Trend Micro blocking my site, my PayPal forms, my URLs, Emails & Trend Micro Spam Filters

Due to Trend Micro blocking my site, my PalPal redirect forms, my emails in Trend Micro spam filters and my URLs in emails and web traffic requests I can now advise you on how not to make this mistake. Don’t let this happen to you.

Trend Micro will block your site in the browser, block your web traffic at the server level, your URLs in any emails and send your emails to the Trend Micro spam folder if you make the mistakes that I did. It was not Trend Micro’s fault, my payment software or anything I did. Trend Micro blocked me because I was at the wrong place at the wrong time.

NOTE: This is NEW information that no one else has. Read this thourghly!

When Trend Micro blocked my site

In September Jennifer Horowitz sent a recommendation of my product, Social Marketing book to her email list. We had a very poor response rate and and I began to think her email was not getting past spam filters.

Then one of her subscribers sent me this screen shot of Trend Micro wrongly blocking my site.

Click the image to see it full size, this will shock you.



image of trend micro blocking my site in the browser

I was stupid enough to ignore this and simply believed it was a very minor issue due to the redirect to PayPal in my payment software. Big mistake. More like a $20,000 mistake.

Trend Micro is currently the most purchased Window software there is as reported by Cnet just last week.

As time went by it got WAY worse. More and more payment attempts were being abandoned and comments on my blog and email click thru rates plummeted. Two three week periods passed without a sale and I began to really worry. At the same time my mind really went to work on this.

Meanwhile I was using all the skills I have to track down what I believed was a new spam filter blocking my emails. I enlisted the aid of even more experienced email pros to help me and they could not find the source. Neither could my GoDaddy host or AWeber, my email list provider. No bounce messages, no FBL reports, no nothing.

That was when I began to think it was a client side spam filter and something new to boot.

Then about a week ago I remembered the screen shot, in the end that Trend Micro blocking screen shot was my savoir.

Trend Micro says keywebdata.com and Chris Lang are innocent of any phishing, undesirable, dangerous or malicious activity or wrong doing.

Chris,

Just saw you called sorry I am in a meeting on various things at the moment. Either way I figured I would email you as I saw your email this morning when I logged on. I quickly read over the questions but will go over in more detail later and answer those that I can for you.

As for our analyses of your URLs we found no malicious activity so it looks to just be a False Positive.

The two entries that we found for being blocked where from the web traffic on our side the weird part is we only see the 2 and without the logs from an actual user we can’t determine what exactly happened.

For your blog you can put that it was a false positive by Trend Micro and that we have verified that no malicious activity was found.

Again I will go through each question a little later and reply to those that I can.


This is the email I received back today.

Below is the synopsis of what the next phone conversation produced. I want to stress that these are facts as told to me by my Trend Micro contact in charge of the team that investigated the keywebdata.com blocking.

Why did Trend Micro block my site and how can you avoid it

First off the best indicator of something going on are subscribers clicking the spam button in web email. Why are they doing that? Because they just saw a big freakin huge banner like the screen shot above. What else are they going to do when their anti virus software just screamed and yelled at them to never go to your site again?

After 8 straight days of working 20 hours a day, today, October 27th, I have gotten to the bottom of why Pc Cillin warnings were displayed and Trend Micro Internet Security and Trend Micro anti virus blocked my site.

I just got off the phone with my Trend Micro contact.

Keywebdata.com was flagged in the browser, in Internet Explorer 6 or 7 and blocking began.

At that point my site and payment forms were reviewed by Trend Micro.

Due to a unsecured form, submitting to my server, then redirecting to a PayPal CGI bin URL my site was deemed indicative of a Phishing site and blocking occurred.

This did create global blocking of my domain at both the server level and the end users of all Trend Micro Internet Security products.

Any email with my URL in it was blocked by TM and possibly Yahoo, Gmail and Microsoft, both at the browser and email server level.

Also any web traffic passing through a data center with Trend Micro filtering software installed would have blocked the traffic right there too. This may be why so many of my emails never arrived.

Any http request from a browser resulted in the screen shot image being displayed.

Any traffic crossing the Trend Micro server level software resulted in the request not being passed and the request to my server was not completed. In other words if a link to my site was clicked it would not result in the request either going thru to my server and no HTML would be displayed.

No footprint of this blocking is visible in server logs because the http request (http link click) was denied at either the home user end client or at the server leval. So, even if you do pull your server logs there is not footprint to show that you are serving lots of pages and getting no browser page views.

It would do no good to pull server logs because no request for a page would ever make it to the server.

Trend Micro is looking into if they will release numbers as to the end user blocking numbers for keywebdata.com

Basically I am going to have to pick myself up, dust myself off, learn from this and move the heck on.

TM does agree and is willing to suggest that using any HTML form that is submitting to any payment provider without using HTTPS protocols will draw the ire of anti phishing software. This also means Microsoft Internet Explorer anti phishing filters.

