litespeed_ui_events=

  • Resolved jtg

    (@favdes)


    3 years, 1 month ago

    Hello,
    We have recently discovered that our site is being listed as infected on a number of virus scanning sites.

    When we put our URL into https://www.siteguarding.com/ it comes back with an ‘infection’

    1. JavaScript virus injection Reason: encoded data:text/javascript Code: script>const litespeed_ui_events=[“mouseover”,”click”,”keydown”,”wheel”,”touchmove”,”touchstart”];va

    This isn’t listed as an issue if we disable the Litespeed Cache plugin however we would like to keep this active for obvious reasons.

    Has anyone else experienced this?

    Many thanks

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Support qtwrk

    (@qtwrk)

    3 years, 1 month ago

    by any chance , did you enable JS delay ?

    Thread Starter jtg

    (@favdes)

    3 years, 1 month ago

    Hello,

    Thank you for getting back to me.

    I checked the settings in ‘Page Optimisation’ | ‘JS Settings’ and we were using the ‘Advanced’ preset so the settings were:

    JS Minify – On
    JS Combine – Off
    JS Combine External and Inline – Off
    Load JS Deferred – Deferred

    I then disabled all of those, cleared the cache and tried again but the same issue was being reported.

    I then tried some more and applied the ‘Basic’ preset. The error wasn’t reported then so it appears that there is a difference between the ‘Basic’ and ‘Advanced’ presets that is causing the issue.

    Kind regards

    Plugin Support qtwrk

    (@qtwrk)

    3 years, 1 month ago

    please try the Guest Mode and Guest Optimization in General page , see if it’s related

    Thread Starter jtg

    (@favdes)

    3 years, 1 month ago

    Hello,

    Thank you for getting back to me. I tried turning both of those settings off and tried the scan again but then received more ‘infected’ alerts, including:

    JavaScript virus injection Reason: encoded data:text/javascript Code: script type=”text/javascript” src=”data:text/javascript;base64,alF1ZXJ5KGZ1bmN0aW9uKCl7alF1ZXJ5LmFqY

    JavaScript virus injection Reason: encoded data:text/javascript Code: script type=”text/javascript” src=”data:text/javascript;base64,alF1ZXJ5KGZ1bmN0aW9uKCl7d2luZG93LkZvc


    Very odd!

    Plugin Support qtwrk

    (@qtwrk)

    3 years, 1 month ago

    these are false-positive alert , the Guest Optimization and JS delay will convert javascript to data URI , which is what you have seen in above

    Thread Starter jtg

    (@favdes)

    3 years, 1 month ago

    Yes I understand that but the site is getting flagged as infected by five different sites so I need to be able to remove this somehow. What changes can I make to Litespeed in order to remove these please?

    Plugin Support qtwrk

    (@qtwrk)

    3 years, 1 month ago

    as far as I know , only Load JS Deferred ,Guest Mode and Guest Optimization should do this

    all these three are OFF ? and please do rememebr purge all after you made change.

    Thread Starter jtg

    (@favdes)

    3 years, 1 month ago

    Hello,

    I have set ‘Load JS Deferred’ to ‘Disabled’ and ‘Optimise for Guests Only’ to ‘Off’. The virus scan is now coming back with just one error: JavaScript virus injection too many %

    Is there anything that I can do to remove that issue do you know?

    Thank you for your help so far.

    Plugin Support qtwrk

    (@qtwrk)

    3 years, 1 month ago

    I can’t think of other option that could possibly lead to this

    how does it go with default setting ?

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘litespeed_ui_events=’ is closed to new replies.