Hi,
Just joined so hope you'll bear with me
Is there any way to diagnose why my site bell-tower.org.uk has a poor web reputation? The site itself seems completely clean but SiteAdvisor blocks it, apparently only because it has a poor Trustedsource web reputation, which causes it to be classified as malicious. Have tried various checkers - Google, urlquery.net etc, and these give the site the all clear; only Sucuri SiteCheck says "Site blacklisted, malware not identified", which doesn't exactly help me much (and may be derived from Trustedsource data anyway? Don't know).
I have already raised a ticket and hope to get the blacklisting lifted soon. In the meantime is there anything else I can do to diagnose the problem, or is it just a false positive?
TIA!
David.
Hello David and welcome to the Forums!
Thus far, all I can find is what Trusted Source is showing which dates back to approximately July 16th; Nothing else really jumps out at me. The hosts-file.net site indicates your website "failed to resolve", but does not display a red warning about it.
Since you have already submitted a ticket to the SA staff, they will further advise you once they've been able to conclude testing of your website...which can take a little more time than expected, given the large number of websites they test every day. We do have some more knowledgeable Moderators and members here who may drop by to offer you their respective input. You can always email SiteAdvisor support to check on the status of your ticket. (I would give it at least 5 days before inquiring).
Message was edited by: spc3rd on 7/26/13 3:45:43 PM EDTHi Pete,
Many thanks - as far as I can tell the site is completely innocuous (it's just a few manually coded (and W3C verified) HTML pages with a couple of harmless bitsof Javascript and I've been running it for over 7 years now). Links to it from Facebook were suddenly inexplicably blocked a few months ago and I ran a few tests then. It was only today when a colleague with SiteAdvisor on his laptop noticed that it as blocked that anything has been flagged up.
Tried hosts-file.net and it gave the site a clean bill of health for me (well it said it was not on their list, and I think no news is generally good news). Also ran it through VirusTotal which shows 30+ sites saying it's clean and and a handful without a rating, no problems found.
So all I can guess is that this is likely to be a false positive - it's just a pity the algorithms used by TrustedSource are so obscure so it's really hard for the webmaster to diagnose a poor rating (I noticed a link to a white paper on this but this doesn't work now)!
Many thanks,
David.
You're quite welcome, David!
It sounds like you have a reasonably good handle on places to check your website for abmormalities. The SA staff should be able to clarify things further and in the interim, perhaps one of our other more knowledgeable people, such as, Moderator Hayton may drop by if they have any additional information to provide you with.
...and I've just entered the full URL (including the address of the actual server which hosts the site, rather than my domain) into SiteAdvisor and this comes up completely clean. All this is increasingly pointing to a false positive, I'd say. Let's see what the McAfee folks come up with.
David.
I've been monitoring the thread but didn't have anything new to contribute. @dneale123, you've run the same basic checks that I already did. Nothing to report.
Something you said in your previous post
HTML pages with a couple of harmless bitsof Javascript
rang a bell (sorry, pun not intended) so I bypassed the warnings and went to the site in Chrome, then opened up the Javascript console to have a look. I see nothing in the page code that looks out of the ordinary, on any of the pages I looked at.
However, there were two errors in the console relating to Google Analytics and to the Twitter widget (see below). First, I didn't see any Twitter logo on the home page; and second, there was a discussion a while ago about a re-styled Twitter logo which was being delivered via an iframe. SiteAdvisor doesn't like iframes, so I wonder if that's causing some of the problems that are being reported today? As for Google Analytics, it has caused problems in the past on some sites, but the blame for that was largely placed at Google's door. I don't know if that is relevant here.
I checked AdBlock and Abine's DoNotTrackMe for the main page and each of them was blocking a script for Google Analytics and for Twitter. After I suspended the blocks I saw new blocks of javascript in the console and yes, the Twitter badge is apparently being delivered via an iframe created dynamically by the javascript code. This method is deprecated, and it has caused recent problems. I am fairly certain that the Twitter badge problem is occurring on some other sites we're seeing.
In the code below line 13 sets up the iframe. Line 15 is the one that is problematical. What you can't see is the very long list of hashtags and tweets that it contains, many of them in non-Ascii characters. Depending on the encoding used I think it might be possible to infect a webpage with malicious code by sending it via Twitter. The iframe is just acting as a conduit for whatever gets tweeted.
Edit - The Twitter logo-in-an-iframe may not be the reason after all. I was right about SiteAdvisor objecting to it, but in a previous thread (here) there is a screenshot of the block and it's just a black SiteAdvisor warning banner at the top of the page. So the underlying cause of the Red rating may still be unknown.
Message was edited by: Hayton on 26/07/13 23:31:24 IST
Message was edited by: Hayton on 26/07/13 23:43:39 ISTThanks for the advice, Hayton - typical that the main vulnerabilities are through third party widgets that we can't control (I've also just run the site pages through the W3C markup validator again and it's only the new Twitter widget that gives any errors too). Looks like I'll have to leave this one in the hands of the McAfee folks for now.
Edit - have just gone back and rescanned using Sucuri, which was the only other site to flag anything up. Sucuri's more detailed report suggests that the only reason they've flagged the site as blacklisted is that it's blacklisted by SiteAdvisor. So hopefully once it's been reviewed it'll have a clean bill of health everywhere.
David.
Message was edited by: dneale123 on 28/07/13 03:02:09 CDT
Message was edited by: dneale123 on 28/07/13 03:02:35 CDTThe site has now been reviewed and given the all clear, now categorised as non-profit. SiteAdvisor, TrustedSource and Sucuri all show it as clean now. Many thanks for your help.
on 8/3/13 3:21:01 AM CDTNew to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: