Author Topic: BTCpay False Positive  (Read 3064 times)

0 Members and 1 Guest are viewing this topic.

Offline Witza

  • Newbie
  • *
  • Posts: 3
BTCpay False Positive
« on: January 09, 2023, 10:39:46 PM »
My BTCpay server (Bitcoin Invoice Server, self-hosted) has been running for months.  Last night my Avast Webshield flagged it as PHISHING URL.  I sent a report last night (13 hours ago). This morning it was still blocked.  Making an exception doesn't help me because this is about paying customers who get invoiced through the BTCpay server. 

So I changed the domain on the BTCpay server, which I thought would immediately fix the problem. Within 5 minutes it got flagged again and blocked. This is just unacceptable.  It's a standard BTCpay server with nothing changed on the index page which should trigger a shield block.

Original domain pay.witza.com   Then changed to btcpay.witza.com. 

I realized I did have on the invoices a separate CSS on my other domain.   Since it was an external CSS I figured that had to be the cause.  So once again, I change the domain of the btcpay server to pay.hackforums.net.  All was good, then 30 minutes later, BLOCKED again.

I'm livid right now. I've wasted 3-4 hours on this.  This is my money avast is screwing up. I have income I am losing. 

I expect a fast response.  A report was done on all 3 domains.

Offline Witza

  • Newbie
  • *
  • Posts: 3
Re: BTCpay False Positive
« Reply #1 on: January 10, 2023, 01:58:34 AM »
Great, now my checkout page is being flagged too as "HTML:Script-inf [Susp]". 

I need this false flag fixed. 

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88132
  • No support PMs thanks
Re: BTCpay False Positive
« Reply #2 on: January 10, 2023, 02:52:20 AM »
Nothing found here - https://www.virustotal.com/gui/url/ccdbb2168b5c167c1f32f4ebf52cedbd8a91eb644b28963658c8ae4dc195cd03?nocache=1
However the Links show going to - hxxps://wxw.cloudflare.com?utm_source=challenge&utm_campaign=m  Now this could be quite normal, but I have seen issues like this being considered suspicious.

Some security issues reported here - https://en.internet.nl/site/pay.witza.com/1864481/

Webpage Security Score F - https://snyk.io/test/website-scanner/?test=230110_AiDcKD_W7&utm_medium=referral&utm_source=webpagetest&utm_campaign=website-scanner
Recently-discovered vulnerabilities on the Snyk database:

I don't know if this would contribute to the detection or not.

You can use the - Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.
In the information you give I would suggest giving a link back to this topic.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.9.6082 (build 23.9.8494.792) UI 1.0.781/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Witza

  • Newbie
  • *
  • Posts: 3
Re: BTCpay False Positive
« Reply #3 on: January 16, 2023, 09:55:15 PM »
They removed it after about a week. Finally got it sorted.

Then within 48 hours it was flagged again as Phishing.  WTF. 

Losing money on this and need it fixed asap.  It's a DAMN INVOICE SYSTEM THAT'S ALL OVER THE WEB. There is no PHISHING. 

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88132
  • No support PMs thanks
Re: BTCpay False Positive
« Reply #4 on: January 16, 2023, 10:21:40 PM »
Have you investigated the security issues reported by other security checking site I gave, e.g reporting it to pay.witza.com.

These vulnerabilities could be exploited resulting in further detections.

Of course you can report it again and I suggest that you give a link back to this topic as it is likely to contain more information than using the report form.

Before shooting the messenger, I'm an Avast user not an Avast Team member.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.9.6082 (build 23.9.8494.792) UI 1.0.781/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security