Can Use of a Proxy Server be Detected? - GoFuckYourself.com

Paul Waters · 07-20-2005, 04:29 PM

The password sharing sites recommend use of a specified proxy server to avoid detection by ip logging.

Can it be done?

Or is there an database of proxy servers that can be obtained and maintained?

Thanks

azguy · 07-20-2005, 04:30 PM

http://tor.eff.org/

Paul Waters · 07-20-2005, 04:35 PM

Quote:

Originally Posted by azguy

http://tor.eff.org/

It was this link in another thread that motivated me to post.

I want to control access to a pay site by ip or ip range. I want to reject anything coming through a proxy (or an onion) because it is a hole an entire country could come through.

I know I have to consider people travelling, but that is another issue.

Cheers

azguy · 07-20-2005, 04:43 PM

Quote:

Originally Posted by Paul Waters

It was this link in another thread that motivated me to post.

I want to control access to a pay site by ip or ip range. I want to reject anything coming through a proxy (or an onion) because it is a hole an entire country could come through.

I know I have to consider people travelling, but that is another issue.

Cheers

Nope, they usually use anonymous proxies that don't even tell you it's a proxy. Unless you maintain your own blacklists - it's nearly impossible.

azguy · 07-20-2005, 04:45 PM

Quote:

Originally Posted by Paul Waters

It was this link in another thread that motivated me to post.

I want to control access to a pay site by ip or ip range. I want to reject anything coming through a proxy (or an onion) because it is a hole an entire country could come through.

I know I have to consider people travelling, but that is another issue.

Cheers

And there is no point in obtaining any databases, because proxies usually last a day or two anyway.. New ones are found every second and posted on various locations, you won't be able to keep up with that.

azguy · 07-20-2005, 04:47 PM

Instead, spend your resources on protecting your member area better... there are no ways around it.

High Plains Drifter · 07-20-2005, 04:49 PM

you could have a script that attempted a client proxy connection on the surfer's IP using well known proxy ports (8000, 8080, etc)... this would weed out most of the proxy traffic, but not something like the Tor network.

Paul Waters · 07-20-2005, 04:50 PM

Quote:

Originally Posted by azguy

Instead, spend your resources on protecting your member area better... there are no ways around it.

How do you protect a member area against password sharing?

azguy · 07-20-2005, 04:51 PM

Quote:

Originally Posted by skinnywussy

you could have a script that attempted a client proxy connection on the surfer's IP using well known proxy ports (8000, 8080, etc)... this would weed out most of the proxy traffic, but not something like the Tor network.

There are over 20 of them. It used to be the usual 3128, 8080, 1080 crap.. now you see 28882, 4440, and the list goes on. I don't think users will like porn sites attempting to connect to their computer.. there are enough myths about this industry

High Plains Drifter · 07-20-2005, 04:53 PM

Quote:

Originally Posted by azguy

There are over 20 of them. It used to be the usual 3128, 8080, 1080 crap.. now you see 28882, 4440, and the list goes on. I don't think users will like porn sites attempting to connect to their computer.. there are enough myths about this industry

Yeah, you could could cycle through all the ports, nmap style, if you really wanted to... but, as you say, its probably not a good idea.

Alky · 07-20-2005, 04:55 PM

Quote:

Originally Posted by skinnywussy

Yeah, you could could cycle through all the ports, nmap style, if you really wanted to... but, as you say, its probably not a good idea.

do you know how unrealistic that is? are you really serious?

azguy · 07-20-2005, 04:56 PM

Quote:

Originally Posted by Paul Waters

How do you protect a member area against password sharing?

It's very simple and I don't understand how after 10 years companies still deal with this shit.

