Peacekeeper,

Thank you very much for the suggestion.  I have sent the email you recommended.  I am appreciative of your efforts and look forward to a positive resolution on the problem.

AM

I investigated but can't see any strong reason for the rating. Both SiteAdvisor and TrustedSource say the Red rating is because of Malicious Downloads, which may mean something a bit different from what it seems to be saying. Downloads could be the result of malicious javascript in an iframe, for example.

https://www.siteadvisor.com/sites/crystalexchange.com

http://www.mcafee.com/threat-intelligence/domain/default.aspx?domain=crystalexchange.com

Most checkers give the site and the IP address the all-clear, although I note that TrustedSource thinks the site is hosted on host.crystalexchange.com, with the IP address 64.40.148.18 (whereas every other check returns a different IP address entirely). TrustedSource also finds the site on the correct IP address, so perhaps there's a duplicate (wrong, or outdated) entry in there somewhere.

Sucuri says the site has no problems but shows two items that caught my eye - one a javascript file (swfobject.js) and the other an iframe (for widget.stagram.com). Neither is obviously a problem, but "swfobject" is Shockwave Flash (a frequent means of malware infection) and iframes are inherently suspect. I checked the page source code and can't see anything amiss.

However the Quettera scan listed a total of 5 iframes, and one of them is a 1x1-pixel object - too small to see. You might want to double-check what it does.

<iframe src='javascript:false%3B' x30=1 style='z-index:-1%3Bposition:absolute%3Bfloat:left%3Bborder-style:none%3Bwidth:1px%3Bheight:1px%3Bfilter:progid:DXImageTransform.Microsoft.Alpha(Opacity=0)%3B' frameborder='0'>

The only hint from anyone else that there is or might have been a problem with the site comes from VirusTotal, which notes that

- BitDefender has flagged an unknown problem at some unknown time

The URL domain/host was seen to host badware at some point in time

- Antiy-AVL (not a vendor I know anything about) says this is a Malware Site

- Clean-MX marks the site as Suspicious. (In fact it this is a closed loop : Clean-MX is picking up the results from VirusTotal, it shows no real problem.)

UrlQuery shows nothing wrong with the site : if there was unusual network traffic this would have been noted in the results.

As a postscript :

While I was checking the page source code for iframes I noticed that there is a DOM Security Error on the Home page which you might want to correct.

Hayton,

Thank you for the thorough review.

(Sadly,) I have removed the flash presentation from the index page.

I have replaced the instagram iframe with their new instagram badge.

This code: <iframe src='javascript:false%3B' x30=1 style='z-index:-1%3Bposition:absolute%3Bfloat:left%3Bborder-style:none%3Bwidth: 1px%3Bheight:1px%3Bfilter:progid:DXImageTransform.Microsoft.Alpha(Opacity=0)%3B' frameborder='0'>

allows our navigation menus to properly display.  I purchased it about 5 years ago. I doubt I can modify the code, yet keep the menus properly displaying and working.

Re BitDefender.....there was an issue in early May this year where a small number files were hacked.  However, the problem was quickly found and corrected (less than 18 hours overall I believe), so I was really thinking that was "nothing" given the overall time on the www (15+ years)

I don't understand the DCOM Security Error.  Since I don't know if that is a server issue or html issue, I have fwded this thread to my hosting company for them to look at.  If it is an html/source code issue, I have no idea where to look.....I did a search in the source code for our website and found no hits on the search term *cloud*.  Can you please elaborate if this is a source code issue?

Thank you very much for your assistance.   I remain hopeful that you help me get this straightened out and reviewed for a rating correction.

AM

web site owner

I suspect the site rating is caused by one of two things. Either TrustedSource is aware of the BitDefender rating (possible) caused by your earlier temporary problem, or there was a recent temporary problem not now evident (also possible).

I don't think the site has been properly tested by SiteAdvisor, at least not since the recent SA upgrade. I would advise that you submit it to be (re-)tested so we can see what the downloads are and how they're rated. Right now there's no information on the SA ratings page.

Regarding the "DCOM" error : apologies for misleading you (and me). That's actually a DOM error and there are various discussions on the Chrome developer forums about it. Some of the discussions are product-specific and/or highly technical, but here's a pretty simple explanation of it :

http://getcontext.net/read/chrome-securityerror-dom-exception-18

Of the more cryptic and frus­trat­ing Chrome errors are the SecurityErrors. These bad boys show up at inop­por­tune times and ruin your day with an “Uncaught Error” and a big red excep­tion killing your code in its tracks.
So you’re play­ing around with HTML5 Canvas when all of a sud­den you’re get­ting aUncaught Error: SecurityError: DOM Exception 18 in the con­sole. What’s it mean?
DOM Exception 18
This excep­tion is thrown when your code is try­ing to access some­thing it shouldn’t, includ­ing cross-domain resources or stuff on your local filesystem.
Once you hit this one you will either need to loosen your browser secur­ity set­tings which is never optimal, or find out how to work around it.

So my Chrome browser settings may be to blame, but the page code should be flexible enough not to throw the error.

See also https://parse.com/questions/dom-exception-18

I did some research on this: apparently some Chrome extensions cause this problem

That may be true but I haven't seen the error before in Chrome. Several people say this is not an error that you would see in Firefox so it's browser-specific.

The "Cloud" reference is actually "CloudFlare", and is coming from one of the links on the page to third-party content. This is the HTTP connections graph from urlQuery -

I just checked the console errors again and something's changed. This is what now appears for the Home page.

So unless you've changed the page the COM error is intermittent or non-reproducable.

Hello,

Yes, I deleted the flash slideshow and the instagram iframe.

Removing the instagram iframe would have removed any reference to clouldflare per your earlier diagram.

What is the reference to "/undefined" on the web site?  I do not understand that.

Again, I have requested recans of the site.  I have done that twice in August (not counting today).  My hosting provide has requested a rescan.  And I believe our email filtering company has requested a rescan.  We use McAfee for email spam filtering and we are wondering if there may be a connection to our signing up for that service and the timing of the blacklisting.

Thanks for your continued assistance.

AM

"Undefined" is shown in the list of images, so it can't download some image or other. That's all I know.

The error is being generated by line 72 in 'ocscript.js' and that single line is immensely long as can be seen by the block of javascript below, which is what you get if you break it up into lines that more or less fit on the screen.

Something in that script is trying to create or locate an image or an icon, at a guess.

//[IM Code]


