Our website is fine: eartheasy.com
But our checkout process has been flagged as high risk: https://eartheasy.com/checkout/onepage/
Can anyone tell me why this is?
I have filed for reconsideration, but I'd like to know why we were flagged.
Thank you
The SA team rarely visit here the fastest way to get an answer is by
1) Browse to www.trustedsource.org/en/feedback/url
10) If you created an Account (and logged in with it), a Ticket ID will be displayed, along with 3 options on when you will receive email (when the ticket isOpen, Reviewed, or Closed)
Hi Peacekeeper,
Thanks for the suggestion - we have already done this though.
I was mainly interested in why we were flagged in the first place, and if there is anything about our cart page or checkout process which would make McAffee want to have us flagged as malicious.
Could someone take a look and give feedback? It would be most appreciated!
Thanks,
Another site that was red on jan31 is now fixed so you should get feedback any day.
I spent several hours on this yesterday and I did not find anything obviously amiss. However, that checkout page has a lot of javascript running on it from third parties, and I would say that it's some external content that was causing a problem. Certainly I noticed a lot of GET commands that used HTTPS but also many POST commands that were using HTTP. Part only of the site uses HTTPS (the home page does, so does one of the checkout pages).
I saw no warnings anywhere about insecure content on secure pages, but I came across several issues of lesser importance. There's a problem with Olark, for instance, which I found discussed in detail on GitHub (with a response from an Olark developer). There are four, perhaps five, trackers on that checkout page, along with analytics code, which complicated the investigation. I suggest you run the program in different browsers and examine the consoles in each to see how many errors and warnings you get. I couldn't see anything that would rate as Critical.
I can't be more specific about what I found because I left the investigation last night and put the system into hibernation, and today there was a power failure so I lost all my work-in-progress. I don't have time today to repeat it all.
Edit - I found the GitHub threads :
One of the error messages is "[framesocket] timed out while flushing to persistent storage application"
https://github.com/reed/turbolinks-compatibility/issues/1
https://github.com/rails/turbolinks/issues/166
As I said, nothing Critical here. But the error does occur multiple times on each page load.
Message was edited by: Hayton on 03/02/14 03:21:45 GMTHi Hayton,
This is very helpful. Thank you very much!
Sorry I couldn't give a definitive answer to your enquiry, but basically I saw nothing to give a Red rating except the likelihood that 3rd-party content - javascript, possibly - was to blame. TrustedSource/SiteAdvisor is especially sensitive to any code or content that's encrypted, and sometimes that gives a false positive.
No worries - this is good feedback!
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: