1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can you handle the truth about public proxies?

Discussion in 'Proxies' started by thejake, Oct 21, 2012.

  1. thejake

    thejake Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 13, 2009
    Messages:
    685
    Likes Received:
    828
    Blackhats love to talk about public proxies as if they're some naturally occurring resource online that just magically come into existence for your convenience. While they're useful for bypassing the restrictions many websites impose, they're also the beast of burden for those engaged in illegal spam, fraud, and other nefarious activities. Lists of open proxies are passed around freely, published on blackhat websites, and even sold by individuals scanning the net for them. But did you ever stop to think about what they are, and why they're there?

    Sure, some are the result of benevolence, provided by individuals or organizations who want you to be able to anonymize your web browsing or overcome geographic restrictions. These are few and far between. The liability and potential for abuse is huge, and very few people are that altruistic.

    Some exist because of incompetence. Someone installs Squid or other proxy software and doesn't know how to secure it, or doesn't realize the potential headaches in store and leaves it open. There are a surprising number of these out there. Not surprising because there are so many people who don't know how to configure a proxy, but surprising that those responsible for the IP space and bandwidth are so negligent.

    Those are the innocuous examples of public proxies. Unfortunately, you're more likely to find open proxies that exist as the result of illegal activity or present other dangers to their users. Worst of all, it's very difficult to distinguish between the benign proxies above, and the malicious ones.

    Public proxies with strange port numbers (like 80, 81, and 31337) are usually part of botnets. These consist of thousands of compromised computers, often running older versions of Windows, and usually with broadband connections. Sounds great, right? Wrong. If you use an exploited computer, in most parts of the world you share liability with whoever hacked it. It's like if somebody else smashes in the window at a local store, it doesn't suddenly become legal for you to just reach through the window and help yourself to the merchandise. As I'm sure you're aware, various international and national law enforcement agencies monitor botnet activity closely, and you run a risk of being found complicit in a serious crime when the crackdown comes.

    Proxies that perform well and seem harmless can very well be traps and honeypots. Spamhaus, Project Honeypot, and others are known to run public proxies to catch spammers IPs, blackhat software fingerprints, and spam payload. Spamhaus's goal is to have you terminated from your ISP or hosting, and their success rate is amazing. But it's not just the antis who run public proxies. Your fellow blackhatters maintain them, logging all your activity, and letting you do the dirty work of finding niches and social networking and SEO techniques that work. When they determine your activity is effective, they emulate it, and if you're really unlucky, report your techniques to the antis and other places with logs of your activity as evidence so they can prevent you from competing with them.

    I read and hear people talking about all these terrible things happening to them for "no reason," from deindexing, to autodeleted social network accounts, to ISP terminations. If public proxies are in the mix, "no reason" is unlikely. Your activity may have been logged and analyzed by a trap or honeypot proxy.

    You've probably noticed the highest-level blackhats avoid open proxies, and use shared and private proxy services for their large-scale operations, or more often build their own proxy farms with VPNs, VPSs and other resources. Now all of you know why.
     
    • Thanks Thanks x 19
  2. Halilovic-Squad

    Halilovic-Squad Regular Member

    Joined:
    Mar 25, 2010
    Messages:
    246
    Likes Received:
    129
    this mr. trainee-pornstar was a very nice read.
    although i knew i could handle the truth about proxies before reading it - it really did enjoy to read a very well written post. as we all know - on a board like this you permanently stumble upon threads that have been answered a gazillion times cause the search is a myth i hear or questions that could well be answered by the OP himself if only there would be something like a search-engine-thingy and more of such alikes.

    therefore i really enjoyed this one. just being here on my own. only the sound of my fingers typing, no newbie flood trying to raise post-count wasting space for only 3-4 words without a meaning, asking questions that were answered right above them - and all the other daily circumstances you have to face on boards like this.

    besides gifting me a moment in silence, quietness and relaxation - packed in a really nice writing-style and even containing usefull information basically a post without any hooks - you got me to stay here for another while typing all this. just to taste the realization how this really is different to the daily routine here and therefore triggert me.

