunforpresident.us
Server header info proliferation (make your server talk less loud, please): Apache/1.3.27 Unix mod_python/2.7.8 Python/2.2.2 mod_webapp/1.2.0-dev mod_perl/1.28 mod_throttle/3.1.2 PHP/4.3.2 FrontPage/5.0.2.2510 mod_ssl/2.8.14 OpenSSL/0.9.7c
see: http://toolbar.netcraft.com/site_report?url=http://braunforpresident.us

SRI-hashes issues: https://sritest.io/#report/51e593ed-0d69-427e-93be-7ae1f3b323c5

IDs-tracking issue: 60% of the trackers on this site could be protecting you from NSA snooping. Tell braunforpresident.us to fix it.

Identifiers | All Trackers
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

 -cdnjs.cloudflare.com __cfduid *
bde08af499bc3f85de0006d59884708e  -braunforpresident.us phpsessid

* increased insecurity because <link rel="stylesheet" id="fontawesome-css" href="-http://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.1.0/css/font-awesome.min.css?ver=4.6" type="text/css" media="all">   has Missing SRI hash.

 Tracking IDs could be sent safely if this site was secure.
 Tracking IDs do not support secure transmission.

page meta-security headers were not set secure for content-security-policy and for cache-control.

cookie security options set OK.

polonus (volunteer website security analyst and website error-hunter)