cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Our website is still under construction and we have already fallen victim to McAfee's False Blacklist episode

Sorry if I seem a little flustered.  Two of our volunteer testers have reported that our site contains virus as they called it!  We ran various checks online and locally which was clean.  AV Clam came up with a false positive which was verified by our host company(pickaweb) who confirm no problems with our site. 

Interest in knowing why you guys feel the need to deter people from visiting our site before launch.  Its a community based auction site for people to buy and sell locally!

Please respond ASAP as we will want to officially launch without a bad taste in our mouths

Thank you in advance

Steve C

www.sloughbay.co.uk

7 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 8

Re: Our website is still under construction and we have already fallen victim to McAfee's False Blacklist episode

Oh, right, I see this too. In IE for some reason the blocking page won't let me continue to the site. Switching to Firefox, where SiteAdvisor is out of action, to check for scripts and geolocation info ...

In Firefox, your site is up, CPU is running at 99 per cent which is definitely a bad sign. Will have to kill this and come back in a bit

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 8

Re: Our website is still under construction and we have already fallen victim to McAfee's False Blacklist episode

Definitely something wrong here. Firefox ran at 99% when your site was up. The only way to reduce CPU to normal was to use NoScript to class you as a Forbidden Site - ie, no scripts allowed to run.

LinkExtend shows a very large number of javascript files. There may be a problem in one of them, or it could simply be that you need to optimise the site. The SiteAdvisor block leads me to think that there's something in the code you need to review. I'll see what else I can find - there are specialist checking tools I put away for occasional use which are hiding somewhere. One of those might help.

Edit - Run it in a couple of different browsers in Developer/Testing Mode. Check the Error Console in each. Firefox is showing some errors but because I've had to disable so much of the scripting I don't know if I'm seeing all the errors or just a subset.

Message was edited by: Hayton on 20/11/12 20:48:33 GMT
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 8

Re: Our website is still under construction and we have already fallen victim to McAfee's False Blacklist episode

For starters, you should correct the following errors detected by the W3C Validation Suite :

HTML5 Validation (86 errors, 15 warnings)

Notes and Potential Issues

The following notes and warnings highlight missing or conflicting information which caused the validator to perform some guesswork prior to validation, or other things affecting the output below. If the guess or fallback is incorrect, it could make validation results entirely incoherent. It is highly recommended to check these potential issues, and, if necessary, fix them and re-validate the document.

  1.       Info Using experimental feature:          HTML5 Conformance Checker.   

    The validator checked your document with an experimental feature:        HTML5 Conformance Checker. This feature has been         made available for your convenience, but be aware that it may be unreliable, or not perfectly        up to date with the latest development of some cutting-edge technologies. If you find any issues        with this feature, please report them. Thank you.   

     

CSS Validation (33 errors, 1164 warnings)

Link Checks (5 errors, 57 links prevented by robot exclusion rules)

The large number of Javascript files makes your home page very slow to load and leads to excessive CPU usage. The results of one webpage loading analysis can be seen at http://www.webpagetest.org/result/121120_MF_NW1/ - click on the Waterfall on the left side for a detailed view. See also the Performance Review and Page Speed optimization Check - your site scores poorly on both.

I also found the following in two of my old posts about slow performance on this site -

There is a thread on the Jive forums about Javascript and performance problems which makes the point that slow loading can be because a firewall is examining all the Javascript that it finds during the download. Quite possibly, when any Javascript code on the webpage gets activated after the download, the AV software again kicks in to monitor it.

< ... >

... One piece of advice I noted was that javascript files cannot be executed concurrently with anything else, especially not with other javascript files. Makes sense, if you think about it. They have to be run - that is, interpreted - separately, sequentially, and slowly (interpreted scripts run slowly, relatively speaking).

If that is actually the case, having lots of javascript on your site might give rise to problems when it's passed to the anti-virus script checker. Maybe that's what's happening here.

None of which explains why SiteAdvisor is blocking your site, of course. In fact the block is because of an unexplained Medium Risk rating on TrustedSource, which otherwise has nothing to say about your site. The IP address gets a no-risk rating from TrustedSource but I haven't checked it yet elsewhere. For the moment check the site coding, it's the most likely source of the Yellow rating.

Highlighted

Re: Our website is still under construction and we have already fallen victim to McAfee's False Blacklist episode

Thank you for all the effort that has gone into replying.   I'm very impressed with that indeed. Just a couple of points.

