×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
93viking
Former Member
Message 1 of 11

SiteAdvisor False Positive

SiteAdvisor quite possibly has to be the worst security product ever! Every one of the websites I have show up as a potential security risk. These are just basic HTML business websites, and because of this bad product legitimate websites are loosing business every day. Here are the websites I have:

edvanes.com

sleepyhollowlandscaping.com

honestheatcooling.com

mr-sandman.net

Yet if you use any other tool out there the websites are fine. Example: http://www.google.com/safebrowsing/diagnostic?site=www.edvarnes.com

I've submitted the websites to McAfee, but all I get back is: SiteAdvisor engineers will look into your issue, and will issue a change if it is deemed appropriate.

Any help would be appreciated. I have some very upset customers who are loosing business.

10 Replies
Hayton
Reliable Contributor
Reliable Contributor
Message 2 of 11

Re: SiteAdvisor False Positive

I can't do more at the moment than take a few notes about this but I'll be onto it (along with two other SiteAdvisor site problems) as soon as I've finished my end-of-year Tax Return.

But to start, can you confirm that ThePlanet.com is hosting your sites? (See GeoFox screenshot)

There is a name server reference of ns24a.avahost.net which may be causing a problem because it seems to be associated with a number of red-rated websites. If ns2.nomorecopperpennies.net means anything to you, I advise you to transfer to that since it shows as safe.

You should perhaps remove your sites from the server with IP address 174.133.127.130, since they are apparently sharing server space with at least 3 other domains which are showing up as Red / High Risk.

I'll follow up and confirm this (or revise the findings) as soon as I can, but I will only say that hosting providers seem to be responsible for quite a few SiteAdvisor rating problems. If SiteAdvisor finds you sharing an address with some site that's definitely bad, you get dragged into it by association. Not your fault.

Message was edited by: Hayton on 28/01/11 01:46:04 GMT

Message was edited by: Hayton on 28/01/11 11:29:05 GMT
Hayton
Reliable Contributor
Reliable Contributor
Message 3 of 11

Re: SiteAdvisor False Positive

As an afterthought I checked your sites against WOT, Norton SafeWeb and Webutation.

None of them has been rated yet by Norton; only mr-sandman.net shows anything on WOT (one incomplete rating); and they all carry a Website Antivirus Warning on Webutation - see the screenshot below.

93viking
Former Member
Message 4 of 11

Re: SiteAdvisor False Positive

I'm using avahost.net as my hosting site. Thanks for you help so far! I'll talk to avahost and see what can be done, but this tool is very misleading to most computer users if the SiteAdvisor's rating is by IP and not domain name.

Message was edited by: 93viking on 1/29/11 10:22:08 PM CST
user_75532
Contributor
Message 5 of 11

Re: SiteAdvisor False Positive

I don’t see how checking only the domain name is sufficient, domain name can be redirected to bad IPs. SiteAdvisor checks for this, only thing, SiteAdvisor doesn’t factor in for are shared servers. So if one persons website was free of red downloads, but another persons website on the shared server is hosting malware, this persons plus everyone else on that server ends up being SiteAdvisor back slapped.

Geode
Former Member
Message 6 of 11

Re: SiteAdvisor False Positive

Yep, Here's another one I ran into tonight.  Walmart.com (no www).  You can tell from the report it is bogus.  Downloads an "install.cab" with nasty ware.  And all links are to garbage sites (see attached jpg of screeen capture).  But SiteAdvisor says it is safe.

After last year's horror story with Internet Security 2010 (just look at the forums and the havoc it wrecked on people's machines, including mine), I am really losing faith in this software.  The only reason I'm on the forum is to see what kind of trouble 2011 is causing customers.

Hayton
Reliable Contributor
Reliable Contributor
Message 7 of 11

Re: SiteAdvisor False Positive

Thanks for the warning, Geode. SiteAdvisor's a bit out of date on this I think. I'm going to re-submit the site for testing and have those cab files uploaded to virustotal for checking. I don't like the look of install.cab, for a start. See the screenshot.

