homepage Welcome to WebmasterWorld Guest from 54.167.185.110
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
open proxies
wilderness




msg:4447769
 2:35 am on May 1, 2012 (gmt 0)

In Sept-Oct of 2009 there was a rash of open proxy uses.
Some of them were as many as twenty-five different IP's in succession, all trying for the same page.

The majority of these open proxies were from standard internet service providers.

Did anybody besides me save them?

 

dstiles




msg:4448131
 8:35 pm on May 1, 2012 (gmt 0)

Many of them would have changed by now.

I was going to post a link to a proxy-listing site but it seems to be down, possibly permanently. There are other proxy-listing sites but I do not have a URL to hand. :(

The list of open proxies is in any case an open-ended variable. Someone gets a virus, either server or broadband, and Wham! I see quite a few day by day. I block new servers and note new broadband providers.

enigma1




msg:4448428
 1:13 pm on May 2, 2012 (gmt 0)

Did anybody besides me save them?

Yes in a way from the server logs, but now what? As it was said, most likely these IPs were recycled.

wilderness




msg:4448442
 1:45 pm on May 2, 2012 (gmt 0)

Someone gets a virus, either server or broadband, and Wham! I see quite a few day by day.


Yes in a way from the server logs, but now what?


The virus/malware explanation makes perfect sense.

However. I've long believed that the major US internet providers leave open specific IP's (for what ever their requirements are), which allows others to utilize the same open-IP's as proxies.

Since these old-lists are rather extensive (even though they were utilized and accumulated in a short two-month span), and the new-lists apparent change rapidly.

How would one determine, what IP's remain active and open-for-use and which ones were previously corrupted by virus/malware?

dstiles




msg:4448659
 9:14 pm on May 2, 2012 (gmt 0)

If you know the original IPs run something like linux's umit, but you'd need some scripting knowledge to check more than a handful. Can't help with that as I've never tried it.

Otherwise, as I said, find a site that lists proxies and cross-check with that. A brief check via ixquick for "proxy ip list" (without quotes) came up with proxy-ip-list.com

enigma1




msg:4448737
 1:42 am on May 3, 2012 (gmt 0)

However. I've long believed that the major US internet providers leave open specific IP's (for what ever their requirements are), which allows others to utilize the same open-IP's as proxies.

Specific? How many IPs do you need? Do a port scan on the IPs that you see in the server logs and look suspicious (80, 8080, etc), there is a plethora of compromised systems acting as intermediate platforms for various attacks.

The interesting part is sometimes the attacker secures the compromised system so other attackers cannot get in. Plus the number of abandoned systems out there is unbelievable. But that's all over the world.

blend27




msg:4448875
 12:12 pm on May 3, 2012 (gmt 0)

How would one determine, what IP's remain active and open-for-use and which ones were previously corrupted by virus/malware?


Few years back I set up a few forums on throw away domains that are open to scrapers and spam-bots go at it. I record IP data and a basic bad/spam word analyzer on all the crap posted there.

Then wrote code to get the IP data from data collected and validate it against projecthoneypot and stopforumspam APIs.

The positive side of this approach it once the IP becomes an open proxy it is utilized by a swarm of bots that have those forums on their list, and for me its just an API call to a unknown by others subdomain on those forums.

Couple that with known colo/server farm ip ranges and you pretty much have a firewall of your own :).

If you have an IP that is on you bad proxy list throw a capcha on the first hit before/after a programmatic check with projecthoneypot. If authenticated, open the IP only for that session only.

hope this makes sense.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved