How to avoid false security shutdowns?

cyber-attack-data-breach

We just had a very busy week! On Wednesday, our user-facing-site got disabled for a short time. What happened?

Many companies use the services of Internet security companies specializing in copyright, trademark protection and anti-phishing solutions. These companies can often misinterpret the proxy solution for translation, and identify the yet-untranslated site as an illegitimate copy, and a threat to client security.

How does this come to pass?

At the heart of the problem lies the fundamental nature of web browsing and how it is implemented: every request made carries a certain set of metadata, called headers, which is visible in the server logs, and can tip off such security companies.
The most common culprit is the Referrer header, which contains the originator of the request. As long as this matches the domain under such protection, all is well. But when something like ja-jp-easyling-p.app.easyling.com appears, all sorts of alarms start going off, and the company believes the request to be coming from an illegitimate copy of the site.

At this point, several things can happen:

  • The security company makes contact with us, and we can clarify the issue, potentially involving our LSP partners in the talks;
  • They may contact Google to flag the translated site, which can lead to various consequences;
  • They may take the matter directly to a domain provider, and request the suspension of our domain name at the hosting company.

How can this be prevented?

  1. Notifying the client’s security partner: LSPs should ask their clients to tell their security providers about the proxy operation and how their servers may experience traffic spikes (Easyling crawler activity). Easyling’s requests carry their own sets of metadata, which can be used to identify and separate them from true threats – for more information, see our documentation.
  2. Turn on the basic authentication feature under Publish Website > Domain Settings > Access Control for all the target languages. This can be done for all Proxy modes, including preview. This way, crawlers will find that the site requires a username and password, not being publicly accessible. There may still be uncomfortable questions asked, but at least hopefully, there won’t be a sense of urgency.
Dedicated demo for You