False Positive - site aborted by Web Shield - JS:Decode-CID[Trj]

[edward183]

Hello,

I am website security expert and have a forum site that focuses on website security that is being incorrectly aborted/blocked by Web Shield.  This is a false positive that needs to be corrected in Avast so that any visitors to my website are not blocked/aborted from viewing my site.

Steps to reproduce the false positive block/abort:
Visit my website:  https://forum.ait-pro.com/activity/
Enter this search term in the search text box located at the top right side navigation bar:  admin-ajax.php
Select both Search Filters checkboxes:  Show Topics only and Show Topics & Replies
Click the Search button.
You should see the Avast Web Shield popup.

Edit|Update: I just found your False Positive submission form and have submitted a false positive form request.

[Pondus]

Something to fix

https://retire.insecurity.today/#!/scan/0b61e9db65f4faea1f1936e11e5085689223e4148e3c9a400c14d49bb907aba5

[edward183]

Interesting since that would mean WordPress itself has these issues and not my particular website since I am using the bundled libraries that come with WordPress. I think the warnings are probably overly picky/cautious and does not mean that anything actually need to be "fixed". Anyway that issue probably wouldn't have anything to do with the false positive from Avast or maybe Avast is also being overly picky/cautious. Doubt that is what is going on though.

Got to say the CAPTCHA feature in this forum is pretty bad. You can hardly read the letters and when you request to listen for the CAPTCHA you can barely hear the audio.  I don't know who came up with the ridiculous concept of making CAPTCHA's unreadable to humans. I created a CAPTCHA in my software that is human friendly that does not do anything retarded like obfuscating the letters/images because that concept is totally ridiculous and unnecessary.  My CAPTCHA has been 100% effective at stopping all Bots for over 8 years now > https://www.ait-pro.com/wp-login.php

[edward183]

Oops my bad. jQuery is responsible for fixing the vulnerabilities in their libraries.  So yeah not me, not WordPress, but jQuery needs to fix those things.

[Pondus]

Anyway that issue probably wouldn't have anything to do with the false positive from Avast or maybe Avast is also being overly picky/cautious. Doubt that is what is going on though.

I am not saying that is the reason for avast detection, just gave you info found online and only avast lab can answer why they detect ....

Got to say the CAPTCHA feature in this forum is pretty bad.

Forum spam protection, if you have problems then so does the spammers 

Only first 3 posts so you are done now   

[edward183]

Yeah I got that you were just pointing out some issues that need to be fixed.

Well on my site the CAPTCHA that I created is user friendly.  So humans have no problems at all and spambots and hackerbots are blocked 100%.  That makes a lot more sense to me.  Human spammers and hackers of course only make up 1% of all spamming and hacking.  99% of spamming and hacking is automated with bots.

[polonus]

I get a page OK, managed by puppet

But quite some vulnerabilities where the hoster is concerned:
https://www.shodan.io/host/173.201.92.22

Clean according to VT: https://www.virustotal.com/gui/url/3b322966d6345b95609295132d16d77c470e326475712a0c527f388aa659fdde/detection

Error -> https://urlscan.io/result/9c004210-dd45-43ec-b9b1-891389bb5b66/json

polonus