Hi,
I want to test to see how they can detect the proxy IP, by ...
-
BEWARE - Proxy Detector Script - used by several sites
Hi,
I want to test to see how they can detect the proxy IP, by going to this site:
Code:
http://whatismyipaddress.com/staticpages/index.php/advanced-proxy-test
Test result: Proxy server detected. (yes, I'm using paid proxy service while using this BHW)
IP 69.164.xxx.xx
rDNS FALSE
WIMIA Test TRUE
TOR Test FALSE
Loc Test FALSE
Header Test FALSE
DNSBL Test FALSE
Based on the tests with 15 different proxy IP addresses, all of them failed WIMIA test (and sometimes TOR test too).
What does it mean to us? They know we are attempting to hide ourselves from their sites through the proxy servers.
What I'm seeing here, it means we need to request the proxy providers to make sure that these IP addresses are not detected by proxy detector scripts, similar to whatismyipaddress.com's proxy detector.
Comments?
Last edited by portalweb; 01-16-2010 at 03:46 PM.
-
The Following 4 Users Say Thank You to portalweb For This Useful Post:
alzir512 (02-23-2010),
chimmychang (03-16-2010),
mavericklist (01-22-2010),
Micoche (11-24-2010)
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
Depending on the configuration of the proxy, it may actually be sending your IP address without your knowledge.
Some configurations of proxy servers inject a header called "X-Forwarded By: [Your IP]".
I suspect that the "proxy detector" is searching for that header as well as a database of known proxies.
Edit: Nevermind, I'm wrong.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
This is a very intriguing topic, with many hardcore blackhat methods requiring the use of proxies to manipulate site thresholds, with CPA and affiliate sites using proxy detectors can we begin to build a "database" of CPA companies and affiliate networks that don't have proxy detectors?
Or perhaps write a script that checks for the proxy detectors before using proxies to access the sites.
There's definitely ways around anti-proxy security defense. We just have to check for what their checking for and give them false data to bypass their "check".
-
The Following User Says Thank You to cookiejar For This Useful Post:
-
Re: BEWARE - Proxy Detector Script - used by several sites
If all come up as false, it is undetectable?
-
-
Re: BEWARE - Proxy Detector Script - used by several sites

Originally Posted by
pewtercraig
If all come up as false, it is undetectable?
Theoretically yes.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
My best guess is that they're logging every single IP address that they can view.. Then, they're comparing the User-Agent with the IP address to check for major variations.
Alternatively, they could be checking for open ports on the IP address in question. Common ports such as 8080 would easily flag it as a proxy.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
javascript can detect Proxy use - i wonder nobody here knows this.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
Woot private socks ftw (false on all).
Question: what's a "Loc Test"?
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
they can detect proxy usage but i believe not vpns (someone correct me if wrong) =)
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
so we need some vpn instead of socks?
regards
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
Another hard-core proxy detection site (very good):
http://www.lagado.com/proxy-test (thanks to mrankin in his topic)
I will talk to my colleague (he has CCIE) about the proxy issue and will share the details here shortly.
-
The Following User Says Thank You to portalweb For This Useful Post:
-
Re: BEWARE - Proxy Detector Script - used by several sites
try this
Code:
http://www.whoer.net/ext
it has advance detecting proxy and i think it can be use for credit card fraud
-
The Following User Says Thank You to bzy39 For This Useful Post:
-
Re: BEWARE - Proxy Detector Script - used by several sites
who cares..i still get paid.
Two rules of success in life: 1. Don't tell people everything you know.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites

Originally Posted by
darkAsPitch
I noticed that too, can anyone find a defining link to what WIMIA is?
I assumed it meant that they checking against a database of ips of proxies that they had found somewhere.
Here's a thread that I think explains what WIMIA is:
http://proxy.org/forum/1196102288.html
It sounds proprietary to whatismyipaddress.com - note the acronym and what it could spell out.
Here's the quote for those of us to lazy to click:
That's the test we're currently working on. It's using a non-cookie, non-javascript method to attempt to detect multiple users of the same IP address. Consequently it can give a false positive for people in a multi-user environment. We're working to find the correct threshold.
So users of shared proxies could be nailed by this test.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites

Originally Posted by
bzy39
try this
Code:
http://www.whoer.net/ext
it has advance detecting proxy and i think it can be use for credit card fraud
Good lord...what a depth of details!!! I can image how G-Ad-gay's Javascript (as well as CPA networks's programs/scripts) would have the proxy detection script built-in similar to whoer.net/ext to read all details on user's PCs.
Think about it - you can't fool these paying ad networks if you repeat the CPA toolbar installation that pays $1-3, even with different proxy IP addresses.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
Port, Hostname, IP Location, Headers, and User-Agent are all easy ways to check for proxy use, with Headers being the easiest and most common.
A "high-anonymity" proxy is just one that doesn't send the X-Forwarded-For or other Proxy headers.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
lol if i visit that site it doesnt detects my proxy. actually i'm logged in at the university VPN with squid proxy. that tool isnt really good so nothing to worry!
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
I agree. When I first saw this, I was freaking out, but then I realized if I clean my cookies and used clean proxies I was good to go.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
I'm using private proxies and this is the result from whatismyipaddress:
Proxy server not detected.
IP (like I'd put that here!)
rDNSFALSE
WIMIA TestFALSE
TOR TestFALSE
Loc TestFALSE
Header TestFALSE
DNSBL TestFALSE
I'd say they're checking public lists for the WIMIA thing that OP got spotted on. I doubt if they have some sort of AI proxy spotter/sniffer.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
My proxies are not detected by any of those, i just use private squid proxies on irregular ports. I think these kinda scripts are really only a danger to those that are using public/shared proxies or proxies on the common proxy ports.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
is your flash or java ip address result is same with your proxy address you use after test with the site?
coz if not using tunneling and use software like proxifier your real ip address still detected by flash or java detector
Last edited by bzy39; 01-20-2010 at 09:28 PM.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
After some digging, I learned that some sites with proxy detection scripts use ActionScript Flash script (used for Flash based ad images) that will read PC network interface details (MAC address, IP address, etc.).
Here's the Flash based script link - that will raise your eyebrows:
Code:
http://help.adobe.com/en_US/FlashPlatform/beta/reference/actionscript/3/flash/net/InterfaceAddress.html
You can disallow flash cookies here:
View and remove your current cookies here:
As for Java (not Javascript), yes, the site with Java applet will read PC network interface details.
See the code examples here:
Code:
http://www.javacodez.com/forums/how-get-mac-ip-address-using-java-t-92.html
-
The Following 6 Users Say Thank You to portalweb For This Useful Post:
allphase (09-13-2010),
chimmychang (03-16-2010),
DrNobody (03-09-2010),
EvePanteli (02-04-2010),
ghprod (01-22-2010),
magpie2419 (02-22-2010)
-
Re: BEWARE - Proxy Detector Script - used by several sites

Originally Posted by
portalweb
After some digging, I learned that some sites with proxy detection scripts use ActionScript Flash script (used for Flash based ad images) that will read PC network interface details (MAC address, IP address, etc.).
Here's the Flash based script link - that will raise your eyebrows:
Code:
http://help.adobe.com/en_US/FlashPlatform/beta/reference/actionscript/3/flash/net/InterfaceAddress.html
You can disallow flash cookies here:
View and remove your current cookies here:
As for Java (not Javascript), yes, the site with Java applet will read PC network interface details.
See the code examples here:
Code:
http://www.javacodez.com/forums/how-get-mac-ip-address-using-java-t-92.html
disabling flash would seem like an easy work around for this?
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
Yes they might have access to Public proxies which always follow a similiar pattern of ports but Private proxies which comes with Security are safe i guess contact me if u need any lol
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
Does anyone think tha Firefox add-on No Script will help in these types of situations?
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
Yes ofcourse, but what when sites tell you that you must enable Javascript for instance? (cause NoScript can also block Flash & Java, which isnt required so often as JS)
So - id better stick to good VPN/proxy.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
What I'm saying is that - they can look at your PC to find the real IP address, along with the proxy IP address.
For demonstration purpose, I will write the simple proxy detection script, with the ActionScript Flash/Java widgets and put it on the test site to give us the idea how they would look at PC's connection to Internet. I will post my findings in one week.
-
-
-
-
Re: BEWARE - Proxy Detector Script - used by several sites

Originally Posted by
portalweb
What I'm saying is that - they can look at your PC to find the real IP address, along with the proxy IP address.
For demonstration purpose, I will write the simple proxy detection script, with the ActionScript Flash/Java widgets and put it on the test site to give us the idea how they would look at PC's connection to Internet. I will post my findings in one week.
This would be interesting to see, will you post the script for us?
^ nerd
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
The proxy detection test site access will be free to anyone, as the test page will be on my site, using SSI to handle the backend scripts. Giving it away for free will not do good, as I believe that there are variables that need to be updated. My large site has the geoIP database server that will provide the worldwide IP information to the proxy detection test script. If you want to see my large site, PM me.
Until then - stay tuned.
PW
-
The Following User Says Thank You to portalweb For This Useful Post:
-
Re: BEWARE - Proxy Detector Script - used by several sites
Status: 75% complete. It's bit complicated to develop the server-side scripts to deal with the access to user's PC via web browser. I believe we will have the test site ready for our testing.
Until then, stay tuned.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
perhaps it detects transparent proxies, anonymous proxies shud be safe
-
-
Re: BEWARE - Proxy Detector Script - used by several sites

Originally Posted by
goawayplease
Port, Hostname, IP Location, Headers, and User-Agent are all easy ways to check for proxy use, with Headers being the easiest and most common.
A "high-anonymity" proxy is just one that doesn't send the X-Forwarded-For or other Proxy headers.
How can we check to see if our proxies are sending this info? I certainly don't want to pay for proxies that are just going to reveal who I am - what the hell would be the point in using a proxy at all then? It would add absolutely no anonymity and would only slow your connection, as going through a proxy is almost always (maybe even always) going to be slower than just connecting direct, right?