    thx&rep given - as quality deserves.
    thanks
     
  3. proxygo

    proxygo Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 2, 2008
    Messages:
    10,228
    Likes Received:
    8,692
    and that's why anyone with sense has a honey pot tool and doesn't use/scan obscure
    ports stick with 8080,3128,8118, and your fine. as a mod once said who uses them that i no,

    if the person securing them for people is competent in what they do - the recipients will be ok,
    its when you go after those obscure silly ports things go wrong . thankfully if you have many yrs
    experience at it and still fail then the only person at fault is the person doing it.

    ps, the best way to get the best public proxies that pretty much safe? is by SCANNING as was
    pointed out - scanning isp's around the world.
    simplified - using them isn't bad . being careful in how you procure them and
    check them is - some people do no what there doing and some dont.

    31337/tcp open Elite - elite referring to hacked and if you suspect it
    run a root kit - something like - root kit hunter .
    31337 was known as a hacker port designed to drop on the blind side
    and change passwords and install nasty software back in 2004/2005
     
    Last edited: Oct 21, 2012
  4. sirgold

    sirgold Supreme Member

    Joined:
    Jun 25, 2010
    Messages:
    1,260
    Likes Received:
    645
    Occupation:
    Busy proving the Pareto principle right
    Location:
    A hot one
    31337: a bell is ringing from the venerable days of CDC's BackOrifice :D That was E L E E T for real :D
     
  5. BlueTurtle

    BlueTurtle BANNED BANNED

    Joined:
    Nov 30, 2011
    Messages:
    700
    Likes Received:
    1,307
    Um, no.. Botnets do not install open proxies. That's not how they work at ALL, not even close. I won't go into detail about how they work as it's not a topic that we discuss on bhw, but I don't know why you're giving completely made-up advice here

    Again, no, this is completely false. Using an open proxy is not "using an exploited computer". If you login to a hacked computer and use it then you're liable, but this is not the same thing as using an open proxy.

    Open proxies are nothing to do with hacking or botnets. They're just misconfigured services.
     
  6. proxygo

    proxygo Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 2, 2008
    Messages:
    10,228
    Likes Received:
    8,692
    dont worry turtle
    i think jake was trying to scare people who buy public proxies
    thinking that the people who supply them have no clue if there
    compromised or not - if you follow - scare tactics for some1 who has
    no clue what hes on about - thankfully i reserved a space on my iggy
    list for such a crap poster .
     
    • Thanks Thanks x 1
  7. LakeForest

    LakeForest Supreme Member

    Joined:
    Nov 11, 2009
    Messages:
    1,269
    Likes Received:
    1,802
    Location:
    Location Location
    If in 2012 you leave 1337 and 31337 open, you are a pud.

    Every so often I'll get a working proxy on those ports and if the IP isn't blacklisted: 80, 81, 8000, 8888, etc open.

    I appreciate the introductory lesson on proxies OP, but I feel it is a case of lining a highway with tires and mattresses for poor drivers.

    If you, kind reader, honestly do not know the dangers of connecting to another computer and are reading this post as though it's breaking news, you should not be on BHW.

    If proxies are still a mystique, when it comes to user agents or hosts or correct ssh tunneling, you'll be in so far over your head that you'll stick with article writing or web design.

    I must be getting old. I mean...It's proxies...hasn't everyone heard of them before or used/pretended to use them? I guarantee 90%+ of users on BHW are using honeypots and proxies that are on who knows how many spam lists, and they wonder why their success rates are so low or why their sites get shot down.

    OP, this isn't a critique on you at all, this is me venting at how BHW is becoming an "accessible" and "newbie friendly" place. I don't remember seeing so many threads asking about what proxies are before this past year.

