6 Replies Latest reply: Feb 9, 2012 3:19 PM by Hayton RSS

    Site is showing Yellow mark of risk...


      Website http://www.punefast.com is showing a Yellow exclaimation mark and says its risky! There are no files/ data except the default welcome page.

      Is there any way to check and remove the threat, if any?


      Help is much appreciated, as the domain is likely to go live soon.




        • 1. Re: Site is showing Yellow mark of risk...

          Hello sarjya and welcome to the McAfee Community Forums,


               Until some of our more knowledgeable forum members/Moderators can arrive to review your post, may I suggest you please have a look at the information via the link below which was provided by Moderator Hayton in another post similar to yours.  When you get to the page via the link below, please scroll down the page and read the information under the heading entitled, "How to contact SiteAdvisor."


          (From what I see thus far, McAfee's Trusted Source is rating your site as medium risk, though the reason is unclear to me).  I also see nothing adverse being reported in VirusTotal, WOT, or Hosts-file.net.






          Message was edited by: spc3rd on 2/9/12 7:29:40 AM EST


          Message was edited by: spc3rd on 2/9/12 7:30:30 AM EST


          Message was edited by: spc3rd on 2/9/12 7:37:10 AM EST
          • 2. Re: Site is showing Yellow mark of risk...

            I tried it with a PC with no Mcaffee installed on it. I got the same thing.  This is what I got.



            Are you sure you want to go there?

            The link you clicked is taking you to: http://www.punefast.com/

            McAfee tested this site and found files that contain viruses, spyware, or other potentially unwanted programs.

            Read the site report

            • 3. Re: Site is showing Yellow mark of risk...

              Peter C and flogger,

              Thank you for the prompt response!


              Yes, I can understand the threat.. but I have no file except the default HTML which the hosting company set after the site hosting. So still have no clue, what's wrong.

              FYI, the domain was with someone else till I baught it last year.. Sometime back, I check, it was redirecting to other sites. So added a hosting to this and now this Risky Flag is there.


              I am stucked at this point.


              Thanks for the response and help.




              • 4. Re: Site is showing Yellow mark of risk...

                I'll check this later today

                • 5. Re: Site is showing Yellow mark of risk...

                  TrustedSource marks this as a Parked Domain and gives it a Medium Risk rating. I've checked the source code for the default landing page and there's nothing in the code itself to give rise to any concern. However, there are links in there to dreamhost.com, and the site is built using Wordpress, and both of those have been compromised over the past couple of weeks. Maybe that's the reason for the warning flag. I'll look up the details of those attacks and see if they might affect you.


                  If you would like TrustedSource to look into this and perhaps manually reset your site's rating (after running the usual safety checks) you will have to contact them through the usual route :

                  If you want to address an issue with a web site in Site Advisor, that is based on McAfee's Trusted Source Web Reputation, please go tohttp://www.trustedsource.org/en/feedback/url and use the web form to contact the Trusted Source team.


                  If you want to track your requests or be notified via email, you can register for a free TrustedSource.org account.


                  • 6. Re: Site is showing Yellow mark of risk...

                    We can ignore WordPress, I think, as playing a part in this. Only websites built with an earlier version of WordPress are at risk, and yours appears to have been constructed using the latest version.


                    The most likely reason for the Amber warning is the potential problem with Dreamhost, where some infected sites redirect users to Russian sites. See this article from Threatpost, and this one from Zscaler.


                    You will probably find that your Dreamhost password has been changed (see article).


                    You will have to work with TrustedSource to get the rating changed, given the nature of the potential (but in your case, not actual) threat.



                    Edit : More stuff you need to read -

                    http://www.zdnet.com/blog/security/dreamhost-hacked-mass-password-reset-issued/1 0175


                    http://blog.sucuri.net/2012/01/dreamhost-security-issue-prompts-ftp-password-res ets.html


                    http://www.dreamhoststatus.com/2012/01/20/changing-ftpshell-passwords-due-to-sec urity-issue/


                    Message was edited by: Hayton on 09/02/12 21:19:21 GMT