Friday, January 02, 2009

IE6 Traffic - Not from IE6 Browser

Something odd happened today. A person reported getting a message we display to people who have old browsers. The person sent the error message in question. When I looked up the traffic in our logs the traffic indicated the user was visiting the site with an IE6 browser. However the person says she doesn't use IE and doesn't want to use IE. The only traffic from this particular IP address was all from IE browsers and nothing else.

So what is going on here? Potentially we have a bug in our software, however I have not seen this error myself before. What I think is probably happening is that there's some sort of caching software on the network this person is using and when they came to the site they got some page that was cached by some previous visitor who was using an IE6 browser. The other option is that this person has some sort of malware or web add-on that is somehow making her traffic look like it's coming from an IE6 browser when it is not.

If there was actually caching software that was causing this problem, however, then why was I able to find in my logs the exact request matching hers that resulted in this message? If the page was cached somewhere I shouldn't be seeing her request in my logs at all would I?

So was there a computer between her computer and my server that is intercepting requests, passing it to our server, viewing the content, and then passing it back to the user's machine? That seems like what is probably happening but how can I know for sure? In that case, let's say you were contacting your bank. This intermediary would be doing screen shots of every web page you visit. If this intermediary software was one machine intercepting all the requests, I would also expect to only see one user agent coming to that site from that IP address - but I saw multiple - and they were all IE browsers. This person says she doesn't use IE because she doesn't like it.

Hmmm. What's up? More evidence of very suspicious IE6 traffic and doubtful that most of the IE traffic out there is legit.