    People really think IM is Easy Money, and they rush here thinking they're going to get rich with software or when they kinda figure out how things work by thinking, "ok, I need proxies to scrape footprints to find targeted sites!" but where's the thought process that's supposed to come next, "what are proxies? are they safe? I better learn about them," seems to be too much work for a lot of users on BHW. You can replace proxies with pretty much any SEO variable and you can see multiple threads created the past week about it.

    It seems to be there's a crazy influx during the holidays and when it starts getting warm. I guess the new people are just here for Easy Money...

    /frustration
     
  8. proxygo

    proxygo Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 2, 2008
    Messages:
    10,228
    Likes Received:
    8,692
    its the cold season lake people with nothing to do
    on cold nights dream up weird posts - well something to
    read with a mug of coffee eh

    ps 31337 exploit --- how old ???? 6/7 yrs yawn .
     
  9. clockwrk

    clockwrk Newbie

    Joined:
    May 21, 2012
    Messages:
    15
    Likes Received:
    0
    so this is the truth huh?
     
  10. NIXMY

    NIXMY Regular Member Premium Member

    Joined:
    Sep 26, 2010
    Messages:
    481
    Likes Received:
    321
    Location:
    myproxylists.com
    Home Page:
    If we think about publicly listed proxies, someone must have scanned for those proxies and shared them. If all would stop sharing their scanned results, there would not be no longer publicly listed proxies.

    Port 80 proxy is very unlikely a botnet proxy. If you have even a bit experience, just by judging the proxy's speed is a good start. Usually a botnet proxy is a PC, hosted on ADSL whatever normal connection, usually slow speed.

    If there would not be open proxies, there would not be blackhat scene neither. Who bother investing money to a blackhat software if everyone would only need to rely on expensive private proxies. I have read from here that many were upset because private proxies were not private as promised ...

    This is for the OP:

    How can you tell that private proxy provider is a legitimate provider? How do you know that these providers are not honeybotting their clients and stealing personal information and methods? Nothing is as sure as unsure.

    If you're paranoid, setup your own private proxies on your own server but then you're usually limited to a small amount of proxies, and of course your walled will also be the limit.

    If someone is afraid of being honeybotted when using public proxies, they of course make their servers to use the proxies and/or proxychain the process ...

    That's the way the proxy scene is and none can stop it. I hear the OP point in this but that's the way it is.

    PS. I used to host few years back a public proxy, just to see how much it will be abused, and I can say the proxy was abused hard. After less than one day:

    - All the time 250-750 connections per second
    - Bandwidth usage all the time 15-50Mbps (i limited the proxy to 50Mbps)
    - Received several abuse messages from the host due to people used the proxy for various malicious actions

    Anyhow I needed this test because I am software developer and wanted to verify will my software work stable under a heavy load. I did not collected any personal data or abused whatsoever. It was just a friendly test and proxy.

    I would say that only a small percentage of public proxies are dangerous, none can tell exact amounts. If you're afraid of using public proxies, just don't use those proxies for anything where you need to send personal data. Simple as that.
     
    Last edited: Nov 15, 2012
  11. proxygo

    proxygo Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 2, 2008
    Messages:
    10,228
    Likes Received:
    8,692
    i stopped worrying after half of what i read was total nonsense
     
    • Thanks Thanks x 1
  12. B0tm4ster

    B0tm4ster Newbie

    Joined:
    Oct 5, 2012
    Messages:
    31
    Likes Received:
    6
    Occupation:
    Senior Consultant
    Location:
    Munich
    Home Page:
    Okay guys from the perspective of a Systems Administrator, I would have to say that using a proxy server is no more dangerous than using your local internet service provider. In both circumstances your internet traffic could be intercepted as it can be on any tcp/ip network.

    Here's the distingution, *YOU* decide what sites or services you are accessing with a proxy, and you just have to be mindful that any sites you visit which are not SSL encrypted (https://), that data could be intercepted or 'sniffed' and logged. Using a proxy does NOT magically allow the proxy operator to remote control your local PC, or give them any access to your personal data, nor does it allow them to use your computer to access other sites and in most cases your not going to be using a proxy to log in to an online banking website or any other sensative websites.

