Wednesday, June 28, 2006

Why Block Proxy Sites

People ask why I block anonymous proxy servers and here's a prime example coming from our friends at ThePlanet.

Not only is someone using Firefox from this location but it appears they're cloaking information to get Google to crawl through the proxy as well which can result in hijacked pages.

06/23/2006 70.87.42.250 "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

06/25/2006 70.87.42.250 "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

06/25/2006 70.87.42.250 "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"

06/27/2006 70.87.42.250 "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

06/28/2006 70.87.42.250 "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
That, in a nutshell, is why I block proxy servers.

3 comments:

Anonymous said...

care to share your proxy blocking script?:)
i hope its in php.

Todd Dickerson said...

Yes, how are you blocking the proxies??? I need this solution very bad. I can of course manually block each IP but that's not a real solution. Any advice?

Anonymous said...

1. He doesnt really block all proxies (at least not from this blog, since I'm using a proxy right now!)
2. He doesnt have to block them all, just the most common ones, by SERVER
not the IP.

For instance, Reverse.layerdtech will show up in the logs of ANYBODY who has been hacked or had some crap to deal with on the net.

thousands of IPs on that server range, dont block them one by one, block the whole damn server!

As another lowlife gets some free or low cost space on their server and sets up shop with some hacking/spam scripts, it wont come NEAR your site 'cause you've blocked them all!

example: A) you go to one of the "myspace enabler proxies" and you use it to navigate to a page on your site, or to whatsmyIpaddress.com
b) look up the IP and find the host ISP and CIDR range at DNSSTUFF.com

c) DENY FROM cidr range in your htaccess file

Next, you block the "privacy" networks TOR
http://torlist.nullnetwork.net/torlist.php?htaccess
(the link goes up and down I'm afraid, just grab the list when its back up-I feel its the TOR bastards whacking at it!)

Next block all of PlanetLab


(Note, you dont have to block them from accessing your site, you can allow them to GET, but not POST) meaning they can see your site -and possibly scrape data, but cant spam your blog or guest book)

As you do this a couple times, you will notice that most of the little fuckers come from:

eviserver

In further detail