  1. We have run tests on 7 independant computers and devices and none of them have reported  this cpu spike at all. infact this has never been the case or been reported by any testers.  Infact the pc I am using was used to test site before writing this and showed before and after results of 34% upto 36% which is only a 2% increase after viewing. Please check your source again as knowone todate has experienced this!!??
  2. Memory usage of our site is 18.3mb with minimal fluctuation.  Nothing to suggest problem.....  bearing in mind the type of site this is! It is using a similar script to ebay
  3. You must remember this website contains the best Joomla based auction script on the market to date. first developed in 2006 with extensive revisions and users across the globe. (pricey too)
  4. Multiple javascript calls does not equate to threats to the public and even if as you say this site which is still under construction loads slower than average is not a reason for scare monger my would-be visitor (again this is a fully automated auction site so will have more functions to call) . Incidentally I have loaded site from mobile phone with no problem at all.
  5. Those errors and warnings you mention? seriously guys!  That is all CSS layout like 'dropping a bracket' non politacal design layout.  Shouldnt even be on here and its all beginning to sound like rhetoric!
  6. Like you correctly say there is no VALID reason why mcafee.com can randomly flag this. If there is a security risk please show us instead of showering us with maybe's or take it off otherwise it is kinda slanderous.

I'm not saying were not grateful for your help here but none of what you proclaim suggests a good reason to be singled out.  We have tested script - no threats.  host checked - no treats. online checks - no threats. ...  and you havnt actually told us of this risk.

Is this guilty until proven innocent? 'unexplained medium risk' my lawyer will have a field day with this. lmao!!!

Thanks again  very much for all the responses today. genuinly impressed.  I will be using those points you made and bookmarking the links for future references.

Nb.  I have just temp. disabled the facebook and twitter plugin to see if this makes a difference to your test

Kind Regards,

Steve

Message was edited by: steven_c on 11/20/12 6:23:09 PM CST
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 8

Re: Our website is still under construction and we have already fallen victim to McAfee's False Blacklist episode

https://www.siteadvisor.com/sites/www.sloughbay.co.uk

sloughbay 1.JPG

http://www.mcafee.com/threat-intelligence/domain/default.aspx?domain=www.sloughbay.co.uk

sloughbay 2.JPG

SiteAdvisor took its rating from TrustedSource but TrustedSource seems otherwise to have no information about your site. Nevertheless it gives it a Yellow warning, which means Medium Risk only. I can only surmise that TrustedSource has picked up an alert from an external source, but I haven't been able to find anything about your site elsewhere.

http://www.siteadvisor.com/webmasters/index.html

Why Is a Site Rated Yellow?

Sites are rated yellow when, in our judgment, the site exhibits behaviors or has a history that we believe SiteAdvisor users would want to be aware of before or during a visit to that site. However, for yellow sites these factors are not as acutely severe as they are for a red site, or there are other mitigating factors that weigh in favor of a yellow rather than a red rating.

Many site scanners evaluate scripts on a website for threats and this does occasionally trigger a false positive alert, and your site has quite a lot of javascript. I had previously checked the site with the usual site-checking tools and they did not show any problems, so I was looking for a reason for a false positive. I thought I might have found one. The IP address certainly doesn't appear to be the cause of the rating, and I can't find any other sites with similar names that might have caused TrustedSource to flag you as a phishing site. If the site code is not at fault, the reason remains unknown and your best bet is to contact TrustedSource and ask them to explain why the site has a Yellow rating. Details of how to do so are here.

(As for the high CPU during download look at the CPU usage graphs on the webpagetest.org output. The Dublin server was used for this test, and although it runs IE7 - IE9 (so is probably Windows 7) it may be a few years old. That sort of CPU spike commonly occurs on older machines, and I do all the site testing on an old Dell precisely because it shows up potential performance issues. Also, as I mentioned previously, antivirus programs will scan scripts before they execute and this can lead to considerable extra processing.)

Highlighted

Re: Our website is still under construction and we have already fallen victim to McAfee's False Blacklist episode

Thank you for help and advise. Greatly appreciated

Looks like its come to a dead end here.  I cannot launch my business with this misleading message coming up.  I cant convince my testers theres no danger so how can I convince the general public??

I will be persueing this heavily.

Thank you Hayton...

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 8 of 8

Re: Our website is still under construction and we have already fallen victim to McAfee's False Blacklist episode

contact TrustedSource and ask them to explain why the site has a Yellow rating. Details of how to do so are here.

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community