im getting clients that cant login to the controlpanel any more any idees why? URL: https://xxxxx/themes/default/assets/favicon/site.webmanifest Reason: G DATA WebProtection has blocked access to this website as it contains infected code. to me it looks nothing special themes/default/assets/favicon/site.webmanifest Code: { "name": "ISPConfig", "short_name": "ISPConfig", "icons": [ { "src": "/themes/default/assets/favicon/android-chrome-192x192.png", "sizes": "192x192", "type": "image/png" }, { "src": "/themes/default/assets/favicon/android-chrome-512x512.png", "sizes": "512x512", "type": "image/png" } ], "theme_color": "#cc151c", "background_color": "#cc151c" }
Never heard of "G DATA" offhand, but a quick search finds info, like the first hit here which says you can disable it or add an exception, with links for the settings to use: https://help.gdatasoftware.com/b2c/GDAV/2013/en/index.html?141.htm
I also never heard of it. i just wonder why it gets triggert by that page So people that is using it dont get this alert
You would have to look into that app more or contact them to find out specifically what triggers the false positive. Or I suppose just edit the file and find it by trial and error if you're really curious.
Im getting all more reports see below https://www.virustotal.com/gui/url/...ac877a07140bc0f765a842bc4f87d257d4d/detection i checked with rkhunter. nothing odd Any idees how to find out what is going on?
This post is about a virus scanner on your client system which falsely identifies one of the theme files as malicious, using rkhunter or any other scanner on the server isn't going to help with that. Refer back to the suggestions above.
