Author Topic: False Positive: Site Blocked - HTML:Script-inf  (Read 10330 times)

0 Members and 2 Guests are viewing this topic.

Offline a.vagamundos

  • Newbie
  • *
  • Posts: 9
False Positive: Site Blocked - HTML:Script-inf
« on: May 27, 2023, 02:43:20 PM »
Avast is blocking our website wxw.vagamundos.pt claiming that it is infected with HTML:Script-inf[Susp].

We believe it is a false positive because our website is monitored 24/7 by Sucuri (premium account) and all the reports say that it is clean of malware.
We also checked for virus in several websites and all of them show that the site is not infected/blacklisted:

https://www.virustotal.com/gui/url/9cc4af13183fbbff4724da3174298b7d27eea4d8e4cf76c69ef37c400ea84c2c?nocache=1
https://labs.sucuri.net/blacklist/info/?domain=vagamundos.pt
https://www.siteadvisor.com/sitereport.html?url=vagamundos.pt
https://yandex.com/safety/?url=vagamundos.pt&l10n=en
https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fwww.vagamundos.pt%2F

We already filled a report yesterday at https://www.avast.com/false-positive-file-form.php but we got no feedback.

Since we work in the tourism sector weekends are usually very busy and many readers of our site are reporting that they cannot access our website, and that is hurting our brand image and company profit.

Can someone here helps us checking these false positive issue and help us with the site unblock? 
Thank you so much for your time.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37526
  • Not a avast user

Offline a.vagamundos

  • Newbie
  • *
  • Posts: 9
Re: False Positive: Site Blocked - HTML:Script-inf
« Reply #2 on: May 27, 2023, 03:55:51 PM »
Thank for your help. The Suspicious Inline Script is from WP Rocket plugin, a very popular plugin:
class RocketLazyLoadScripts{constructor(){this.v="1.2.3",this.triggerEvents=["keydown","mousedown","mousemove","touchmove...

We have Sucuri premium monitoring the site and I runned another scan and it keeps showing no issues, even on server side (print screen in attach). Therefore it seems a false positive to me.


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: False Positive: Site Blocked - HTML:Script-inf
« Reply #4 on: May 28, 2023, 07:02:53 PM »
Still website will kick up a 404 error and cannot be scanned:
hxtp://vagamundos.pt/.git/HEAD
This is  being flagged at Sucuri's.
Read:
httpss://serverfault.com/questions/128069/how-do-i-prevent-apache-from-serving-the-git-direc

polonus
« Last Edit: May 28, 2023, 07:15:59 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline a.vagamundos

  • Newbie
  • *
  • Posts: 9
Re: False Positive: Site Blocked - HTML:Script-inf
« Reply #5 on: May 28, 2023, 09:20:37 PM »
Thanks a lot for your help. I read the info you send me and for what I understand the only page that Sucuri can´t read in the sitecheck page is the .git/HEAD (it even shouldn´t try to read it in the first place). Like I mentioned I have Sucuri Pro monitoring my site and I have no errors scaning the site or warnings at all.

Anyway I´m going to follow your tip and try to prevent apache from serving the .git directory. Hopefully it works.
Once again thank you for your help.

Offline a.vagamundos

  • Newbie
  • *
  • Posts: 9
Re: False Positive: Site Blocked - HTML:Script-inf
« Reply #6 on: May 29, 2023, 01:26:59 PM »
Just to give some feedback: Avast team already confirmed that it was a false positive and cleared the reputation on their database and therefore the site is not blacklisted anymore. I really apreciate the efforts of the ones who tried to help. Thank you guys!