My site is crystalexchange(dot)com . I'm not sure why, but for several weeks now, SiteAdvisor is indicating my site is "Dangerous" to visit.
My site is safe according to our hosting provider, Google, and a number of other websites I have used to check for safety.
We've been on the internet over 15 years without issues.
We are on a server with a very small # of sites hosted on it. (Virtual Dedicated?)
I have filled out forms 2 different times for a new evaluation, but apparently, the evaluations continue to keep us on the blacklist.
Can you provide assistance so that I know what needs changing on the site or let me know where else to look for problem pages.
Have you emailed email@example.com and asked then there to review and say the site is fine and please review as a matter of urgency?
Hayton 1 of the other mods is more SA experienced and I have asked him to comment.
Thank you very much for the suggestion. I have sent the email you recommended. I am appreciative of your efforts and look forward to a positive resolution on the problem.
Most checkers give the site and the IP address the all-clear, although I note that TrustedSource thinks the site is hosted on host.crystalexchange.com, with the IP address 220.127.116.11 (whereas every other check returns a different IP address entirely). TrustedSource also finds the site on the correct IP address, so perhaps there's a duplicate (wrong, or outdated) entry in there somewhere.
However the Quettera scan listed a total of 5 iframes, and one of them is a 1x1-pixel object - too small to see. You might want to double-check what it does.
The only hint from anyone else that there is or might have been a problem with the site comes from VirusTotal, which notes that
- BitDefender has flagged an unknown problem at some unknown time
The URL domain/host was seen to host badware at some point in time
- Antiy-AVL (not a vendor I know anything about) says this is a Malware Site
- Clean-MX marks the site as Suspicious. (In fact it this is a closed loop : Clean-MX is picking up the results from VirusTotal, it shows no real problem.)
UrlQuery shows nothing wrong with the site : if there was unusual network traffic this would have been noted in the results.
As a postscript :
While I was checking the page source code for iframes I noticed that there is a DOM Security Error on the Home page which you might want to correct.
Message was edited by: Hayton - substitute DOM for DCOM, fix typos on 19/08/13 19:21:01 IST
Thank you for the thorough review.
(Sadly,) I have removed the flash presentation from the index page.
I have replaced the instagram iframe with their new instagram badge.
allows our navigation menus to properly display. I purchased it about 5 years ago. I doubt I can modify the code, yet keep the menus properly displaying and working.
Re BitDefender.....there was an issue in early May this year where a small number files were hacked. However, the problem was quickly found and corrected (less than 18 hours overall I believe), so I was really thinking that was "nothing" given the overall time on the www (15+ years)
I don't understand the DCOM Security Error. Since I don't know if that is a server issue or html issue, I have fwded this thread to my hosting company for them to look at. If it is an html/source code issue, I have no idea where to look.....I did a search in the source code for our website and found no hits on the search term *cloud*. Can you please elaborate if this is a source code issue?
Thank you very much for your assistance. I remain hopeful that you help me get this straightened out and reviewed for a rating correction.
web site owner
I suspect the site rating is caused by one of two things. Either TrustedSource is aware of the BitDefender rating (possible) caused by your earlier temporary problem, or there was a recent temporary problem not now evident (also possible).
I don't think the site has been properly tested by SiteAdvisor, at least not since the recent SA upgrade. I would advise that you submit it to be (re-)tested so we can see what the downloads are and how they're rated. Right now there's no information on the SA ratings page.
Regarding the "DCOM" error : apologies for misleading you (and me). That's actually a DOM error and there are various discussions on the Chrome developer forums about it. Some of the discussions are product-specific and/or highly technical, but here's a pretty simple explanation of it :
Of the more cryptic and frustrating Chrome errors are the SecurityErrors. These bad boys show up at inopportune times and ruin your day with an “Uncaught Error” and a big red exception killing your code in its tracks.
So you’re playing around with HTML5 Canvas when all of a sudden you’re getting a
Uncaught Error: SecurityError: DOM Exception 18in the console. What’s it mean?
DOM Exception 18
This exception is thrown when your code is trying to access something it shouldn’t, including cross-domain resources or stuff on your local filesystem.
Once you hit this one you will either need to loosen your browser security settings which is never optimal, or find out how to work around it.
So my Chrome browser settings may be to blame, but the page code should be flexible enough not to throw the error.
I did some research on this: apparently some Chrome extensions cause this problem
That may be true but I haven't seen the error before in Chrome. Several people say this is not an error that you would see in Firefox so it's browser-specific.
The "Cloud" reference is actually "CloudFlare", and is coming from one of the links on the page to third-party content. This is the HTTP connections graph from urlQuery -
Message was edited by: Hayton on 19/08/13 19:50:32 IST
I just checked the console errors again and something's changed. This is what now appears for the Home page.
So unless you've changed the page the COM error is intermittent or non-reproducable.
Yes, I deleted the flash slideshow and the instagram iframe.
Removing the instagram iframe would have removed any reference to clouldflare per your earlier diagram.
What is the reference to "/undefined" on the web site? I do not understand that.
Again, I have requested recans of the site. I have done that twice in August (not counting today). My hosting provide has requested a rescan. And I believe our email filtering company has requested a rescan. We use McAfee for email spam filtering and we are wondering if there may be a connection to our signing up for that service and the timing of the blacklisting.
Thanks for your continued assistance.
"Undefined" is shown in the list of images, so it can't download some image or other. That's all I know.
Something in that script is trying to create or locate an image or an icon, at a guess.
I have reinstated the flash slide show.
The instagram Iframe was left out. It has the new "badge" for instagram instead.
Seeing as I have been using the same menu code for about 5 years, is it reasonable to think that the OCSCRIPT.JS is not likely any cause for alarm?
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: