bernhard Posted October 13, 2015 Share Posted October 13, 2015 today i got the following warning when visiting one of my processwire sites: i'm talking about the following site: http://www.scweissenkirchen.at any ideas why this warning could have appeared? i don't find anything suspicious in the code... does anyone else use 360 security (http://www.chip.de/downloads/360-Total-Security_69511987.html) and get this warning? thanks for your help! Link to comment Share on other sites More sharing options...
ryan Posted October 13, 2015 Share Posted October 13, 2015 Looking at your homepage, I don't see anything suspicious either. Whether in the code, the network requests or the cookies. You would of course want to check things out deeper into the site, but usually automated exploits target the homepage. It's possible that the EMO code at the bottom may be creating a false positive, as base64 encoded strings are often used in exploits. In this case it's a completely legitimate use of base64, but that particular scanner may not be smart enough to tell the difference and seeing it as a red flag. The message you got also said "site was reported as..." which might just mean someone reported it by mistake or as a grudge or something. To be on the safe side I would run the site through another scanner that actually analyzes the requests, responses and output. But seems like a good chance it's just a false positive. 1 Link to comment Share on other sites More sharing options...
OLSA Posted October 13, 2015 Share Posted October 13, 2015 Just checked with few online scanners and all everything is ok, except BitDefender checks (third on the list below). Here are some links: 1) safeweb.norton.com 2) virustotal.com 3) trafficlight.bitdefender.com/info?url=[your url] 2 Link to comment Share on other sites More sharing options...
pwired Posted October 13, 2015 Share Posted October 13, 2015 Look for (hidden) iframes 1 Link to comment Share on other sites More sharing options...
Jeroen Posted October 13, 2015 Share Posted October 13, 2015 Quite some scanners: http://www.urlvoid.com/ 2 Link to comment Share on other sites More sharing options...
ryan Posted October 13, 2015 Share Posted October 13, 2015 Just checked with few online scanners and all everything is ok, except BitDefender checks (third on the list below). BitDefender doesn't actually send out a request to the site, they are just reading from someone else's database–likely the same one as 360. No hidden iframes that I can find except for those coming from Facebook and AddThis (and there are plenty of those). The Facebook and AddThis scripts are kind of hogs, so you might see someday if you could replace any of those functions with Soma's SocialShareButtons module, which is really nice. 1 Link to comment Share on other sites More sharing options...
bernhard Posted October 13, 2015 Author Share Posted October 13, 2015 thank you all for your suggestions! i know there are lots of iframes coming from facebook & addthis... as the budget was really low i wanted to keep things really as simple as possible (for me). i have those scripts on other websites without any problems though Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now