Hinky’s Proxy Obsession

As if things weren’t bad enough with all my big sources going dark, Google has finally got my number on the Google Hack.

For three months now I’ve been doing Google searches like…

:80 :8080 :3128

… getting a thousand pages, and hitting them all.

Three months!

Now, and I kid you not, boys and girls, I can’t even do a search on anything  without getting the “We’re Sorry” page.

Clear the cookies and… same thing.

They’ve definitely got my number!

And I’ve only had this IP address for less than a week (my old one, which I had for months, was knocked out by hurricane Ike last week).

I could change the IP any time, but it’s a hassle.  Lots of DNS changes have to be made every time the IP changes and I’m not a fast flux site by any means – I’m one of the GOOD GUYS!  So that’s out, but I still have sleeves, the requisite tricks, and 350+ CoDeeN proxies in the database.  Plus we all know Google is not the only search engine on the Internets.  Hear that Schmidt?

The Dink is down, but not out.

Sunday the 14th, remnants of hurricane Ike rolled through my state and knocked out power to over 3,000,000 people, including yours truly.

This is why the page has been static since then.   When the power comes back up the updates will begin again.  There is no word when that will be.  The local power company says it may take up to seven days.

I had a few hiccups at first.  The page size was 40 instead of 75, which made for a 32 page list.  I changed that and noticed that version of the page code was still set up for 30 second timeouts so I got some negative speed ratings.

In between I noticed I was doing the proxy count for every page, not just the first page (it takes a while for 1,000,000+ proxies), but by the third time it was back to normal.  Now it’s running swimmingly.

In this version, the live proxies found during the discovery cycle are moved into the gold database with a “Type” of “PENDING” as soon as they are found.  Between page runs, when “Type” is changed to “Transparent”, “Anonymous”, etc., you (well, I – not you) can run a query on the gold database to see what’s coming up for the next page run.

Very nice.

In the middle of hacking away at this code yesterday, both IS-1 and IS-2 went dark.  IS-2 and its companion, “Curious Site 1″ (CS-1), went SERVFAIL dark.  That is, its host name was simply gone from DNS.

Gone.

IS-2 and CS-1 finally came back online in the evening, much to my relief.  IS-2 had moved to Frankfurt.  I’m not sure what happened with CS-1, but it came up as well.  That’s compelling evidence that they’re in cahoots.

IS-1 simply changed.  Previously, there was no default page in the root, but they allowed folder browsing (a stupid thing, but that’s how I found them in the first place).  My code was using that “feature” to get the timestamp on the proxy file.  Consequently, it didn’t run right.  I only noticed when I checked the page out in a browser (they’re into some shady “PayDay Loan” scam now).  But a new file was there in the same place and it had over 75,000 proxies in it.

If they ever change the file name, I’m screwed.

Now, if you’ve been following the Atrivo/EstHost shitstorm that has been going down in the last week, none of this is a real surprise.  I’m certain a lot of shady Web sites were motivated to get out of Dodge but it surprises me that IS-2 moved to Germany, where they have some pretty serious anti-hacking laws.  With that in mind, they may be moving again any day now.

There is no doubt in my mind that all three of these sites are up to no good.  However, I don’t work for an LEA (Law Enforcement Agency).  I’m only in it for the research.