Wow- Thanks for the insight! Not sure exactly what the charts are but interesting. I appreciate you trying to get to the bottom of this! I hope you get it figured out! Thank you so much.
I think I've got it, but if not then I'll have to call it a night.
Before I go into the site detail, I think you should check the old site, which appears to have (or probably had) a connection with a name server (ns1.ipage.com) with IP address 22.214.171.124, whose ISP is The Endurance International Group; this name server has a number of really strange entries associated with it, all of them apparently ridiculing someone by the name of "Robert M Stanley" who has a connection with something called "Unicus". It looks as if someone has hacked a server, or poisoned a DNS server, to create these entries. I absolutely don't want to go into this any further than I have to, so a couple of those entries will serve as an example -
According to the most reliable tracers both of your sites now come under Incapsula, so perhaps this no longer affects your site. If you don't have any connection with that ISP, all of this is irrelevant to the enquiry - just another of those false leads. However, it's a salutary reminder that information about websites in different places on the internet may show discrepancies because some organisations are not very good at updating their records. When TrustedSource receives input from third-parties about a website those third-parties could be accessing stale data.
So now to the chase. Here are the most probable causes of the Red rating.
1. TrustedSource has flagged the site as Malicious, and that rating has been passed on to SiteAdvisor. "Malicious" means it's a problem on the site itself. The Red rating seems to have been in effect for the past month or so, and thus has nothing to do with the WordPress security plugin which you say was only recently installed. The rating details are the same for justkeepblogging and www.justkeepblogging, but the rating page for the first site includes details of a mail server. The email reputation shows no warning spikes, so you're not being flagged for sending spam; this is a Web reputation problem. Note especially that the First Seen/Last Seen dates for both of them are 2009, so you've not been assessed since then; and the DNS server information is out of date. Re-submitting your site to SiteAdvisor for re-checking is therefore essential to re-establish the site's credentials. A lot can change in four years. (And I know SiteAdvisor is supposed to come back and re-check automatically from time to time, but it doesn't. There are just too many sites.)
2. Sucuri, one of the first tools I use to check a site for problems, was unable to scan your site properly. That is only to be expected with the WordPress plugin, but it may also be that Incapsula is blocking automated scanning tools from functioning correctly. And, guess what, some at least of the TrustedSource web reputation feedback comes from automated site scanners which crawl all over the web looking for problems (creepy, isn't it?). So maybe, just perhaps, there was a flag raised because your site suddenly became unscannable. Not grounds enough for a Red rating, but it may have put your site on a Watch list.
3. Sucuri, however, did detect at least one iframe on the site. And Quttera, another site scanner, detected three. (Oh, and Quttera thinks your "www." site is in Israel - more confusion). Now, iframes are inherently suspicious (another black mark for the site) because they are very often used to deliver malware dynamically. They provide a window into some other site which cannot be scanned by anti-virus software until whatever code is in the iframe does its job, and then it's often too late. Quttera says the 3 iframes it found are all Hidden, and all link to "my.incapsula.com". One of those iframes (the third one) is flagged by Quttera as Suspicious. So Incapsula is now in the frame as the chief suspect ...
4. I submitted the "jstest.html" file to jsunpack to see if there was anything there worth noting. The report that came back included a listing of the page, which says, basically,
"Hello, I am a java script test analytics page".
- so no joy there.
5. However, the results from jsunpack for your site as a whole were most interesting.
It's creating a new ActiveXObject on the fly? I'm not sure that's really approved. And they both have a reference to an image, also created dynamically :
Whatever it's doing, it's all part of the Incapsula service, but it's all hidden and disguised. And that could look suspicious - although jsunpack classed it all as Benign.
That was quite a journey of exploration. I'm sorry I can't be more definite about the reason for your site's rating, and I realise that I may have missed something crucial which is the real reason for the rating; but that's about as much as I can do. You'll have to wait now for the results of any re-rating request that you've made.
If you want to open a ticket with TrustedSource about this, here's how to go about it.
If you want to address an issue with a web site in Site Advisor, that is based on McAfee's Trusted Source Web Reputation, please go to http://www.trustedsource.org/en/feedback/url and use the web form to contact the Trusted Source team.
If you want to track your requests or be notified via email, you can register for a free TrustedSource.org account.
This all reads like a bad spy novel...First off I just got this domain name on 9-4-13 only a month ago from Godaddy...
Is all the information tied to the domain name or the server which is ipage hence the ns1.ipage.com
I went ahead and submitted a request with trusted source. When you buy a domain isn't it supposed to be clear of everything? Anyone else I could go to about this? Maybe Godaddy?
This all reads like a bad spy novel...
Hey, I've just been promoted to the ranks of bad-spy-novel writer, now I can rub shoulders with the likes of Dan Brown
I had to go back into the past history of justkeepblogging.com to check whether TrustedSource was holding onto some old rating data, which took a while. Answer : no, I don't see anything.
What I see is that on May 17 2009 the domain name expired. That ties in with the last-seen date on TrustedSource. There are no historical records on Clean-MX for that domain name, so it is unlikely that the site was rated Unsafe during its previous incarnation.
In the week before September 17 2013 the domain name was transferred from WildWestDomains (a GoDaddy re-seller) to iPowerWeb. That company is related to StartLogic, and does not appear to be part of GoDaddy : it's a web hosting company and is a subsidiary of Endurance International Group.
On September 17 the domain name was transferred into iPage.com, so the name servers are ns1.ipage.com and ns2.ipage.com; compare those to the name server details that TrustedSource still holds for the site and you'll see the possibility for false reporting if they're still checking the old name servers.
When you buy a domain name that's had a previous existence a conscientious re-seller ought to carry out some checks at least to make sure that any blacklisting of the domain as a result of its previous activities has been lifted, or at the very least that the new owner is told about it. I don't think GoDaddy (and others, probably) do that, so some new owners inherit the past bad reputation of the site they've bought. You at least don't seem to have that problem.
The people from either TrustedSource or SiteAdvisor will need to look at this and decide whether it's okay. If it is, you should get a Green rating pretty soon.
In the meantime you might want to weigh up whether you need the protection Incapsula offers, if it's going to cause this sort of problem. I can't offer any advice because I've never come across them before. But they're in Wikipedia, and reviews are mostly favourable.
http://whois.domaintools.com/justkeepblogging.com (WhoIs record and Server Stats)
It is possible to whitelist "good" bots and security scanners can be whitelisted and I seem to rememer Securi, McAfee etc. are all listed in Incapsula.
If these challenges have been coming up on a protected website, the blocked access attempts, including all details will be listed in the Incapsula dashboard.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: