Apparently, nearly every open proxy in Mexico goes through this box. Maybe that’s why they named it after a volcano.
Yes, I admit it. Since yesterday I’ve been resurrecting dead proxies right and left, entertaining myself by watching the HTTP headers fly by (I am easily amused). And going through the list I have noticed a few things.
For one, the “Proxies of 2008″ are dying off, which is to be expected. There are only about 60 or so left.
Second, this month, August 2009, has been a great month for proxies! Twelve full pages worth. August has also been a great month for Mexican proxies, with most of them discovered on the 15th. Most of them are going through the server in the title of this article. It’s a shame I never bothered to put the VIA header in the database. There’s a lot of good information there, lost forever. Oh, well.
August 2008 was also a good month for proxies. It was when we hit our first 1,000,000 boxes. And if anyone besides me remembers back then, September 2008 was extremely dry. Things did not pick up again until February of 2009.
Thirdly, the sites I mentioned yesterday as running “TeamViewer” all turned out to be a single IP address with 200 open ports (and probably more, since I started dropping any port less than 80 over a year ago). And although they were running TeamViewer yesterday, all of them are open proxies today (so far, 40 out of the 200 open ports are now reporting as Transparent proxies in the list – I just haven’t hit them all yet). Which means they’ll probably be dead tomorrow.
Here is the whois information on that particular IP:
Note they assigned a netname to a single IP address. This seems unusual to me, but it could be a common practice (in fact this ISP does it a lot, if you look here and search for “SXTY”). This probably at least partially explains the “here today, gone tomorrow” nature of Chinese proxies. But the tie-in with “This site is running TeamViewer” is still a head-scratcher. WTF is up with that?
I did solve my issue with the proxy judges that don’t return an Http-Referer header. They still all return the User-Agent header, so I use that as well. Still, I have a nagging suspicion that some proxy judges are lying to me. I would use my own (yes, I have one of my very own design), but I have found that a lot of servers in foreign countires have difficulties resolving mrhinkydink.com. Perhaps it may be useful as a backup of last resort for High Anon proxies (all the judges I use identify Transparent and Anonymous proxies faithfully).
Web site/false proxy detection (“Offline/WEB” in the database) is now rock solid. I used to depend on the headers returned, but you will often get an “HTTP 200 OK” result for a login page instead of the expected (some RFC dweebs would say “correct”) ”HTTP 403 Forbidden” result, followed by an “HTTP 302 Object Moved” to the login page. You can’t expect Web developers to play by the rules, since they’re morons.
Other Tidbits
I keep checking the Israeli obfuscator site manually, although it has been removed from the code. The name still resolves but the site times out and the nmap still shows port 80 as “filtered”.
I added “Cameroon’s favorite proxy list” under the page title, just for the Hell of it.
We added another 100,000 proxies to the database, hitting the 2.1 million mark this week. And there’s more than 107,000 proxies in the “gold” table (address/ports that are or were open proxies since March 2008).
Something isn’t right with the code. Right now there are 1140 proxies, but only 19 pages. At fifty per page there should be 23 pages. Come to think of it, this probably explains the missing proxies from 2008.
Unfortunately, I haven’t looked at the forum spammer’s reporting site since I started mirroring it.
Remember the Canadian hospital proxies? They’re all gone now. Someone figured it out and fixed it. Good for them!
