ProxyInfo

From OnlineGamesNetWiki
Jump to: navigation, search

Due to botnet attacks which mostly use open or unsecure proxy servers, we are performing several counter measurements to protect both the network and its users from these annoying attacks.

Measurements

Active proxy scanner

We are running pxys2 proxy scanner which scans for the following proxies:

  • insecure WinGate
  • Socks v4 and v5
  • HTTP proxies on several ports

DNS blacklists

We are using blacklists to find and G-Line IPs which are known for proxies or for being part of the Tor network. We are still experimenting with these lists.


Currently we use:

DNS blacklist Short Description Homepage
exitnodes.tor.dnsbl.sectoor.de A list containing clients where Tor runs on. http://www.sectoor.de/tor.php
http.dnsbl.sorbs.net A List of Open HTTP Proxy Servers. http://www.au.sorbs.net/
socks.dnsbl.sorbs.net List of Open SOCKS Proxy Servers. http://www.au.sorbs.net/
misc.dnsbl.sorbs.net List of open Proxy Servers not listed in the SOCKS or HTTP lists. http://www.au.sorbs.net/
torexit.dan.me.uk A list of tor nodes online in the tor network. This list is updated hourly with the tor network. https://www.dan.me.uk/dnsbl


What do I have to do if I am G-Lined?

G-line Reason is: AUTO PXYS G-Line -- [Some individual text here]:

If you are using a proxy:

  • Stop using a proxy and connect directly instead

If you have to use a proxy or are yourself admin of the proxy:

  • Ask the proxy admin to configure it securely
  • After this was done, visit G-line check and request to be unglined, stating your Proxy was secured

G-line Reason is: AUTO Busted by the exitnodes.tor.dnsbl.sectoor.de DNSBL!:

  • visit the sectoor homepage
  • hit "Check my IP"
  • send them a mail to request to be delisted (mailaddress is displayed on match)
  • some hours after delistind also the G-Line will be removed.
  • You do NOT need to request an ungline. Unglines are not done, because g-lines are reissued automatically as long as the IP is listed.

G-line Reason is: AUTO Busted by the *.dnsbl.sorbs.net DNSBL!:

  • visit the SORBS homepage
  • contact them using their support system (linked there)
  • some hours after delisting also the G-Line will be removed.
  • You do NOT need to request an ungline. Unglines are not done, because g-lines are reissued automatically as long as the IP is listed.

G-line Reason is: AUTO Busted by the tor.dan.me.uk DNSBL!:

  • Stop using Tor. If you have never used Tor, wait a bit, the one using your IP before (<1 hour) used Tor. The IP will be delisted automatically after less than 1 hour.
  • You do NOT need to request an ungline. Unglines are not done, because g-lines are reissued automatically as long as the IP is listed.