What can you do if Trend Micro PC Cillin blocks your site?

Step #1

First of all, I now have extreme knowledge of this and can check your site to see if it is blocked. To learn how to get your site unblocked and protect your new sites from being blocked, I have detailed instructions at this link.

If you are being blocked I can navigate thru the process of getting and investigation started and if you are innocent, get the blocking removed. Do not email me to death just to see if the site is blocked. If you experiencing problems I will help you.

Step #2

First of all, stop sending any emails with your domain URLs in it, don’t send any email to your email lists and pull access to any payment forms.

If someone tries to buy and gets a phishing warning you have just lost any possibility of a future sale.

If your list gets an email from you and anyone has seen the phishing warning on a previous visit you can bet your last dollar they are going to mark your email as spam and any others they may get.

Lost sales now are nothing compared to losing most of your list and further email blocking. I did not catch this early enough on and lost a list with 2500 hard earned subscribers on it.

Currently there is no feedback loop from Trend Micro and my contacts tell me they are considering adding this so that we are directly contacted should a new script on our site suddenly trip a Trend Micro red flag.

You will also want to keep your hosting provider in the loop so that there are no issues with your domain or site. Call them and create a help desk case number. Then email the abuse@YOUR HOSTING address and document every step of the way using the case number. It can come in handy if anyone sends false accusations their way.

Save every email, document everything and keep records of everything that occurs.

Step #3

If you are using payment forms generated by IPN scripts that submit to PayPal for payment then get them changed to using HTTPS protocols in the form tag. Don’t worry about forms created by PayPal, they are sending to PayPal URLs. The problem lies in forms that submit to your domain and then the server redirects to PayPal. That is what started my tale of woe.

You will need to add a SSL certificate to your site and your host can take care of this for you. Just give them a call.

Step #4

Then we will need to get Microsoft, Yahoo and Gmail to remove any blocking as well.

I can get this underway for you as well.

Step #5

Once you get this cleared up and your site free of any negative indicators you can resume mailing to your list and you should be in good shape. I am.

I do want to thank Paul Myers who kept me calm and supplied great ideas to get through out this. Above all he told me to handle myself professionally and calmly.

I want to thank John McGowan who dealt with the yelling and screaming portion of this little odyssey.

13 Comments

  1. Posted October 28, 2008 at 9:28 am | Permalink

    Great info Chris! Thanks for warning us all…one thing, there are many newbies who wouldn’t know how do do all the changes you are saying need to be done, nor would what you mentioned make sense. Its still pretty advanced for some newbies…I can see a small product for you here to make this easier for the newbies!

  2. Chris Lang
    Posted October 28, 2008 at 9:52 am | Permalink

    One of my subscribers emailed me back and I ran him past Trend Micro and he was in good shape.

    What I did catch was that he was sending his payment URLs in TinyURL links. Definite spammer signature, don’t send comercial links in TinyURL. Just because Twitter uses it does not mean we can.

    A good rule of thumb is DO NOT do what spammers do.

  3. Posted October 28, 2008 at 10:00 am | Permalink

    There are things to be learned here, but stop and think about this more fully.

    Let’s say you began having problems in the first week of September, if you would have immediately went to work to resolve those problems and they seemed to be fixed by the end of the week or during the next week… you most likely would have figured the problem was resolved and dropped any further investigation. Why wouldn’t you? You would have been bringing in money from sales and consulting, and your email was flowing again. Those are sure signs a problem has been fixed, but the real problem may have still been their with Trend Micro and no one would have been aware of it. Meanwhile you may have been nailed again with problems, or someone else who you may or may not ever run across might have developed the same symptoms. Once again people would have worked to resolve the immediate problem and the real problem may have been missed.

    It’s too bad you were the one that this happened to, but it might have been a good thing you were hit with this problem for not everyone would have been aggressive and obnoxious enough to go the whole 9 yards, you know. It may have been months or years before the real problem was revealed, meanwhile many internet marketers and bloggers may have been doomed to suffer unnecessary problems.

    I don’t condemn Trend Micro in this affair, judging by what you wrote they were victims of a policy or program as much as you. The people at Trend Micro should be commended for going to the extra work of finding out a solution, instead of simply providing a set of well rehearsed excuses from some worn out book on handling customer complaints. This type of behavior by Trend Micro makes me want to deal with these people, instead of finding someone else to deal with.

    I applaud your stamina is sticking with this and your ability to use what you know to help others. I don’t see where turning this into some blog post or e-book would benefit people the most for not everyone reads and comprehends equally well. I could foresee many out there wanting to rip apart your findings because they don’t understand it or they simply are of the nature to bash… in this way you could help a wider group of people by taking what you learned and doing it yourself for them. I am sure the people at Trend Micro would rather deal with one person than 10,000 too. lol

    Chris, inside of this dismal cloud is definitely a silver lining. As usual the storm clouds appear at the most inopportune times, but in the long run it may be for the best.

