Welcome to WebmasterWorld Guest from 54.166.172.33

Forum Moderators: Ocean10000 & incrediBILL & keyplyr

Message Too Old, No Replies

cyren.com

     
7:04 am on Feb 4, 2015 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11112
votes: 661




UA: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0"
Robots.txt: no

Site says "Cloud based internet security systems"

commtouch.com / cyren.com
216.163.176.0/20
216.163.176.0 - 216.163.191.255

This bot may be scraping URLs posted on Twitter.
8:05 pm on Apr 16, 2015 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Jan 26, 2014
posts:197
votes: 0


I've had a few visits from these guys recently. So far I think they're the good guys.

From their website:
Protect against known and previously unseen malware our superior detection is based on a combination of heuristics, signatures, and CYREN GlobalView Cloud detection, specifically tailored for Android

They didn't trigger any of the dozen or so behavioural traps I use, so they remain unblocked on my site.

Some security products follow users around and check the pages they visit. I have two visits from them today, both requests for my home page.

Impersonating Firefox/27 and not reading robots.txt seems reasonable if you are effectively proxying for a human. If they crawl a site, that's different.

I'm assuming their visits are accompanying a visitor who's using their service. If they keep on coming indefinitely that's also different, because it means that the traffic they generate is no longer proportional to my human traffic, and that's where I start to object.

Benefit of the doubt on my site.
10:06 pm on Apr 16, 2015 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11112
votes: 661


Well their hits *did* trigger one of my behavioral traps (can't remember which) but upon further consideration, I am allowing them for the moment, especially since they say they are "tailored for Android."
12:07 am on Apr 17, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 5, 2005
posts: 2038
votes: 1


I'm turning them away till I know their purpose. In late Feb., two appeared on radar generating 404s (seeking case-sensitive pages as lowercase) on two different days.

216.163.188.236
216.163.188.239

(keyplyr, re your OP: Did the UA have a quote at the end? Mine didn't.)
12:39 am on Apr 17, 2015 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11112
votes: 661


Sorry, early onset Alzheimer's

(which will be my excuse from now on, if I remember to use it)
2:42 am on Apr 17, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5485
votes: 3


Had a data inquiry on a specific widget on Jan 2nd (with a request for copyrite use from a person writing a book). I provided links to two topic related pages and the pages were immediately crawled by this I, and using the same UA keyplr provided.
In summary, it appears the person simply uploaded the pages to a cloud.
3:06 am on Apr 17, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:14599
votes: 595


Some security products follow users around and check the pages they visit.

I've never understood these. "Hey, you know that site you visited three seconds ago? Well, turns out they gave your computer an incurable virus." If the user has already been to the site and downloaded all supporting files-- including ones the security program doesn't ask for, because nobody in human history ever disguised malign activity behind a .jpg extension-- isn't it too late?

But then, I never understood royal tasters either. Poisons don't act that fast.
3:15 am on Apr 17, 2015 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11112
votes: 661


This type of thing has been going on for years. The user has either a browser plug-in or is using a tool bar, so that's how the URL is captured by the service. In this case, they pretty much tell you they are installed on Android devices, so there it is, mystery solved... now back to my dementia :)