More On Proxies & Idiots

Alex posted this question on my post about how to block proxies:

Wow…Your information has really helped me out! I host a site on Livejournal, so I don’t know if this will work, but even a hope is better than what’s going on now!

By the way, I tried out the whois tool, and I had several questions. Sorry to bother you with them, but if you have any idea about these things (and can enlighten a little ol’ site owner like myself), I would be so appreciative!

The person  harassing my site and trying to sneak in is known to use proxies to do so. I’m just having a hard time distinguishing which IPs are proxies. If I receive a message like the one below for 202.70.58.xxx (it says under their information “Proxy-registered route object”, among other things), does that mean I am dealing with a proxy user?
http://whois.domaintools.com/202.70.58.xxx

Also, if the person’s IP says the Netype was Reassigned, rather than Direct Allocation, does that mean anything significant?  I have so many questions, but I don’t want to trouble you, especially since I can understand how awful the trolling must be for you, considering you wrote this entry. Thanks so much for your time though! This has really helped me out alot, and I feel like this situation is no longer hopeless!

Actually Alex, trolling at our site isn’t all that bad – especially since I’ve successfully blocked a large percentage of web-proxies.  We still get the occasional clown that thinks he’s (or often, she’s) a genius by finding a new proxy, but it’s rare these days.  Besides, it’s actually entertaining to watch an adult act like a fool and make himself look like a retarded 14-year old.  I wonder if they would do this kind of childish shit if they knew their own children would find out about it?  Probably not – this is why the weak-minded hide behind the cowardly shield of a proxy.

Anyway, on to your questions:

These days I don’t even bother looking at things like Proxy-registered route object or Direct Allocation.  All I look at in the WHOIS is who the owner is.  If the IP is registered to a company like “FDC Servers” or “Ultimate Web Hosting”, then it is probably a server, and almost certainly a proxy.  Sometimes the registered name isn’t clear, so I do a Google search to see what I can find.  If it’s a server-hosting company it should be pretty obvious.  If it is an Elite proxy or TOR exit-node, that should also be pretty plain to see.

The IP you say is harassing your site is registered as “Mobile Network Provider” in India.  So it looks like some sort cellphone provider or maybe a mobile/wireless ISP.  This doesn’t tell me much, so the next step is to do a Google search on that particular IP address.  Most “normal” IP address will return only a few Google hits, usually less than four or five.  Your suspect IP returns 37 hits on Google, which makes it a bit fishy, but none of the results show anything that would make me think it is a proxy.  My cunning & proxy-hunting skills tell me that this IP might be a proxy, and at a minimum is some sort of shared computer, like at a internet cafe.

Here are some examples of IP’s that are proxies that you can run through WHOIS and Google to see what they look like:

  • 74.63.75.229
  • 94.102.153.2
  • 41.207.194.160

Compare the WHOIS and Google results for the IP’s above with your own IP and you should see a pattern.

Good luck in your asshole troll hunting!

One thought on “More On Proxies & Idiots

  1. Yeah one of the main systems proxy detection scripts use these days is whois lookups for server IP ranges. Currently though there is no ‘perfect’ way of doing it, but some people have got it down to a science, like you guys and BlockScript.

    Slightly off topic. What i find funny is, BlockScript is owned by the same guys that maintain and produce one of the most popular proxies in the world!

Leave a Reply

Your email address will not be published.