    I personally think it would be a great idea to do an Internet Radio show about this, maybe set up a weekly broadcast where users can email or IM their comments and questions… as well as call in. Maybe someone at Trend Micro would see fit to be your first guest.

  4. Posted October 28, 2008 at 2:02 pm | Permalink

    Thanks Chris for not only taking the time to research the problem, but to share your situation and the solutions. Being a “techie dummie” if that had happened to me, I probably would not have known what to do.

    Thanks again for providing this great insight into a potential danger for any internet marketer, and also solutions, help, and support.

    Sunny Rivers

  5. Jonathan
    Posted October 28, 2008 at 2:18 pm | Permalink

    Glad that Trend Micro is doing blocking etc – an inevitable result of shite behaviour by spammers

    If it was me, I would just co-operate with Trend Micro.

    But I reckon that other more agressive folks would realise that putting people out of businesss without good cause is also the basis of a large class action suit.

    JG

  6. Posted October 28, 2008 at 5:19 pm | Permalink

    Chris,

    I am sorry to read about your problems and hopefully the problem will be resolved for you and everyone else this affected quickly. I am sure you are not the only one affected in some way over this. That effect may be having actual problems, similar to yours, or it may have caused the “CYA” factor where certain people see a potential problem and simply wants to cover their own butts.

    It seems to me that you are co-operating with Trend Micro on this, and they are co-operating with you. Neither one of you seems overly happy this happened and it does identify a potential problem with Trend Micro, which I am sure they want to fix for the future. They really could have sat on their hands over this and given you stock answers, like many other businesses tend to do. This thing could have run on for months, meanwhile you and others on the net could have continued your downward spirals.

    My Grandfather told me once that there is a time to sit back and let the experts handle things, and a time to push the experts into actually doing the things they are supposed to be doing. It seems to me that you chose wisely and not sat by thinking those who normally handle these things actually would handle the problem in a timely manner.

  7. Posted October 28, 2008 at 10:10 pm | Permalink

    I’ve been doing OPT IN ONLY email marketing for 10 years. Each year since around 2001, it’s gotten worse & worse. I don’t think it’s currently possible for a small business like mine to deal with all the corporate bs that’s overtaken the internet.

    As sales have gotten worse, I’m down to being a 1 person company. I no longer have time to research this sort of thing. It’s rare that I can even read Chris’s posts on the day they’re published anymore.

    I’m frustrated. Between my newsletter, my website & ebay I’m doing 1/3 the business I did in 2000. And with ebay’s recent huge fee increases, declining ebay sales & shipping price limits there’s a very good chance I’ll be shutting down in 2009.

  8. Posted October 29, 2008 at 4:53 pm | Permalink

    Wow, Chris! What an adventure! Sorry to hear you went thru all that, but sure appreciate you sharing your experience!

    Jennifer
    ~PotPieGirl

  9. Posted April 19, 2011 at 12:38 am | Permalink

    Hi Chris,
    thank you for sharing your experience and new knowledge.
    I also (I bet I’m not the only one :) ) need your help.
    This is what one of my users sent me when he was trying to get on my site:
    Website blocked by Trend Micro Worry-Free Business Security
    Malicious website blocked
    http://www.kajzer-dom.hr/
    Rating: Dangerous
    Verified fraudulent page or threat source.
    What You Can Do:
    •Contact your administrator about security settings on your network
    •I understand the risks and I want to continue browsing

    I don’t use Trend Micro and it seem all fine to me… my website is also used through Google Webmaster Tools and they don’t report any bugs or threats.
    I did had some troubles with the safety of the site a year ago, but since than it was all fine.
    It looks fine now also, except this report from Trend Micro.

    Any suggestions?

    Thank you!
    Tomislav

  10. Posted July 9, 2011 at 5:08 am | Permalink

    Help need with this exact article as Trend blocked my site for some reason

    thanks

    ron

  11. Posted October 14, 2011 at 12:06 pm | Permalink

    I see a lot of this arrogant behavior on the net , the fact is is that trend micro is essentially taking a service I have paid for and then arbitrarliy blocking an entire iusp server based on the actions on one or a few, the first problem here is they are not the government, nor is there any legal precedent for them to pdeprive anyone of anything without due process, The US Constitution clearly states that in all matters of law involving amounts over 20.00 a person is entitled to a hearings before the courts before any such action can be taken, I content that their legal ass is hanging out and I would be happy to sign a class action suit against any of these arrogant big shots who think they can push little people around.

  12. IT support
    Posted August 13, 2012 at 6:56 pm | Permalink

    just what I needed thanks…

  13. Posted February 11, 2013 at 11:57 am | Permalink

    Our site has had this problem for 2 years – we’re losing business left and right, my clients are not een getting my emails and we have done over 4 reclassification requests. I am not a tech expert and need help getting this fixed.

    Please contact me directly as soon as possible.

    Best regards,
    Diane