cancel
Showing results for 
Search instead for 
Did you mean: 

Any tips for diagnosing poor Trustedsource web reputation?

Hi,

Just joined so hope you'll bear with me

Is there any way to diagnose why my site bell-tower.org.uk has a poor web reputation?  The site itself seems completely clean but SiteAdvisor blocks it, apparently only because it has a poor Trustedsource web reputation, which causes it to be classified as malicious.  Have tried various checkers - Google, urlquery.net etc, and these give the site the all clear; only Sucuri SiteCheck says "Site blacklisted, malware not identified", which doesn't exactly help me much (and may be derived from Trustedsource data anyway?  Don't know).

I have already raised a ticket and hope to get the blacklisting lifted soon.  In the meantime is there anything else I can do to diagnose the problem, or is it just a false positive?

TIA!

David.

7 Replies
Highlighted
spc3rd
Level 10
Report Inappropriate Content
Message 2 of 8

Re: Any tips for diagnosing poor Trustedsource web reputation?

Hello David and welcome to the Forums!

     Thus far, all I can find is what Trusted Source is showing which dates back to approximately July 16th;  Nothing else really jumps out at me.  The hosts-file.net site indicates your website "failed to resolve", but does not display a red warning about it. 

Since you have already submitted a ticket to the SA staff, they will further advise you once they've been able to conclude testing of your website...which can take a little more time than expected, given the large number of websites they test every day.  We do have some more knowledgeable Moderators and members here who may drop by to offer you their respective input.  You can always email SiteAdvisor support to check on the status of your ticket.  (I would give it at least 5 days before inquiring).

Message was edited by: spc3rd on 7/26/13 3:45:43 PM EDT

Re: Any tips for diagnosing poor Trustedsource web reputation?

Hi Pete,

Many thanks - as far as I can tell the site is completely innocuous (it's just a few manually coded (and W3C verified) HTML pages with a couple of harmless bitsof Javascript and I've been running it for over 7 years now).  Links to it from Facebook were suddenly inexplicably blocked a few months ago and I ran a few tests then.   It was only today when a colleague with SiteAdvisor on his laptop noticed that it as blocked that anything has been flagged up.

Tried hosts-file.net and it gave the site a clean bill of health for me (well it said it was not on their list, and I think no news is generally good news).  Also ran it through VirusTotal which shows 30+ sites saying it's clean and and a handful without a rating, no problems found.

So all I can guess is that this is likely to be a false positive - it's just a pity the algorithms used by TrustedSource are so obscure so it's really hard for the webmaster to diagnose a poor rating (I noticed a link to a white paper on this but this doesn't work now)!

Many thanks,

David.

spc3rd
Level 10
Report Inappropriate Content
Message 4 of 8

Re: Any tips for diagnosing poor Trustedsource web reputation?

You're quite welcome, David!

     It sounds like you have a reasonably good handle on places to check your website for abmormalities.  The SA staff should be able to clarify things further and in the interim, perhaps one of our other more knowledgeable people, such as, Moderator Hayton may drop by if they have any additional information to provide you with.

Re: Any tips for diagnosing poor Trustedsource web reputation?

...and I've just entered the full URL (including the address of the actual server which hosts the site, rather than my domain) into SiteAdvisor and this comes up completely clean.  All this is increasingly pointing to a false positive, I'd say.  Let's see what the McAfee folks come up with.

David.

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 6 of 8

Re: Any tips for diagnosing poor Trustedsource web reputation?

I've been monitoring the thread but didn't have anything new to contribute. @dneale123, you've run the same basic checks that I already did. Nothing to report.

Something you said in your previous post

HTML pages with a couple of harmless bitsof Javascript

rang a bell (sorry, pun not intended) so I bypassed the warnings and went to the site in Chrome, then opened up the Javascript console to have a look. I see nothing in the page code that looks out of the ordinary, on any of the pages I looked at.

However, there were two errors in the console relating to Google Analytics and to the Twitter widget (see below). First, I didn't see any Twitter logo on the home page; and second, there was a discussion a while ago about a re-styled Twitter logo which was being delivered via an iframe. SiteAdvisor doesn't like iframes, so I wonder if that's causing some of the problems that are being reported today? As for Google Analytics, it has caused problems in the past on some sites, but the blame for that was largely placed at Google's door. I don't know if that is relevant here.

I checked AdBlock and Abine's DoNotTrackMe for the main page and each of them was blocking a script for Google Analytics and for Twitter. After I suspended the blocks I saw new blocks of javascript in the console and yes, the Twitter badge is apparently being delivered via an iframe created dynamically by the javascript code. This method is deprecated, and it has caused recent problems. I am fairly certain that the Twitter badge problem is occurring on some other sites we're seeing.

In the code below line 13 sets up the iframe. Line 15 is the one that is problematical. What you can't see is the very long list of hashtags and tweets that it contains, many of them in non-Ascii characters. Depending on the encoding used I think it might be possible to infect a webpage with malicious code by sending it via Twitter. The iframe is just acting as a conduit for whatever gets tweeted.

Bell Tower in Chrome 2.PNG

Edit - The Twitter logo-in-an-iframe  may not be the reason after all. I was right about SiteAdvisor objecting to it, but in a previous thread (here) there is a screenshot of the block and it's just a black SiteAdvisor warning banner at the top of the page. So the underlying cause of the Red rating may still be unknown.

Message was edited by: Hayton on 26/07/13 23:31:24 IST

Message was edited by: Hayton on 26/07/13 23:43:39 IST

Re: Any tips for diagnosing poor Trustedsource web reputation?

Thanks for the advice, Hayton - typical that the main vulnerabilities are through third party widgets that we can't control (I've also just run the site pages through the W3C markup validator again and it's only the new Twitter widget that gives any errors too).  Looks like I'll have to leave this one in the hands of the McAfee folks for now.

Edit - have just gone back and rescanned using Sucuri, which was the only other site to flag anything up.  Sucuri's more detailed report suggests that the only reason they've flagged the site as blacklisted is that it's blacklisted by SiteAdvisor.  So hopefully once it's been reviewed it'll have a clean bill of health everywhere.

David.

Message was edited by: dneale123 on 28/07/13 03:02:09 CDT

Message was edited by: dneale123 on 28/07/13 03:02:35 CDT

Re: Any tips for diagnosing poor Trustedsource web reputation?

The site has now been reviewed and given the all clear, now categorised as non-profit.  SiteAdvisor, TrustedSource and Sucuri all show it as clean now.  Many thanks for your help.

on 8/3/13 3:21:01 AM CDT

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community