Hinky’s Proxy Obsession

I finally put the system on a UPS.  Or rather, the system “the system” runs on, since “the system” is a virtual machine running inside an XP box.

A few weeks ago, the battery died in my main UPS.  So, being the idiot that I am, I ran out and bought another UPS.  A few days after that I learned that UPS’s don’t die.  Batteries die, generally after three to five years.

I did not know that.

So I priced replacement batteries, found them to be relatively inexpensive, and resurrected the “dead” UPS.

Since I’ve lived in this dump I’ve seen two extremes of power failures.  The maximum has been 48 hours (thanks to Hurricane Ike).  The minimum has been something less than a second.  And the minimum occurs much more often than the maximum or anything in between, especially around late May when people start turning on their air conditioning and the power company starts switching the “dumb” grid around (or whatever it is they do).

And generally those little quickie power outages happen about an hour after I leave the house and head out to the salt mines, resulting in at least eight hours of no page refreshes and no new proxies.

And one pissed off Hinky.

Even when I am here, the XP box chokes when it comes back online because it has a dead CMOS battery that I just can’t seem to bother to replace, although in my experience changing a battery has never fixed a CMOS problem.  It always requires a new motherboard.

That’s the main reason I don’t bother changing it.  I don’t want to buy a new motherboard.

There are a few bugs to work out, like how to turn the VM back on if the power comes back on at the last second.  But until that happens, I’ll probably ignore it.  Then, I’ll fix it.

And it will never happen again.

Actually, 2,499,909 at this very moment but we should hit the magic milestone by midnight.

Business has been picking up.  After the last proxy purge I didn’t even have to run a resurrection to get a decent number of pages up.

Koobface has been making a comeback, if the number of U.S.A. proxies running on port 8085 is any indication (and it usually is).

Even the Cameroonians should be happy, given the number of UK proxies that have been popping up in the last few weeks.  Push those puppies, boys!

This surge in new proxies reaffirms my opinion that this is a seasonal business.  The exact same thing happened last year and we should continue to see more and more fresh proxies until November, when the whole thing will come crashing down once again.

We should hit the three million mark by August.

I suppose the power company had to test our new smart grid meter by forcing an outage.

Everything died again.  At about the same time, too.  Even though, unlike the last two times, it wasn’t snowing at all.

And it’s very evident that the UPS that powers my lifeline to the Web must be toast, because it didn’t start back up when the power came on.

I have a lot of catching up to do on other projects. But enough of my problems.  Things will be back to normal at 8PM EST.  Maybe we’ll make it all the way through Thursday.

It seems one of my former Russian “suppliers” (in quotes because he didn’t actually know he was a supplier) has made some news.

And it’s not good news.

It turns out he’s a Very Bad Man (I keep telling you kids that proxies are evil but you never listen).  He’s allegedly been running a Zeus botnet and recently sent some (very good) targeted SPAM to .gov and .mil domains.  I know it’s good because I’ve seen it first hand (and you can conclude whatever you want from that information).

So anyway, for what it’s worth, the story is here.

There’s also some security clown on BlogSpot who has written some nasty stuff about him, but I won’t give him a link.  He’s not a “major player” in the security field, but he’s quite a number of notches up from Yours Truly.  He is the kind of security dude who gets all worked up about “criminals” and if I give him a link, it would be instant guilt by association and the next thing you know he’d be calling me all sorts of bad names, too.

In fact I’m not all that crazy about giving that douchebag Krebs a link, either.

The Russian supplier got taken down some time in the Fall of 2008.  I remember it well because his site disappeared about the same time the Security Industry (and Mutual Masturbation Society) was giving themselves a huge pat on the back for taking down Estdomains.

I briefly mentioned it here, sixth paragraph down.

But, dammit, he was a good supplier.  He ran a “for pay” proxy site but his security was bad enough to leak out his subscribers’ private URLs (thanks, Google).  When he disappeared I put his name and the site name in a pair of Google News Alerts, waiting for the day when he’d put his proxy site back up.

And now this shows up.

At least we know he’s still alive.

In just one run today there were a slew of Czech proxies, all on the 77.104.212.0/24 subnet, all on port 8080, all transparent, and the property of this ISP.

But with a ping time of 230+ milliseconds, nothing to write home about.  I’ve used a lot of Czech proxies in the past (hotels, Internet cafes, educational institutions, et cetera), but they’ve always been faster than that.  230ms is pathetic.

And if you telnet to them they’re running good old Mikrotik, so they must be some sort of residential or public access devices.

And yes, I checked.  They’ve changed the default password.  Dang.

Business seems to be picking up lately.  I added a new “supplier” a couple of weeks ago and it seems to be good for at least a page per day of new proxies.  A lot of these are Euro Zone proxies.  And a lot of them seem to be running Mikrotik Httproxy.

Coincidence?

Yeah, probably.

But it sure is nice having some perky German, Spanish, French, and Italian proxies again.  It’s just like the Old Days.  There’s even some UK proxies in there for the Cameroonians, who seem to have deserted me lately.

They’re not the only ones.  Traffic to the List has dropped off precipitously since November.  I’m down to a tenth of the traffic I had back then.  That would probably piss me off if I were depending on ad revenue but I don’t so it doesn’t.  These things are just cyclical.  Always have been, always will.

I’ve been waiting for another Bahrain-like incident.  Last summer we had the Canadian Health Care problem, which was fixed fairly fast.  Then there was the Macau Madness last April.  Koobface wasn’t exactly the same kind of thing, since it was a malware infection.

No, this Czech thing, like Bahrain and CHC, is more like a massive “Ooops”.  Shit happens.

I don’t expect it to last and since it’s a Class C subnet I don’t expect it to spread much.  Time will tell.