Can Use of a Proxy Server be Detected?
 

The password sharing sites recommend use of a specified proxy server to avoid detection by ip logging.

Can it be done?

Or is there an database of proxy servers that can be obtained and maintained?

Thanks

It was this link in another thread that motivated me to post.

I want to control access to a pay site by ip or ip range. I want to reject anything coming through a proxy (or an onion) because it is a hole an entire country could come through.

I know I have to consider people travelling, but that is another issue.

Cheers

Nope, they usually use anonymous proxies that don't even tell you it's a proxy. Unless you maintain your own blacklists - it's nearly impossible.

And there is no point in obtaining any databases, because proxies usually last a day or two anyway.. New ones are found every second and posted on various locations, you won't be able to keep up with that.

Instead, spend your resources on protecting your member area better... there are no ways around it.

you could have a script that attempted a client proxy connection on the surfer's IP using well known proxy ports (8000, 8080, etc)... this would weed out most of the proxy traffic, but not something like the Tor network.

How do you protect a member area against password sharing?

There are over 20 of them. It used to be the usual 3128, 8080, 1080 crap.. now you see 28882, 4440, and the list goes on. I don't think users will like porn sites attempting to connect to their computer.. there are enough myths about this industry :)

Yeah, you could could cycle through all the ports, nmap style, if you really wanted to... but, as you say, its probably not a good idea.

do you know how unrealistic that is? are you really serious?

It's very simple and I don't understand how after 10 years companies still deal with this shit.

1. User signs up, password must be 8 chars or longer with at least 1 digit
2. Spend some $$ on a real programmer and come up with a simple, yet very useful, pattern recognition utility that will monitor user activity and detect irregular IP changes, browsers, cookie data. It's not hard.
3. Once the software detects unusual activity, disable the freakin account and send further instructions on re-activating it to the user's email.
4. Get rid of freakin Basic Authentication..
5. Have your login be form-based and implement a Turing test.
6. Ask yourself why it took you 10 years to figure this out lol

all that is overkill... if X amount of ip's login with in Y amount of time = disable

Not true... trust me. There are forums out there that instruct people to connect to the members' area using a SPECIFIC PROXY only.

I guessed you missed the last four words of the post that said NOT A GOOD IDEA. I was thinking of ways to identify a proxy, not specifically for this scenerio.

Proxies will always be here in one form or another.. especially when the EFF themselves push anonymity technologies

I just set up my 5th box on the Tor network :) This one is in Argentina. I'm blocking ports that can be abused easily, such as 25.

I was about 80% here. Automatically sending the email with re-activating instructions is something I didn't think of. Thank you!

:thumbsup

I think getting strongbox will save you a lot of time and headache.