1. User signs up, password must be 8 chars or longer with at least 1 digit
2. Spend some $$ on a real programmer and come up with a simple, yet very useful, pattern recognition utility that will monitor user activity and detect irregular IP changes, browsers, cookie data. It's not hard.
3. Once the software detects unusual activity, disable the freakin account and send further instructions on re-activating it to the user's email.
4. Get rid of freakin Basic Authentication..
5. Have your login be form-based and implement a Turing test.
6. Ask yourself why it took you 10 years to figure this out lol

Alky · 07-20-2005, 04:58 PM

Quote:

Originally Posted by azguy

2. Spend some $$ on a real programmer and come up with a simple, yet very useful, pattern recognition utility that will monitor user activity and detect irregular IP changes, browsers, cookie data. It's not hard.

all that is overkill... if X amount of ip's login with in Y amount of time = disable

azguy · 07-20-2005, 04:59 PM

Quote:

Originally Posted by Alky

all that is overkill... if X amount of ip's login with in Y amount of time = disable

Not true... trust me. There are forums out there that instruct people to connect to the members' area using a SPECIFIC PROXY only.

High Plains Drifter · 07-20-2005, 05:06 PM

Quote:

Originally Posted by Alky

do you know how unrealistic that is? are you really serious?

I guessed you missed the last four words of the post that said NOT A GOOD IDEA. I was thinking of ways to identify a proxy, not specifically for this scenerio.

azguy · 07-20-2005, 05:08 PM

Proxies will always be here in one form or another.. especially when the EFF themselves push anonymity technologies

azguy · 07-20-2005, 05:09 PM

I just set up my 5th box on the Tor network

This one is in Argentina. I'm blocking ports that can be abused easily, such as 25.

Paul Waters · 07-20-2005, 05:10 PM

Quote:

Originally Posted by azguy

It's very simple and I don't understand how after 10 years companies still deal with this shit.

1. User signs up, password must be 8 chars or longer with at least 1 digit
2. Spend some $$ on a real programmer and come up with a simple, yet very useful, pattern recognition utility that will monitor user activity and detect irregular IP changes, browsers, cookie data. It's not hard.
3. Once the software detects unusual activity, disable the freakin account and send further instructions on re-activating it to the user's email.
4. Get rid of freakin Basic Authentication..
5. Have your login be form-based and implement a Turing test.
6. Ask yourself why it took you 10 years to figure this out lol

I was about 80% here. Automatically sending the email with re-activating instructions is something I didn't think of. Thank you!

4Pics · 07-20-2005, 05:59 PM

I think getting strongbox will save you a lot of time and headache.

07-20-2005, 04:29 PM	#1
Paul Waters Confirmed User Join Date: Mar 2003 Location: Toronto, Ontario Posts: 4,402	Can Use of a Proxy Server be Detected? The password sharing sites recommend use of a specified proxy server to avoid detection by ip logging. Can it be done? Or is there an database of proxy servers that can be obtained and maintained? Thanks __________________ Paul

07-20-2005, 04:49 PM	#7
High Plains Drifter Confirmed User Join Date: Jun 2005 Location: ♠ ♣ ♥ Posts: 2,341	you could have a script that attempted a client proxy connection on the surfer's IP using well known proxy ports (8000, 8080, etc)... this would weed out most of the proxy traffic, but not something like the Tor network. __________________

07-20-2005, 04:30 PM	#2
azguy Confirmed User Join Date: Nov 2004 Location: Scottsdale, AZ Posts: 5,167	http://tor.eff.org/

07-20-2005, 04:47 PM	#6
azguy Confirmed User Join Date: Nov 2004 Location: Scottsdale, AZ Posts: 5,167	Instead, spend your resources on protecting your member area better... there are no ways around it.

07-20-2005, 05:08 PM	#16
azguy Confirmed User Join Date: Nov 2004 Location: Scottsdale, AZ Posts: 5,167	Proxies will always be here in one form or another.. especially when the EFF themselves push anonymity technologies

07-20-2005, 05:09 PM	#17
azguy Confirmed User Join Date: Nov 2004 Location: Scottsdale, AZ Posts: 5,167	I just set up my 5th box on the Tor network This one is in Argentina. I'm blocking ports that can be abused easily, such as 25.

07-20-2005, 05:59 PM	#19
4Pics Confirmed User Industry Role: Join Date: Dec 2001 Posts: 7,952	I think getting strongbox will save you a lot of time and headache.