1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BEWARE - Proxy Detector Script - used by several sites

Discussion in 'Black Hat SEO Tools' started by portalweb, Jan 16, 2010.

  1. portalweb

    portalweb Supreme Member Premium Member

    Joined:
    Jan 7, 2010
    Messages:
    1,415
    Likes Received:
    547
    Occupation:
    Hard Core Engineer
    Location:
    New York
    Hi,

    I want to test to see how they can detect the proxy IP, by going to this site:

    Code:
    http://whatismyipaddress.com/staticpages/index.php/advanced-proxy-test 
    Test result: Proxy server detected. (yes, I'm using paid proxy service while using this BHW)

    IP 69.164.xxx.xx
    rDNS FALSE
    WIMIA Test TRUE
    TOR Test FALSE
    Loc Test FALSE
    Header Test FALSE
    DNSBL Test FALSE

    Based on the tests with 15 different proxy IP addresses, all of them failed WIMIA test (and sometimes TOR test too).

    What does it mean to us? They know we are attempting to hide ourselves from their sites through the proxy servers.

    What I'm seeing here, it means we need to request the proxy providers to make sure that these IP addresses are not detected by proxy detector scripts, similar to whatismyipaddress.com's proxy detector.

    Comments?
     
    • Thanks Thanks x 4
    Last edited: Jan 16, 2010
  2. websicosys

    websicosys Newbie

    Joined:
    Jan 17, 2010
    Messages:
    39
    Likes Received:
    40
    Home Page:
    Depending on the configuration of the proxy, it may actually be sending your IP address without your knowledge.

    Some configurations of proxy servers inject a header called "X-Forwarded By: [Your IP]".

    I suspect that the "proxy detector" is searching for that header as well as a database of known proxies.

    Edit: Nevermind, I'm wrong.
     
  3. cookiejar

    cookiejar Regular Member

    Joined:
    Dec 6, 2008
    Messages:
    400
    Likes Received:
    2,084
    Occupation:
    SeNIor CoOKIe Di$TRibuter
    Location:
    YoUR IP AddRESS
    This is a very intriguing topic, with many hardcore blackhat methods requiring the use of proxies to manipulate site thresholds, with CPA and affiliate sites using proxy detectors can we begin to build a "database" of CPA companies and affiliate networks that don't have proxy detectors?

    Or perhaps write a script that checks for the proxy detectors before using proxies to access the sites.

    There's definitely ways around anti-proxy security defense. We just have to check for what their checking for and give them false data to bypass their "check". :D
     
    • Thanks Thanks x 1
  4. pewtercraig

    pewtercraig Newbie

    Joined:
    Dec 21, 2009
    Messages:
    11
    Likes Received:
    1
    If all come up as false, it is undetectable?
     
  5. portalweb

    portalweb Supreme Member Premium Member

    Joined:
    Jan 7, 2010
    Messages:
    1,415
    Likes Received:
    547
    Occupation:
    Hard Core Engineer
    Location:
    New York
    Theoretically yes.
     
  6. websicosys

    websicosys Newbie

    Joined:
    Jan 17, 2010
    Messages:
    39
    Likes Received:
    40
    Home Page:
    My best guess is that they're logging every single IP address that they can view.. Then, they're comparing the User-Agent with the IP address to check for major variations.

    Alternatively, they could be checking for open ports on the IP address in question. Common ports such as 8080 would easily flag it as a proxy.
     
  7. xgnux

    xgnux Regular Member

    Joined:
    Sep 26, 2008
    Messages:
    492
    Likes Received:
    150
    Occupation:
    STudent
    Location:
    Germany
    javascript can detect Proxy use - i wonder nobody here knows this.
     
  8. TheGoat

    TheGoat Registered Member

    Joined:
    Oct 1, 2009
    Messages:
    70
    Likes Received:
    85
    Woot private socks ftw (false on all).

    Question: what's a "Loc Test"?
     
