Forum Moderators: open
I recently had some page visited from an IP address owned by TREND MICRO INCORPORATED.
The page it requested is inside some protected intranet that in priciple no bot can see, unless it is hooked to some browser.
The problem is that it does not transmit correctly cookies, then the session is lost, and this causes errors in my system.
What should I do in such case? Completely ban thos IP addreses? Any consequence?
However, if they are presenting compliance issues for you website (s), I wouldn't hesitate to deny their access.
The only foreseeable consequence would be in Trend users that conform to their approved sites/pages.
Jim
I understant, but it is the user's problem.
As soon as his filter is calling pages omitting the url parameters, or using POST instead of GET, or requesting pages in a protected area, it causes errors on my site, and worse, it compromises what the user is trying to do. So I banned the whole IP range of Trend Micro.
If the user needs to check the site for whatever, it is his responsability to use something that does not interfere with the site he is visiting.
As developers, we have enough work trying to be campatible with all browser flavor, we cannot also consider all kinds of tools, addons and suckers hooked to the visitors browsers.
>> Therefore, you should allow access, but not consider Trend's request to be part of any session
This is just impossible. If they are calling a page which absolutely needs what's in the session, I just can't process the request, period. My only choice is to let the system report an error, or close the door.
>> -- just as you should not require any search engine spider to support sessions...
With robots I have no problem, they never request pages refered as action in a form, neither they request pages beyond a login page. Trend Micro does, too bad for them.
As schnee says, it's the user's problem if they use duff software.
Any safety checks (which I assume this is) should be done on the visitor's computer at download time, not by intermediate reads. Remember the hassle with AVG8? And if their hit actually IS the download, their headers are unlikely to result in a proper page formatted for a browser.
This isn't the only company doing this but for some reason, possibly connected to "security image", they always seem to screw up the headers or get something else wrong.
This is a content filter/security application, and no matter how badly it might be coded, it is not a malicious 'bot/scaper/exploit-seeker...
Please redirect theses visitors to me. I'd be glad to sell them something. :)
Jim
If they are NOT pre-digesting the page content but merely acting as a proxy then how difficult would it be to get the proxy correct? Thousands of site scrapers manage it.
Unless it's a really bad bot I offer a form for people to complain. It's up to them.
Please redirect theses visitors to me. I'd be glad to sell them something.
Please provide URL or would Dallas be close enough ;)
And if the user is inside a corporate network, and has no knowledge of Trend Micro's actions, no idea of how to turn it off, and no admin privileges to do so?
Come on Jim, don't allow this sort of garbage to prevail!
The more legitimate sites that start blocking sources of illegitimate requests could one day in the future cause people writing that buggy junkware to fix their stuff.
Just imagine if Microsoft or Apple blocked Trend Micro and suddenly millions of users get cut off because of Trend, it would hit the fan, it would get resolved.
Sadly, they don't seem to care about malformed page requests so maybe thousands of rogue webmasters standing together for online excellence can create the same impact.
Come on Jim, block 'em!
I'll send e-mail to complain and post technical critiques/flames on forums about Trend, but I won't block their innocent/naive users intentionally. I keep in mind the literal meaning of "client/server," and that I and my site play the rile of 'the server' -- the waiter, le garcon, the servant, and not 'the all-powerful Web deity' who merely deigns to tolerate lowly customers. The tips are much better that way...
Now let's see if Trend Micro is doing any 'brand monitoring' and shows up here to find that we're complaining about their p-poor implementation like AVG did with their LinkSpammer(tm) fiasco.
dstiles,
Filters can either be 'in the pipe' between your site and the user, or they can be 'side-cars' which are not in the direct request path, but come around after the fact to 'check-up' on users. In this latter case, they're generally using the analysis result to update blacklists, and to send 'fire this guy' messages to corporate managers.
Jim
I don't block them to force them to fix their problem.
I don't give a damn if their product works or not.
I'm concern with MY application, and if some IP is calling randomly pages in some part of an application in such a way it causes an error on my side, just too bad, I don't want to here about it anymore.
Apparently, Trend Micro is calling addresses from the user's browser, but from some different IP, with no parameter, no cookie, no session, just like if it was some flat static HTML. I'd like to know what moron developed this stupid thing assuming it could work for every site.
My application is a complete convention registration system including on line payment; one can imagine one cannot read any page any time in the system and get normal result.
Furthemore, the idea of calling pages from an identifiable IP address is kind of retarded. If I was running some sex site, I would systematically return to them a page about some cooking receipie, and bye ;-)
Jim
I do return something sensible, something like "You have no access to this site, because your browser is causing problems" or something equivalent, plus a field they can enter their address and ask for explanation.
Frankly, I have more important things to worry about.
If the user wonders why the site of his professionnal association is blocked by his addon, he will have to ask himself why?
And if he asks me, I'll tell him.
But it's not my resposability to debug their product, not even to report problems. I had enough work just dealing with the problem they caused me.
Thousands of Webmasters are fooling themselves if they think that blocking is going to cause Trend Micro to fix their stuff... As far as I know, we're not Microsoft or Apple, unfortunately.
Don't dismiss the power of the masses.
Brand monitoring just WebmasterWorld wouldn't have caused AVG to fix squat.
The thousands of servers redirecting requests back at AVG and tons of complaints that escalated into the mainstream news is what made AVG bend.
I agree with schnee, it's not our business to debug their crud nor mess with our servers while they do it.