Edit - On the other hand, I've tried in IE and FF to get to walmart.com (without the www) and in both the "www" is inserted before the page loads, and I get what appears to be the legit site. Microsoft Smartscreen Filter reports the site as being okay, and in FF NoScript does not seem to object to it. I see no redirection anywhere, so how did you come across this?

Message was edited by: Hayton on 16/02/11 18:33:08 GMT
Geode
Former Member
Message 8 of 11

Re: SiteAdvisor False Positive

Hey Hayton,

To answer your question (how did I get to this) =>  bbcnews was running slow last night, so I wanted to determine if it was the site or my dsl.  I launched google and typed w...it offered walmart and I searched it.  It is the top site on a google search (see screenshot).  SiteAdvisor was green (and google said it was "official"), so I clicked it.  Doh!  I immediately knew I was in trouble (and it added a link to my shortcuts favorites tab in ie8).

btw, I checked this at work today with google and SiteAdvisor (we are a McAfee shop where I work), and SiteAdvisor showed it as the "question mark".  I thought "Wow, they already rechecked the site and flagged it" (btw, we use Cox Cable (2x50M) and ATT (1x45M) as our business POPs).  I checked it at home tonight and it is the "green checkmark".

Go figure.

As you can see from the real Walmart site, it has the same stats (59 green downloads OF INSTALL.CAB!) as the bogus site.  Fortunately, the real Walmart site doesn't have the install.cab payload.

Message was edited by: Geode on 2/16/11 7:08:41 PM CST
Hayton
Reliable Contributor
Reliable Contributor
Message 9 of 11

Re: SiteAdvisor False Positive

When I Google for Walmart I get the standard list of search results, without the inserted link that I see at the top of your screenshot. That means I can't go to the suspect site to investigate it.

Links like that at the head of a search results list are usually paid-for links unrelated to search rankings, and are to be treated with the greatest of suspicion - if someone is running a scam it's the ideal way to get the maximum number of punters to visit their sites in a short time. And in this case it may be that Google themselves have acted to remove this site from their search pages.

Can you do another search for Walmart and let me know if that site still appears at the head of it? If you see it and I don't your PC may have some malware that's inserting this in the results. As a precaution clear your browser cache, check your browser add-ons for anything you don't recognise, and run a McAfee Quick Clean (or CCleaner, even better) to clear out cookies, temp files, and junk. If you have Malwarebytes, run a quick scan with that.

I'm surprised that SiteAdvisor on the search showed this as green. The similarity in the link URLs ("walmart.com", "www.walmart.com"), would normally cause SiteAdvisor to flag whichever site was set up second as yellow, on the assumption that it might be a phishing site (as this seems to be). Perhaps it's because the list of Google results is full of examples of http://walmart.com, in which case Walmart will have registered that as one of theirs.

If that really is so then it looks like a case of blatant impersonation, with redirection to a fake website. Hard to be sure. Best way to find out is perhaps to use Firefox with NoScript and NoRedirect, or to put the no-www site url into IE's Restricted Sites list, and then to see what happens when you go there.

btw, what was all that about Internet Security 2011? I hope you haven't had to rid yourself of a fake AV as well?

If you're going to reply to this tonight don't count on an answer, since this site is going down in an hour for a major upgrade ... back up in about 10 hours (all being well).

Hayton
Reliable Contributor
Reliable Contributor
Message 10 of 11

Re: SiteAdvisor False Positive

Maybe this throws some light on the affair.

http://searchengineland.com/display-url-traffic-tricks-used-by-brand-hijackers-21390

And did you perhaps end up at CouponSnapshot.com? That site has a Very Poor reputation on WOT, and in FF (where I have WOT installed as an add-on) I was blocked from going there and had to specifically request that I be allowed to proceed. Have a look at the screenshot (you may need to open the .jpg in Photo Editor in a separate tab to see all the text properly). This site clearly is pretending to be affiliated in some way with Wal-Mart, but it's not. Several consumer forums have complaints about this outfit.

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community