Originally Posted by
MarketerMac
disabling flash would seem like an easy work around for this?
It would seem the work around would include disabling flash AND java, no?
Last edited by dirtyc; 01-26-2010 at 05:38 PM.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites

Originally Posted by
dirtyc
How can we check to see if our proxies are sending this info? I certainly don't want to pay for proxies that are just going to reveal who I am - what the hell would be the point in using a proxy at all then? It would add absolutely no anonymity and would only slow your connection, as going through a proxy is almost always (maybe even always) going to be slower than just connecting direct, right?
That is what the proxy detection script I'm working on right now, which will reveal everything (hopefully).

Originally Posted by
dirtyc
It would seem the work around would include disabling flash AND java, no?
Yes...that is the possible avenue. It means you can't watch Flash based video clip without enabling Flash. Decisions, decisions. 
Until then, stay tuned.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
You what else would be super tight (maybe this goes beyond the proxy checking thing) but if your tool would tell a user whether a website was trying to download flash cookies or java applets to your computer. Since that's part of the whole "tracking/privacy" landscape, I think it would be super relevant, don't you?
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
The tool will see if the browser is using the java, javascript, etc.
Here's the "ALPHA VERSION" proxy detection script, which read the "browser" settings as listed here:
Frames enabled
IFrames enabled
Tables enabled
Cookies enabled
Java applets enabled
Javascript enabled
Support CSS enabled
CSS version 3
Alpha -
Beta -
VBscript enabled
Flash enabled
In few days, the network interface readout java applet will be added, as well as the network interface readout Flash actionscript too. These are the difficult parts - but it will be there. What's nice about this script is that it will work with any operating systems.
Until then, please stay tuned.
-
The Following User Says Thank You to portalweb For This Useful Post:
-
Re: BEWARE - Proxy Detector Script - used by several sites
just wondering, back in the day we just had a script that would look for all the normal proxy ports if 8080 was open or 3128 and so on it would ban the ip.
dont really know why they still dont do that, you cant hide standard proxy ports. and unless your running the proxy you cant really change the port either.
my 2c'z
-
-
Re: BEWARE - Proxy Detector Script - used by several sites

Originally Posted by
lost_tribe
just wondering, back in the day we just had a script that would look for all the normal proxy ports if 8080 was open or 3128 and so on it would ban the ip.
This might be an incredibly stupid question - but why does a proxy have to listen on port 8080? BTW - do you think the process you describe is common practice? That as soon as a webserver receives an HTTP GET request, it attempts to connect to the machine requesting it on port 8080?
-
-
Re: BEWARE - Proxy Detector Script - used by several sites

Originally Posted by
websicosys
Depending on the configuration of the proxy, it may actually be sending your IP address without your knowledge.
Some configurations of proxy servers inject a header called "X-Forwarded By: [Your IP]".
I suspect that the "proxy detector" is searching for that header as well as a database of known proxies.
Edit: Nevermind, I'm wrong.
What do you mean you're wrong? I did some research on the net and that appears to be exactly how it works. See this site: Proxy Anonymity Test. Most proxies are configured by default to use X-Forwarded By and other similar headers. So when you say it *may* be sending your info, I think you really mean it *is* sending your info until configured otherwise.
Last edited by dirtyc; 01-27-2010 at 08:52 AM.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
Time
zone
America/Los_Angeles GMT-0800
local Wed Jan 27 2010 02:34 :55 GMT-0800 (PST)
system
Wed Jan 27 2010 03: 35:06 GMT-0700 (Mountain Standard Time)
Mismatch
Oh man....
-BH3M
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
Latest Status:
We are working on implementing the server-sided Java applets. I think the first Java based proxy detection services will be ready very soon for live test. After that, ActionScript will be next stage to be added to the proxy detection web interface.
darkAsPitch is correct about disabling Flash. Yes, ActionScript is part of Flash programming - that will detect PC soul (anything it can do based on how clever the script is written).
Anyway, as mentioned earlier, the simple goal for offering the free proxy detection web tester:
- With the proxy detection web interface tool available for everyone, it will help us to test/configure our PC to make sure that the browser settings are correctly configured before surfing the sites anonymously.
- In the near future: Copy-paste-test the proxy IP addresses
orts to make sure that these proxy IP addresses are REALLY CLEAN, and can detect SOCKS/HTTP types quickly. I have tested many proxy IP addresses using primitive methods - they are really useless for my BH tools.
Yes...please keep up with your concerns/thoughts - as it's really very helpful for us.
Until then, please stay tuned and visit my sites (see my signature).
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
sheezz.. proxy providers should do something about this...
-
-
Re: BEWARE - Proxy Detector Script - used by several sites

Originally Posted by
jaguarslug
sheezz.. proxy providers should do something about this...
like they care... if the feds or any other authority knocks on their door they'll give all the logs and info they have...
wanna bet?
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
Googling for WIMIA yields:
""It's using a non-cookie, non-javascript method to attempt to detect multiple users of the same IP address. Consequently it can give a false positive for people in a multi-user environment."
I imagine the test fails for shared proxies and routed connections.
-
-
Re: BEWARE - Proxy Detector Script - used by several sites
Well... nobody trecommend good proxy. There are a few members say they use private proxy. Can you please post this proxies here?
-
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Bookmarks