I was reading Cindy’s post about using SORBS to check for open proxies.

And my mind started freewheeling.

How about someone built a script that uses SORBS or any other suitable list of proxies. And then used it against ALL human hits to the site.

If there’s a match between a visitor and the database, up pops an annoying notice or banner, saying the visitor is coming through an open proxy, and to please notify the admin and ask him/her to secure it.

That would be more humane than just 403′ing all open proxies. Though that could of course also be done, if you place the htaccess in a blog directory, and the 403 page and some links leading to places not blocked with explanations and resources.

There could be links to resources, so the visitor could get help in understanding what’s happening.

This might consume some resources, so may not be for the busiest sites, but I’d LOVE to see this come to fruition!!!

Any takers?

Oh, and it could also be possible to make human intervention checks. IE, if you’ve got a large site, you could ask the visitors to visit a special link, where there’s a test.

Hmmm, sounds like a plan too.

You can find your IP address here on What’s My IP

But you can also go straight here and see if it’s an open proxy (they maintain a list). Use the right most button:
Blitzed

I checked some IP numbers there. And I found IP numbers not in their list. Even some I know are proxies, which they’d tested and thought weren’t. So the list isn’t fool proof. But it’s a start.

This entry was posted on Sunday, February 13th, 2005 at 3:20 pm and is filed under spamhuntress. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.