    Problem is proxy's are slow by nature, even without encryption, so it would not be wise to use a SSL encrypted proxy, as encryption adds 'overhead' and overhead slows down the connection even more because everything has to be encrypted packet by packet. And in the case of video, would cripple it sevearly.

    So simply pick and choose what you use a proxy for, its not dangerous per se, but it is the end users responsibility to use it wisely.
     
  13. NIXMY

    NIXMY Regular Member Premium Member

    Joined:
    Sep 26, 2010
    Messages:
    481
    Likes Received:
    321
    Location:
    myproxylists.com
    Home Page:
    That's wrong. A proxy got absolutely nothing to do with encryption. Say a proxy allow SSL connections, that's nothing but allowing a connection to port 443, proxy does not encrypt anything. Don't mix VPN with proxy.

    After a SSL connection has been initiated, browser and the target site does encryption according to SSL. Proxy does exactly as name says, pass-through a connection between client-proxy-internet, that's it.
     
    Last edited: Dec 16, 2012
  14. proxygo

    proxygo Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 2, 2008
    Messages:
    10,228
    Likes Received:
    8,692
    oh look this thread raked up again by a 6 post member
    yawn again and off to bed .
     
  15. tahworld

    tahworld Regular Member

    Joined:
    Aug 16, 2013
    Messages:
    457
    Likes Received:
    393
    Location:
    ✔✔✔✔✔✔✔
    Sorry for bumping an old thread, but I thought this was really interesting.

    I agree with proxygo, I think it all matters if you know what you're doing.

    So far, I (mostly) try to stay away from public proxies because I don't know what I'm doing yet. (Which is why I'm reading these threads, I'm trying to get a better understanding).
    But I feel like there's nothing wrong with using them and I am going to give it a go.

    Question: Can't you just use public proxies for scraping and then private ones for the posting etc.?
    Seems like an easy solution.


    I appreciate your post, and I'm not trying to start an argument, but I don't think this accurate.
    To stay within your analogy: Let's say somebody did smash in a window, that doesn't mean that you are in that store stealing stuff too. Maybe you're in the store to buy stuff and pay for it.
    My point: just because somebody else did illegal activity on a proxy, doesn't mean you're engaging in illegal activity on the same proxy, nor are you aware that that activity has even happened.
    In that case, you are also responsible for other people's illegal activity on a paid VPN.
    Which I don't think you are.

    I could be wrong, so I'd love to get some feedback on this.

    Great thread.
     
    Last edited: Dec 28, 2013
  16. proxygo

    proxygo Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 2, 2008
    Messages:
    10,228
    Likes Received:
    8,692
    very old thread
     
  17. faithjhung

    faithjhung Jr. VIP Jr. VIP Premium Member

    Joined:
    Jun 5, 2009
    Messages:
    1,444
    Likes Received:
    911
    Location:
    New York
    Only feedback i can give you is why bump a very very old thread?

    oh look this thread raked up again by a fairly new member
    yawn again and off to bed .​


     
  18. ninjaturtle

    ninjaturtle Newbie

    Joined:
    Oct 24, 2013
    Messages:
    49
    Likes Received:
    15

    Why does it matter to you that it's an old thread?

    Does it bother you that much that you have to reply?

    Just because it's old doesn't mean it doesn't have any value.

    Einstein's teachings are old too. Doesn't mean they are useless.

    Be helpful or don't reply.
     
  19. proxygo

    proxygo Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 2, 2008
    Messages:
    10,228
    Likes Received:
    8,692
    ninjaturtle
    raking up an old thread serves 0 purpose if what is posted adds nothing to the content of the original post
    if you have a problem with that, save your reply. im not listening
     
  20. tahworld

    tahworld Regular Member

    Joined:
    Aug 16, 2013
    Messages:
    457
    Likes Received:
    393
    Location:
    ✔✔✔✔✔✔✔
    So what's the verdict on this?