The following domain is now listed as a phishing site by Google chrome and Firefox. http://fbcdn.net

UPDATE:Just in, TechCrunch just reported that Safari is now listing Facebook as a suspicious site too. You can read their article in the trackback in comments where they linked to this artilce. (Cheers! Robin Wauters, thanks for the link…)

This is actually a Facebook domain. By adding this domain to your list of trusted sites in Internet Explorer you will no longer have problems with Facebook. Currently Internet Explorer is not listing it as a phishing site in it’s database. Could this be because Microsoft has $260,000,000 invested in Facebook?

Basically the only way to use Facebook is to use Internet Explorer because they do not seem to be blocking it right now.

I am trying to get to the bottom of the Phishing RBL now, I am already taking this up with Trend Micro to make sure this does not spread. Trend Micro blocking my site made me quite an authority on Phishing filters and URL RBLs.

Currently the phishing filter used by Firefox does not list fbdcn.net as a phishing site and neither does Internet Explorer anti Phishing filter. Don’t know where this blocking is coming from but I want to know as someone who cannot wait to implement Facebook Connect.

After a Google search here is why Facebook runs JavaScript on another domain:

There are a few reasons; one of the posts added the additional domain lookup, but that only needs to happen once. What happens instead, is that a browser has a built in limit of 2 connections per domain. This means that if you have a lot of external content (CSS style sheets, Javascript, images, etc) you’re limited to load two at any given time. By adding an extra domain, you double that amount of items you can be downloading concurrently. There were some various experiments done, and it was found that 2-3 was generally the best you could squeeze out.

The link to the information about CDNs was provided — companies like Akamai have servers placed strategically around the world and use some DNS voodoo to have localized requests directed to their servers nearest to the request. This means that you can download the data faster.

Another reason is about bandwidth. Facebook (and all sorts of other sites where you have to login) track all sorts of information about you in cookies. Every request you make to a site, all of those cookies get passed around. This can add up very quickly. By having a domain that isn’t just a subdomain (ie, x.facebook.com) like fbcdn.net, each request isn’t burdened with the additional cookies and thus minimizes the bandwidth required on the request (you transmit less, so it’s faster; they receive less so it’s faster and cheaper [since they pay for all that in and out bandwidth])

I’m sure there could be even more reasons, but those are the main ones AFAIK.

This puts a real damper of the launch of Facebook Connect.

I will keep updating this post as news breaks on this. Either the Facebook domain fbcdn.net was hacked or this is something odd, I have not seen this occur before.

UPDATE:Facebook says the blocking has been cleared in the Facebook Forum. This is the same place I tried to warn Facebook that this was a possibility. The other developers said:

“This is some pretty tinfoil hat sounding stuff.”

I happen to like the way my monitor reflects off my tin foil hat, what’s it to ya?

In a further effort to help legitimate businesses, here is how you can tell you have a Microsoft Internet Explorer 7 or 8 blocking your site issue.

I am going to do a series of articles on exact terms that someone that was in my position with a anti virus false positive phishing entry so you can hopefully find this article and begin to clear your name.

This is about the only way you will be able to tell that an anti virus is blocking your site. The real problem occurs when your listing in the AV database spreads to other major networks.

Google Analytics Saved my Butt

You can tell that Internet Explorer is blocking your site if you have goal conversions set up in Google analytics. Check to see if you are selling any products to visitors using Internet Explorer 7.

If you have some type of block in a database it will be possibly consumed by the IE 7 anti phishing filter database and you will have almost 0 sales occurring in Internet Explorer. At the same time you will have a way higher sales success rate in Firefox.

That is the only thing that saved me was finding that FF had a 14% sales success rate and IE had a 0.26% rate.

This is not guessing on my part. This is the findings of the Trend Micro investigation.

Sudden drops in newsletter subscribe rates, abandoned payments, email click thru rates and sales in general are all indicative of this kind of blocking.

The only reason I got a few emails delivered was that I was highly whitelisted in Gmail due to my Google social network friends list.

Please tell anyone you know to look into this so that this does not happen to them. If I can help anyone do not hesitate to call me.

Still alive and kicking,
- Chris Lang

Trend Micro will block your site in the browser, block your web traffic at the server level, your URLs in any emails and send your emails to the Trend Micro spam folder if you make the mistakes that I did. It was not Trend Micro’s fault, my payment software or anything I did. Trend Micro blocked me because I was at the wrong place at the wrong time.

NOTE: This is NEW information that no one else has. Read this thourghly!

When Trend Micro blocked my site

In September Jennifer Horowitz sent a recommendation of my product, Social Marketing book to her email list. We had a very poor response rate and and I began to think her email was not getting past spam filters.

Then one of her subscribers sent me this screen shot of Trend Micro wrongly blocking my site.

Click the image to see it full size, this will shock you.

I was stupid enough to ignore this and simply believed it was a very minor issue due to the redirect to PayPal in my payment software. Big mistake. More like a $20,000 mistake.

Trend Micro is currently the most purchased Window software there is as reported by Cnet just last week.

As time went by it got WAY worse. More and more payment attempts were being abandoned and comments on my blog and email click thru rates plummeted. Two three week periods passed without a sale and I began to really worry. At the same time my mind really went to work on this.

