6

Recently we have had a lot of issues with a particular user who has been posting a piles of provocative messages on our website using the public proxy IPs.

Can someone recommend a way to determine - is a specific IP a public proxy or not?

Thanks.

raven
  • 18,004
  • 16
  • 81
  • 112

4 Answers4

2

A server I admin on had a similar problem; I coded[1] up a script that checked every connection from a newly registered user, and performed a tor DNS lookup, to find out if it was a tor exit point.

This won't work for every public proxy, but since tor is such a widely used anonymiser, it'll catch a lot of them.

[1] See? programming solution!

Jeremy Smyth
  • 23,270
  • 2
  • 52
  • 65
  • Thanks, yes - actually I am after a programming solution for this problem. Obviously it is not possible to get it 100% right - but if I could call some kind of web service or check some lists online to filter out 90% of public proxies - that should solve our issues, I hope. –  Jul 07 '09 at 15:44
2

We have used http://www.maxmind.com/app/proxy API to determine if IP is proxy based.

1

There are many proxy detection service providers. You can either download a local lookup database or using remote API. The later has higher network latency but ease your daily database update process. You can start with IP2Proxy and download their sample database for evaluation.

Michael C.
  • 1,410
  • 1
  • 9
  • 20
0

Public proxies appear all the time and normally their life span is very short. In my opinion it is best to use an API of some sort to base your logic arround spam scores, email reputation, asn etc. A good place to start is this rest API for online intelligence and before you start you should reed their documentation for all the endpoint info. It could be a bit slower and third party dependent but you'll never have to worry about keeping your records up to date etc.

What I did was not only looking for proxy and span records but also querying the 'ip/info' endpoint to see if the IP address belongs to hosting provider which makes it more likely to be used as proxy and in such case I am more strict on what actions can be performet etc. I know some people might access the website through VPN or a proxy in general, but it is up to you to decide what users you will allow and what not. Every case is different and requirements could vary.

Hope this helps to someone else facing the same problem.

Pancho
  • 4,099
  • 1
  • 21
  • 32