×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
snorkelman
Former Member
Message 1 of 7

False positive - based on really lame evidence

Jump to solution

I run http://marknelson.us. It's a straightforward Wordpress site, and I keep it up to date.

I check for malware, and currently get a clean bill of health from:

But McAfee Site Advisor marks my site as dangerous:

McAfee TrustedSource web reputation analysis found potential security risks with this site. Use with extreme caution.

The site advisor page shows no problems with downloads, no problem with links, but marks me down.

Why? Because in February of this year, Malware Domain Blocklist mistakenly listed my site for a couple of weeks.

Why did they list my site? Did they find malware on my site? Suspicious activity?

No - they found my site listed in a text file on a known malware site - probably a list of sites that were going to be attacked.

There was never the slightest shred of evidence that my site was compromised, and as soon as I brought it to their attention they corrected the problem.

But McAfee does not provide an interface by which I can correct this listing, so instead I get incorrectly marked as a malware site.

I can't even register as the site owner - the automated system is reporting that I'm issuing soft 404's, which does not appear to be the case to me.

So basically, Site Advisor uses bad information to trash my site - information that was corrected eight months ago. And they provide no avenue for me to report a false positive. (RIght now when I click on "add a comment" I just sit and spin waiting for a response.)

So how does one fix this when McAfee screws up?

(Attached is what I see in Chrome when I send my site a bad url - response is a 404. Site advisor tells me: It appears that the Web site marknelson.us (or www.marknelson.us) is returning an HTTP 2xx or 3xx status response code in the header of 404 pages.)

- Mark Nelson

1 Solution

Accepted Solutions
k3tg
Reliable Contributor
Reliable Contributor
Message 2 of 7

Re: False positive - based on really lame evidence

Jump to solution

This link from McAfee will assist you in resolving your issue

View solution in original post

6 Replies
k3tg
Reliable Contributor
Reliable Contributor
Message 2 of 7

Re: False positive - based on really lame evidence

Jump to solution

This link from McAfee will assist you in resolving your issue

snorkelman
Former Member
Message 3 of 7

Re: False positive - based on really lame evidence

Jump to solution

Thanks Tom, I am on it. Hope the process works.

- Mark

NotBuyingIt
Reliable Contributor II
Message 4 of 7

Re: False positive - based on really lame evidence

Jump to solution
Hope the process works.

Evidently, the process can work quickly.

marknelson_us.png

snorkelman
Former Member
Message 5 of 7

Re: False positive - based on really lame evidence

Jump to solution

It did an I am happy to be off the list.

The lingering items left over from this are:

1) I wasn't able to get into the remediation process until somebody actually gave me a link. All my searching to no avail, the only useful links I found were to this forum.

2) The system that SiteAdvisor uses to authenticate my ownership of the site seems broken. It keeps telling me that my site is issuing soft 404s, but if I enter a bad URL it appears to me that I'm definitely getting a real 404. Try http://marknelson.us/badurl and see what you think. Perhaps the URL they are creating is indeed getting a soft 404, but if so, it would help to give some hints as to how they were doing it.

3) Site ratings based on bad info need to change. When a site like Malware Domain Blacklist removes a site from their list, they are satisfied that the site is not a problem. When that happens, McAfee should eliminate that from their algorithm as well.

That said, at least when I found the correct way in, McAfee responded quickly and with the desired result.

- Mark

Hayton
Reliable Contributor
Reliable Contributor
Message 6 of 7

Re: False positive - based on really lame evidence

Jump to solution

Mark Nelson wrote:

I can't even register as the site owner - the automated system is reporting that I'm issuing soft 404's, which does not appear to be the case to me.

(Attached is what I see in Chrome when I send my site a bad url - response is a 404. Site advisor tells me: It appears that the Web site marknelson.us (or www.marknelson.us) is returning an HTTP 2xx or 3xx status response code in the header of 404 pages.)

I raised this issue in an internal discussion area last April and got no response. So I asked, several weeks ago during a conference call, for someone on the SiteAdvisor team to draw up a short document for website owners setting out all the steps necessary to avoid getting this SiteAdvisor message, and/or the steps to be taken when you get the message. I haven't given up hope that such a document will ever appear, but I've seen no sign of it yet.

That particular issue has been reported here and in other forums many, many times - I found over a thousand site owners reporting it. The best guide to a workaround I've seen so far was in a post in the WordPress forum by a user who does not guarantee that it will work for everybody (but it might). See this thread for the possible workaround.

It does look as if TrustedSource (which is where your site's Bad Reputation came from) needs to be more reactive to removal of false positives from their feeder sources. The whole system is very complex (there's an entire White Paper on the subject if anyone's interested) so I won't put it more strongly than that. Potential dangers do get picked up very quickly, I know that much.

RIght now when I click on "add a comment" I just sit and spin waiting for a response

You mean the SiteAdvisor results page, where site owners can add comments? I'm not a site owner so I haven't seen this, and no-one's remarked on it before. Possibly you just happened to be trying to do something when the server was either down or very busy.

Below is what I see when I enter the BadURL address.

Page not found.png

snorkelman
Former Member
Message 7 of 7

Re: False positive - based on really lame evidence

Jump to solution

Thanks for all the feedback Hayton. As for what you see when you enter the Bad URL address - yes there is a lot of content there, but it was served up with a 404.  The web browser is kind of on its own as for what to do when it gets content with a 404. But if you use a tool like Chrome's developer tools or Firebug, you'll definitely see that my site is returning a 404 - not a soft 404.

I have a feeling that what they really want is not just a 404, but a 404 with no additional content - but that's not necessary, all the matters is the HTTP status code - not the content. This kind of response ought to be good enough:

mark@ubuntu:~$ wget http://marknelson.us/badurl

--2011-11-16 20:20:19--  http://marknelson.us/badurl

Resolving marknelson.us... 75.119.222.39, 2607:f298:2:120::336:3dd6

Connecting to marknelson.us|75.119.222.39|:80... connected.

HTTP request sent, awaiting response... 404 Not Found

2011-11-16 20:20:21 ERROR 404: Not Found.

Or if you don't trust wget, how about curl?

mark@ubuntu:~$ curl -s -D - -o /dev/null http://marknelson.us/badurl

HTTP/1.1 404 Not Found

Date: Thu, 17 Nov 2011 02:26:21 GMT

Server: Apache

X-Pingback: http://marknelson.us/xmlrpc.php

Expires: Wed, 11 Jan 1984 05:00:00 GMT

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache

Last-Modified: Thu, 17 Nov 2011 02:26:22 GMT

Vary: Accept-Encoding

Transfer-Encoding: chunked

Content-Type: text/html; charset=UTF-8

No matter how you slice it, it's still a 404.

Anyway, the good news about all this is that I don't depend on my web site to bring in any revenue. So having my traffic slightly repressed by a bad rating is not the end of the world.

- Mark

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community