×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cms47
Contributor
Message 1 of 8

Confusing rating behaviour from Siteadvisor...

My daughter plays a game called Minecraft.  She was wanting to get a mod for the game from a site called "planetminecraft.com".  SIteadvisor shows the site as "green" but every download attempts give a "red" warning, so she's afraid of downloading any texture packs or mods for her game.

I checked Siteadvisor's page for planetminecraft.com and it's showing the main site as "red" with all "green" links in the report below it.

Is there any way to find out why this site, or its downloads, are being flagged as "red" and blocked?

Thank you for your time.

-Cheryle

7 Replies
drghughes
Former Member
Message 2 of 8

Re: Confusing rating behaviour from Siteadvisor...

Hi Cheryle!

For some reason, while SiteAdvisor has no problem with the URLs http://www.planetminecraft.com and http://planetminecraft.com, it thinks that there are problems with http://www.planetminecraft-dot-com/resources/texture_packs/

You can see the different ratings at http://www.trustedsource.org/en/feedback/url - select McAfee SiteAdvisor from the product list, enter the different URLs in the Please type in a URL to look up the categorization box, and then click the <Check URL> button to get the rating.

If you're sure that the URLs like http://www.planetminecraft-dot-com/resources/texture_packs/ are okay and that the Planet Minecraft owners run the site well, then you can request a review - see https://community.mcafee.com/message/66185#66185 for a How To.  Note that I checked the Projects, Skins and Mods links as well and they all come back as malicious, so you should request reviews on them too if you think that they are okay.

Message was edited by: Hayton. With apologies, but one of the links really, really, was dangerous. on 08/02/14 03:28:29 GMT
Hayton
Reliable Contributor
Reliable Contributor
Message 3 of 8

Re: Confusing rating behaviour from Siteadvisor...

First, I apologise for having to edit the previous post to make a dangerous link non-clickable.

The SiteAdvisor rating for planetminecraft.com is taken from the current TrustedSource (real-time) rating, but the details of links and downloads (and safety ratings for those) are historical, since they reflect the situation at the time of testing and do not thereafter change unless the site is re-tested. A site such as this one really needs to be re-evaluated very frequently, at least once a month and perhaps more often as the site content will change very rapidly.

Normally the first check on any website flagged by SiteAdvisor or TrustedSource would be to go and find user reviews of the site and see what they have to say. In the case of online gaming sites however any place where user reviews are posted is going to be swamped by vociferous gamers yelling that their favourite site can't possibly be infected with anything malicious, often contradicting themselves immediately by saying don't click on any of the links and avoid the advertising because they're malicious (<sigh>). Such is the case here. If you go to the WOT review for planetminecraft though you will find warnings that the site has often hosted (third-party, external) malicious content in the past. See those reviews HERE, and a few SiteAdvisor reviews HERE.

There's a problem with trying to evaluate this website, because results indicate it is hosted on more than one server. The local server for me is somewhere in Europe; the server for the Americas is a CloudFlare server in Costa Rica (and there may be others). Direct access to the IP address of the Costa Rica server for checking purposes is blocked by CloudFlare - a sensible precaution, but it shuts off one or two avenues of investigation. Spreading the load across different servers also means that it becomes more difficult to say this or that is malicious, when it might be so only on one server but not another.

Having said that, there does appear to be a problem on the site on one server at least - the IP address is  190.93.241.126, so it's the Costa Rica server - and it's coming from iframes. These connect dynamically at runtime to an external site to provide content, and they are one of the commonest ways a web page can be made to provide malicious content.

Sucuri detects the contents of 6 iframes as malicious and classes each of them as MW:IFRAME:HD202

Quttera finds 13 of these iframes so Sucuri may be under-reporting the problem. However Quttera does not specify the full location of each iframe whereas Sucuri does.

One of these malicious iframes is in "planetminecraft.com/resources/texture_packs/", which I believe is one of the locations that SiteAdvisor is marking Red.

This website also has external links to a host of other sites, some (many) of them for advertising purposes. I don't know if the Costa Rica server connects to "ih.adscale.de", but the European server certainly does; and that particular site was blacklisted by SiteAdvisor only a few days ago for serving up malicious advertising on a website I go to frequently. I was surprised by the sudden appearance of a black warning banner across the top of thepage, so I investigated and found the source of the blocked material. I added a warning to the WOT review page (here).

The web of external connections of planetminecraft.com is extremely complex, and such complexity makes a website far more vulnerable to hacking and compromise. Just have a look at the spider's web below.

Now here come the screenshots. I could investigate further, using other sources, but this is enough to demonstrate what every investigator knows : online gaming sites are a snakepit, and cannot be trusted. Proceed with extreme caution and make sure all your OS and applications, as well as antivirus defences, are up to date; use SiteAdvisor and don't ignore its warnings; and beware any and all advertising on such sites. Watch out for downloads that may carry more of a payload than they innocently promise. And realise that most hackers cut their teeth on the snarling infighting and backstabbing of online gaming. Otherwise, you know, enjoy. Have fun.

Sucuri planetminecraft.png

Sucuri planetminecraft iframe payloads.PNG

planetminecraft domain_graph.gif

cms47
Contributor
Message 4 of 8

Re: Confusing rating behaviour from Siteadvisor...

Thank you for taking the time to do all of this reviewing.  I greatly appreciate it and will warn my daughter not to use this site.  Also, do you think it would be good to email, or otherwise message, the owner of the site and direct him to your reply with all that information? 

-Cheryle

Hayton
Reliable Contributor
Reliable Contributor
Message 5 of 8

Re: Confusing rating behaviour from Siteadvisor...

cms47 wrote:

I ... will warn my daughter not to use this site. 

It might be a good idea to stay off the site for several days until whatever problem they've got is fixed (again). I would say that the site owner(s) are used to this sort of thing happening and can block the external content if it turns out to be malicious. It's happened before, no doubt it will happen again. Post again in a few days and I'll run the checks again and see if it's okay to get downloads from the site.

Also, do you think it would be good to email, or otherwise message, the owner of the site and direct him to your reply with all that information? 

Um, I would rather you did not. Both online gamers and the people who run the websites (usually gamers or at least immersed in the game world) tend to regard aggression as the best form of defence (comes from too much gaming, I suppose). What I don't what is to have outraged gamers protesting that I've cast aspersions on their beloved pastime ....

But you can send them a link to the Sucuri scan results and let them look at those iframes :

http://sitecheck2.sucuri.net/results/www.planetminecraft.com

drghughes
Former Member
Message 6 of 8

Re: Confusing rating behaviour from Siteadvisor...

Thanks for your posts Hayton!  I've learned a few things!

Is there anything that Cheryle can do to improve the security on her machine?  I'm thinking of things like the NoScript Add-on for Firefox which can be set up to block iframes - see http://noscript.net/faq#qa4_8  Given that gaming sites are higher risk, and that her daughter will want to visit these sites, a little prevention is going to be worthwhile.

Cheryle:  Is your daughter using a user level account on the PC?  This is the first line of defence against problems.

cms47
Contributor
Message 7 of 8

Re: Confusing rating behaviour from Siteadvisor...

Both our computers are as secure as we can get them, though I know nobody's is perfect..

We both have security feature add-ons for Firefox as well.  We've not gotten any viruses, thankfully, because of Siteadvisor and other programs that block such things.  I was just curious about this particular site because of the different (confusing to me) ratings it received from Siteadvisor and wanted to get it clarified, which Hayton has done admirably...

Neither of us frequent Planetminecraft.  In fact, we're new to the whole game and she was just looking into getting a particular mod that was only available from that site.  I'll not contact the owner of the site, as Hayton requested.  Hopefully, it'll all get straightened out, again and she can get that mod she wants eventually. 

-Cheryle

elonmask
Contributor
Message 8 of 8

Re: Confusing rating behaviour from Siteadvisor...

thanks !!

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community