Meanwhile I was using all the skills I have to track down what I believed was a new spam filter blocking my emails. I enlisted the aid of even more experienced email pros to help me and they could not find the source. Neither could my GoDaddy host or AWeber, my email list provider. No bounce messages, no FBL reports, no nothing.

That was when I began to think it was a client side spam filter and something new to boot.

Then about a week ago I remembered the screen shot, in the end that Trend Micro blocking screen shot was my savoir.

Trend Micro says keywebdata.com and Chris Lang are innocent of any phishing, undesirable, dangerous or malicious activity or wrong doing.

This is the email I received back today.

Below is the synopsis of what the next phone conversation produced. I want to stress that these are facts as told to me by my Trend Micro contact in charge of the team that investigated the keywebdata.com blocking.

Why did Trend Micro block my site and how can you avoid it

First off the best indicator of something going on are subscribers clicking the spam button in web email. Why are they doing that? Because they just saw a big freakin huge banner like the screen shot above. What else are they going to do when their anti virus software just screamed and yelled at them to never go to your site again?

After 8 straight days of working 20 hours a day, today, October 27th, I have gotten to the bottom of why Pc Cillin warnings were displayed and Trend Micro Internet Security and Trend Micro anti virus blocked my site.

I just got off the phone with my Trend Micro contact.

Keywebdata.com was flagged in the browser, in Internet Explorer 6 or 7 and blocking began.

At that point my site and payment forms were reviewed by Trend Micro.

Due to a unsecured form, submitting to my server, then redirecting to a PayPal CGI bin URL my site was deemed indicative of a Phishing site and blocking occurred.

This did create global blocking of my domain at both the server level and the end users of all Trend Micro Internet Security products.

Any email with my URL in it was blocked by TM and possibly Yahoo, Gmail and Microsoft, both at the browser and email server level.

Also any web traffic passing through a data center with Trend Micro filtering software installed would have blocked the traffic right there too. This may be why so many of my emails never arrived.

Any http request from a browser resulted in the screen shot image being displayed.

Any traffic crossing the Trend Micro server level software resulted in the request not being passed and the request to my server was not completed. In other words if a link to my site was clicked it would not result in the request either going thru to my server and no HTML would be displayed.

No footprint of this blocking is visible in server logs because the http request (http link click) was denied at either the home user end client or at the server leval. So, even if you do pull your server logs there is not footprint to show that you are serving lots of pages and getting no browser page views.

It would do no good to pull server logs because no request for a page would ever make it to the server.

Trend Micro is looking into if they will release numbers as to the end user blocking numbers for keywebdata.com

Basically I am going to have to pick myself up, dust myself off, learn from this and move the heck on.

TM does agree and is willing to suggest that using any HTML form that is submitting to any payment provider without using HTTPS protocols will draw the ire of anti phishing software. This also means Microsoft Internet Explorer anti phishing filters.

What can you do if Trend Micro PC Cillin blocks your site?

Step #1

First of all, I now have extreme knowledge of this and can check your site to see if it is blocked. To learn how to get your site unblocked and protect your new sites from being blocked, I have detailed instructions at this link.

If you are being blocked I can navigate thru the process of getting and investigation started and if you are innocent, get the blocking removed. Do not email me to death just to see if the site is blocked. If you experiencing problems I will help you.

Step #2

First of all, stop sending any emails with your domain URLs in it, don’t send any email to your email lists and pull access to any payment forms.

If someone tries to buy and gets a phishing warning you have just lost any possibility of a future sale.

If your list gets an email from you and anyone has seen the phishing warning on a previous visit you can bet your last dollar they are going to mark your email as spam and any others they may get.

Lost sales now are nothing compared to losing most of your list and further email blocking. I did not catch this early enough on and lost a list with 2500 hard earned subscribers on it.

Currently there is no feedback loop from Trend Micro and my contacts tell me they are considering adding this so that we are directly contacted should a new script on our site suddenly trip a Trend Micro red flag.

You will also want to keep your hosting provider in the loop so that there are no issues with your domain or site. Call them and create a help desk case number. Then email the abuse@YOUR HOSTING address and document every step of the way using the case number. It can come in handy if anyone sends false accusations their way.

Save every email, document everything and keep records of everything that occurs.

Step #3

If you are using payment forms generated by IPN scripts that submit to PayPal for payment then get them changed to using HTTPS protocols in the form tag. Don’t worry about forms created by PayPal, they are sending to PayPal URLs. The problem lies in forms that submit to your domain and then the server redirects to PayPal. That is what started my tale of woe.

You will need to add a SSL certificate to your site and your host can take care of this for you. Just give them a call.

Step #4

Then we will need to get Microsoft, Yahoo and Gmail to remove any blocking as well.

I can get this underway for you as well.

Step #5

Once you get this cleared up and your site free of any negative indicators you can resume mailing to your list and you should be in good shape. I am.

I do want to thank Paul Myers who kept me calm and supplied great ideas to get through out this. Above all he told me to handle myself professionally and calmly.

I want to thank John McGowan who dealt with the yelling and screaming portion of this little odyssey.