// ---- Add-On [3.5 KB]: Animated Pointer Icons ----
ulm_last_pointer=null;;function imenus_add_pointer_image(obj,dto,level)
{if(ulm_oldnav||(ulm_mac&&(ulm_ie||ulm_navigator)))return;x4="main";
if(level>0)x4="sub";var c_horizontal=true;if(level==0)
{if((ob1=obj.getElementsByTagName("LI")[0])&&(ob1.style.width.indexOf("100%")+1))c_horizontal=false;}
var a=obj.parentNode.getElementsByTagName("UL")[0];
var id=a.id.substring(a.id.indexOf("_")+1);
x3=document.createElement("DIV");
x3.id="pi"+a.id;
x3.style.position="absolute";
x3.style.visibility="hidden";
x3.style.fontSize="0px";
x3.style.lineHeight="0px";
x3.style.zIndex=999;
x3.setAttribute("ispointer",1);
x3.setAttribute("scxy","0,0");
x3.setAttribute("offxy","0,0");
if((level==0)&&(c_horizontal)){x3.setAttribute("ish",1);
x3.setAttribute("fxoff",x25(dto.main_pointer_image_offy));
x3.setAttribute("sloff",x25(dto.main_pointer_image_offx));}
else {x3.setAttribute("fxoff",x25(x27_pointer(x4+"_pointer_image_offx",dto,id)));
x3.setAttribute("sloff",x25(x27_pointer(x4+"_pointer_image_offy",dto,id)));}wht="";
if((tval=x27_pointer(x4+"_pointer_image_width",dto,id)))wht+="width='"+tval+"'";
if((tval=x27_pointer(x4+"_pointer_image_height",dto,id)))wht+="height='"+tval+"'";
x5=x27_pointer(x4+"_pointer_image",dto,id);
if(!x5||x5.toLowerCase()=="none")obj.setAttribute("noimage",1);
else obj.removeAttribute("noimage");
var dexist=false;var dobj=obj.childNodes;
for(var d=0;d<dobj.length;d++){if(dobj.getAttribute&&dobj.getAttribute("ispointer"))dexist=true;}
if(!dexist){x3.innerHTML='<img src="'+x5+'" '+wht+'>';
obj.appendChild(x3);}obj.onmousemove=function(e){e=e||window.event;
var x32=this;if(this.tagName=="DIV")x32=this.getElementsByTagName("UL")[0];
if((x32.className.indexOf("imncc")+1)||this.getAttribute("noimage")){imenus_hide_pointer();
im_kille(e);return false;}var lc=this.lastChild;
var bid;if(!lc.getAttribute("ispointer")){bid=this.getElementsByTagName("UL")[0].id;lc=document.getElementById("pi"+bid);}
if(!lc.getAttribute("initialized"))imenus_initialize_pointer(this,lc);
offxy=eval("new Array("+lc.getAttribute("offxy")+")");
sloff=parseInt(lc.getAttribute("sloff"));
scxy=eval("new Array("+lc.getAttribute("scxy")+")");
if(lc.getAttribute("ish")){npos=e.clientX-offxy[0]+sloff+scxy[0];
if(window.dp_zoomc)npos=dp_zoomc(npos);setTimeout("imenus_pointer_move('"+lc.id+"',"+npos+",'h')",0);}
else {npos=e.clientY-offxy[1]+sloff+scxy[1];
if(window.dp_zoomc)npos=dp_zoomc(npos);
setTimeout("imenus_pointer_move('"+lc.id+"',"+npos+")",0);}
var a;if(a=window.imenus_event_mc_onmousemove)a();im_kille(e);return false;};};
function imenus_pointer_move(id,npos,type){var md=document.getElementById(id);
if(type=="h")md.style.left=npos+"px";else md.style.top=npos+"px";
if(md.getAttribute("initialized"))md.style.visibility="inherit";};
function x25(val){if(val==null)return 0;return val;};
function imenus_hide_pointer(check)
{if(ulm_last_pointer&&ulm_last_pointer.parentNode!=check)
{ulm_last_pointer.style.visibility="hidden";ulm_last_pointer.removeAttribute("initialized");}};
function imenus_initialize_pointer(obj,lc){imenus_hide_pointer();ulm_last_pointer=lc;var txy=x26(obj);
if(hpi=document.getElementById("hpi_pad"))
{if(a=hpi.scrollLeft)txy[0] -=a;if(a=hpi.scrollTop)txy[1] -=a;}lc.setAttribute("offxy",txy);
var pxy=parseInt(lc.getAttribute("fxoff"));
if(lc.getAttribute("ish"))lc.style.top=pxy+"px";else lc.style.left=pxy+"px";pobj=document.body;
if((!(pobj.scrollLeft+pobj.scrollTop))&&(document.documentElement))pobj=document.documentElement;
lc.setAttribute("scxy",pobj.scrollLeft+","+pobj.scrollTop);lc.setAttribute("initialized",1);};
function x27_pointer(pname,dto,index){if((rval=dto[pname+index])!=null)return rval;else return dto[pname];}

By the way, the Flash content may be safe to re-instate. The iframe : I don't know whether it should be left off for a while or not. iframes are looked on with some suspicion by SiteAdvisor because it's so easy for an attacker to hijack them so as to slip malicious javascript into a web page, which the browser will innocently run and then ... mayhem. Best leave it to one side for a while, you can always put it back later.

I have reinstated the flash slide show. 

The instagram Iframe was left out.  It has the new "badge" for instagram instead.

Seeing as I have been using the same menu code for about 5 years, is it reasonable to think that the OCSCRIPT.JS is not likely any cause for alarm?

Thanks,

AM