garywang 0 Posted June 12, 2023 Posted June 12, 2023 Hello Recently I got some reports by our site users that ESET is blocking there access to our website. I use beyond compare to compare website scripts with local scripts, it is totally same. The site was scanned with different websites and there are not showing any of those issues. HTML/ScrInject.B trojan Blocked address (maybe): hxxp://www.mynoteskeeper.com/hxxp://www.mynoteskeeper.com/.well-known the .well-known contain a acme-challenge folder and no any file. How can we solve this issues ?
Administrators Marcos 5,468 Posted June 12, 2023 Administrators Posted June 12, 2023 I was able to open the website alright, nothing was detected or blocked. Please provide logs collected with ESET Log Collector.
garywang 0 Posted June 12, 2023 Author Posted June 12, 2023 Thanks for your reply, please check attachment. eis_logs.zip
Administrators Marcos 5,468 Posted June 12, 2023 Administrators Posted June 12, 2023 There is a loader that loads a php from cdn.jsinit.directfwd.com, please remove it.
garywang 0 Posted June 13, 2023 Author Posted June 13, 2023 Thanks your reply, I pause ESET protection and find this script. But I search my website and not found this script code, how to find and remove it?
Administrators Marcos 5,468 Posted June 13, 2023 Administrators Posted June 13, 2023 It appears that the script is served when 403 is returned by the server. Note that it's compressed with gzip so you can't find by searching for the link:
Solution garywang 0 Posted June 13, 2023 Author Solution Posted June 13, 2023 wow! thanks very much for your help. I found any address return 403 or 404, it has the same problem in response. I change .htaccess these line can avoid it ErrorDocument 403 /err/403.htm ErrorDocument 404 /err/404.htm But I still no way to solve it completely.
Recommended Posts