Bye, bye, Macau! It was nice knowin’ ya.
Upon further hacking around with the Macau proxies I noticed they were extremely short-lived and very picky about what pages they’d serve up, so I did a special recheck on all of them.
They were all dead. Every last one.
I did this after putting the new server VM up. It is working well, although I missed the first run because my ftp settings were screwed up.
I have put up a short blog post about the transition here.
The old VM has been shut down.
May it rest in peace.
As it happens, all those Macau proxies work (that is, all that I have checked so far), but the trick is they send you to another IP (202.175.26.155).
Why?
Who knows.
I think at this point I’d attribute it to a clueless (or devious) ISP. Since they’re all transparent they don’t do much to hide your identity and given that they all go to the same IP, that address is likely to get blocked sooner or later by proxy-hostile sites. As always, use with caution.
Work continues on the VM move. The database has been moved over and I’m working on the scripts. I ran into a side issue of the GeoIP scripts (hacks I threw together before I took time to learn the API – which is actually quite simple). I need to clean that up, but at the moment it seems more trouble than it’s worth. I want to get this thing in production before the database gets too stale.
Yes, I’m still alive. And I’m still working on this mess.
I took a little nappy on the couch tonight. Woke up in the wee hours of the morning, and checked the list.
Two pages of proxies from 125.31.0.0/19 came from nowhere (also known as Macau).
Do they work for you? They sure don’t work for me. All those addresses seem to have been NULL routed since they were discovered. That is, packets go out but they don’t come back. I’ve tried tracerouting the IPs but I get stuck in a router loop after ten hops, when the packets hit ctm.net (CTM Internet Services, according to the whois record), the people who own the IPs.
This is very reminiscent of last year’s Bahrain Incident.
There’s definitely some sort of problem going on with CTM Internet Services, but whether they’ve been hacked or they’re new at the ISP business is anyone’s guess right now.
However, I’ve seen this coming. Proxies from Macau (“MO”) started showing up a couple of weeks ago. They screwed up the list because I didn’t have a flag for “MO”. As soon as I fixed that, more and more (MO and MO?) started to show up, culminated by today’s flood and NULL route.
I’m thinking Conficker, since the time frame is right, but it could be a coincidence.
In other news, I’m working on moving the project to another (virtual) server. I finally hit a wall with Xubuntu 7.04 (Feisty Fawn) and got stuck in the Land of Non-Support. Right now everything but the database has been moved over. This weekend looks good for a migration.
Wish me luck.