  9. rastagod

    rastagod Regular Member

    Joined:
    Jan 9, 2010
    Messages:
    440
    Likes Received:
    48
    they can detect proxy usage but i believe not vpns (someone correct me if wrong) =)
     
  10. ghprod

    ghprod Regular Member

    Joined:
    Mar 18, 2009
    Messages:
    230
    Likes Received:
    40
    Home Page:
    so we need some vpn instead of socks?

    regards
     
  11. portalweb

    portalweb Supreme Member Premium Member

    Joined:
    Jan 7, 2010
    Messages:
    1,415
    Likes Received:
    547
    Occupation:
    Hard Core Engineer
    Location:
    New York
    Another hard-core proxy detection site (very good):
    http://www.lagado.com/proxy-test (thanks to mrankin in his topic)

    I will talk to my colleague (he has CCIE) about the proxy issue and will share the details here shortly.
     
    • Thanks Thanks x 1
  12. bzy39

    bzy39 Regular Member

    Joined:
    Jan 15, 2009
    Messages:
    434
    Likes Received:
    239
    try this
    Code:
    http://www.whoer.net/ext
    it has advance detecting proxy and i think it can be use for credit card fraud
     
    • Thanks Thanks x 1
  13. edvoltage1

    edvoltage1 Regular Member

    Joined:
    Sep 13, 2008
    Messages:
    214
    Likes Received:
    72
    who cares..i still get paid.:)
     
  14. gregstereo

    gregstereo Elite Member

    Joined:
    Oct 5, 2009
    Messages:
    1,833
    Likes Received:
    1,027
    Occupation:
    I'm known to locate certain things from time to ti
    Location:
    Moose Factory, ON
    Here's a thread that I think explains what WIMIA is:

    http://proxy.org/forum/1196102288.html

    It sounds proprietary to whatismyipaddress.com - note the acronym and what it could spell out.

    Here's the quote for those of us to lazy to click:

    So users of shared proxies could be nailed by this test.
     
  15. portalweb

    portalweb Supreme Member Premium Member

    Joined:
    Jan 7, 2010
    Messages:
    1,415
    Likes Received:
    547
    Occupation:
    Hard Core Engineer
    Location:
    New York
    Good lord...what a depth of details!!! I can image how G-Ad-gay's Javascript (as well as CPA networks's programs/scripts) would have the proxy detection script built-in similar to whoer.net/ext to read all details on user's PCs.

    Think about it - you can't fool these paying ad networks if you repeat the CPA toolbar installation that pays $1-3, even with different proxy IP addresses.
     
  16. goawayplease

    goawayplease Regular Member

    Joined:
    Apr 10, 2008
    Messages:
    299
    Likes Received:
    67
    Port, Hostname, IP Location, Headers, and User-Agent are all easy ways to check for proxy use, with Headers being the easiest and most common.

    A "high-anonymity" proxy is just one that doesn't send the X-Forwarded-For or other Proxy headers.
     
  17. radi2k

    radi2k Junior Member

    Joined:
    Nov 29, 2009
    Messages:
    117
    Likes Received:
    34
    Location:
    Germany
    lol if i visit that site it doesnt detects my proxy. actually i'm logged in at the university VPN with squid proxy. that tool isnt really good so nothing to worry!
     
  18. velcom7

    velcom7 Junior Member

    Joined:
    Aug 13, 2009
    Messages:
    119
    Likes Received:
    111
    Occupation:
    Your Mom
    Location:
    Your Mom's House
    I agree. When I first saw this, I was freaking out, but then I realized if I clean my cookies and used clean proxies I was good to go.
     
  19. robertodelgato

    robertodelgato Regular Member

    Joined:
    Jun 28, 2009
    Messages:
    348
    Likes Received:
    3,177
    Occupation:
    Yeah, right.
    Location:
    Top of the 3-pack
    I'm using private proxies and this is the result from whatismyipaddress:

    Proxy server not detected.
    IP (like I'd put that here!)
    rDNSFALSE
    WIMIA TestFALSE
    TOR TestFALSE
    Loc TestFALSE
    Header TestFALSE
    DNSBL TestFALSE

    I'd say they're checking public lists for the WIMIA thing that OP got spotted on. I doubt if they have some sort of AI proxy spotter/sniffer.
     
  20. JohnG

    JohnG Junior Member

    Joined:
    Feb 24, 2008
    Messages:
    108
    Likes Received:
    47
    My proxies are not detected by any of those, i just use private squid proxies on irregular ports. I think these kinda scripts are really only a danger to those that are using public/shared proxies or proxies on the common proxy ports.