Blackhats love to talk about public proxies as if they're some naturally occurring resource online that just magically come into existence for your convenience. While they're useful for bypassing the restrictions many websites impose, they're also the beast of burden for those engaged in illegal spam, fraud, and other nefarious activities. Lists of open proxies are passed around freely, published on blackhat websites, and even sold by individuals scanning the net for them. But did you ever stop to think about what they are, and why they're there? Sure, some are the result of benevolence, provided by individuals or organizations who want you to be able to anonymize your web browsing or overcome geographic restrictions. These are few and far between. The liability and potential for abuse is huge, and very few people are that altruistic. Some exist because of incompetence. Someone installs Squid or other proxy software and doesn't know how to secure it, or doesn't realize the potential headaches in store and leaves it open. There are a surprising number of these out there. Not surprising because there are so many people who don't know how to configure a proxy, but surprising that those responsible for the IP space and bandwidth are so negligent. Those are the innocuous examples of public proxies. Unfortunately, you're more likely to find open proxies that exist as the result of illegal activity or present other dangers to their users. Worst of all, it's very difficult to distinguish between the benign proxies above, and the malicious ones. Public proxies with strange port numbers (like 80, 81, and 31337) are usually part of botnets. These consist of thousands of compromised computers, often running older versions of Windows, and usually with broadband connections. Sounds great, right? Wrong. If you use an exploited computer, in most parts of the world you share liability with whoever hacked it. It's like if somebody else smashes in the window at a local store, it doesn't suddenly become legal for you to just reach through the window and help yourself to the merchandise. As I'm sure you're aware, various international and national law enforcement agencies monitor botnet activity closely, and you run a risk of being found complicit in a serious crime when the crackdown comes. Proxies that perform well and seem harmless can very well be traps and honeypots. Spamhaus, Project Honeypot, and others are known to run public proxies to catch spammers IPs, blackhat software fingerprints, and spam payload. Spamhaus's goal is to have you terminated from your ISP or hosting, and their success rate is amazing. But it's not just the antis who run public proxies. Your fellow blackhatters maintain them, logging all your activity, and letting you do the dirty work of finding niches and social networking and SEO techniques that work. When they determine your activity is effective, they emulate it, and if you're really unlucky, report your techniques to the antis and other places with logs of your activity as evidence so they can prevent you from competing with them. I read and hear people talking about all these terrible things happening to them for "no reason," from deindexing, to autodeleted social network accounts, to ISP terminations. If public proxies are in the mix, "no reason" is unlikely. Your activity may have been logged and analyzed by a trap or honeypot proxy. You've probably noticed the highest-level blackhats avoid open proxies, and use shared and private proxy services for their large-scale operations, or more often build their own proxy farms with VPNs, VPSs and other resources. Now all of you know why.