Just a quick question given I use a proxy to get on here to hide 'questionable' sites like this from being seen on my home router, and given the recent event over the double accounts, I was wondering; How do the mods deal with people connecting through proxies that seem to have the same IP address?
How are proxies dealt with here?
- Thread starter Mink
- Start date
- Status
AFAIK, you shouldn't need to worry about it. There is a huge huge list of proxies out there, the chances two people on here using the same proxy are slim. But I'm sure the request forum or emailing Moo if that isn't possible to explain why you're innocent.
But I can't see it being a problem as I said.
But I can't see it being a problem as I said.
Meh, I just worry a lot, and the one I use is pretty popular(ninjacloak) so, maybe I'm just over cautious :/
B
Butterfly Mage
Guest
I usually connect to the internet by using my cell phone as a modem. I'm pretty sure my wireless provider uses a proxy because the service pre-compresses images before they are displayed. Thus far, connecting in this way has not made it difficult for me to access this site.
PostTenebrasLux
Est. Contributor
- Messages
- 398
- Role
-
- Other
I used to use a fairly elaborate proxy setup (don't ask me to explain--I can't--I just knew if it was a physical object, and if I dropped it, it would have shattered into a million shiny pieces, and probably would have started a fire).
I don't use it now, because it was waaaay too slow. And, I figure that in the long run it's best to hide in plain sight. I didn't want to arouse suspicion by sneaking around the digital world, especially when I have no idea how to do it right.
I don't use it now, because it was waaaay too slow. And, I figure that in the long run it's best to hide in plain sight. I didn't want to arouse suspicion by sneaking around the digital world, especially when I have no idea how to do it right.
Spiro910
Est. Contributor
- Messages
- 381
- Role
-
- Diaper Lover
- Babyfur
A connection that allows multiple remote connections connect to the internet through it (hiding the original connection's IP from simple IP-logging websites, it would take many more proxies to completely hide your IP from highly sophisticated tracking protocols).
- Messages
- 5,568
- Role
-
- Private
If I recall correctly, I used to have code installed that would automatically detect the use of a proxy, and identify the user's real IP behind the proxy.
More recently, I think we switched to simply dealing with proxies on a case-by-case basis.
Suffice it to say, either way, if two people used the same proxy, we'd notice, but we'd also notice that it was a proxy, rather than their real IP.
More recently, I think we switched to simply dealing with proxies on a case-by-case basis.
Suffice it to say, either way, if two people used the same proxy, we'd notice, but we'd also notice that it was a proxy, rather than their real IP.
DannyTheNinja
Banned
- Messages
- 852
- Role
-
- Private
I'm gonna break the mold here and explain a little on how this works.
A proxy works by sending an HTTP request to a server on your behalf and then returning the server's response. The server sees the connection, but the proxy can also reveal the IP that it got the request from. This is done via a special client header called X-Fowarded-For.
What are Client headers? They are what your browser sends to the server in order to ask it for information. Client headers are where the the server is told which page you requested, what cookies you have, what browser you're running, and a few miscellaneous things such as your language preferences and what types of compression your browser supports. I ran a simple web server that echoes back your request headers on my laptop, and this is what I got for Firefox 3.0 on Ubuntu Linux:
When you browse through a proxy, most of the time the proxy will sneak an extra header into there that looks like:
That's where your real IP address is revealed through a proxy.
Of course, anybody could pretend to be a proxy and send that header through, so the webmaster needs to differentiate between a few different options: Trust only certain proxies' X-Fowarded-For headers, trust all X-Fowarded-For headers, or block requests that contain an X-Fowarded-For header.
Trusting only certain proxies will work if you don't get a lot of proxy traffic and have a list of "approved" proxies for your site. It is high-maintenance but the best compromise between your users and your site's integrity.
If all proxies are trusted, that means anybody can send an X-Fowarded-For header and masquerade as some random IP. An open proxy scanner might fix this, but this would greatly slow down requests for all proxies - both legitimate and spoofed. This would be used on a site where proxies aren't a big deal.
If a webmaster is concerned heavily with the security of his website, he/she will do the latter. It is the only way to make sure that IP addresses will never be spoofed through a proxy.
Always, always, ALWAYS, X-Fowarded-For headers should be checked to ensure they're not originating from a private/non-routeable subnet (192.168.0.0/16, 172.16.0.0/20, and 10.0.0.0/24 I believe are the official ones).
X-Fowarded-For headers are always done at the web application level - Apache (or whatever webserver is being used) will almost never change REMOTE_ADDRESS based on a simple client header. It's waaaaaay too easy to fake it!
So, those are the options. Every webmaster will have different opinions on how proxies should be handled; at ADISC, I would assume that Moo would lean towards the latter option because that is fair to users and ensures the best security for the site overall.
Note that good networks like Tor don't send X-Fowarded-For headers. Even if someone running an exit node modified their local copy of Tor to send them, they wouldn't have any ability to reach them because exit nodes have no idea what the original IP is.
--Danny :ninja:
A proxy works by sending an HTTP request to a server on your behalf and then returning the server's response. The server sees the connection, but the proxy can also reveal the IP that it got the request from. This is done via a special client header called X-Fowarded-For.
What are Client headers? They are what your browser sends to the server in order to ask it for information. Client headers are where the the server is told which page you requested, what cookies you have, what browser you're running, and a few miscellaneous things such as your language preferences and what types of compression your browser supports. I ran a simple web server that echoes back your request headers on my laptop, and this is what I got for Firefox 3.0 on Ubuntu Linux:
Code:
GET / HTTP/1.1
Host: localhost:9000
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1b2) Gecko/20081209 Firefox/3.1b2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Code:
X-Fowarded-For: 67.49.145.24Of course, anybody could pretend to be a proxy and send that header through, so the webmaster needs to differentiate between a few different options: Trust only certain proxies' X-Fowarded-For headers, trust all X-Fowarded-For headers, or block requests that contain an X-Fowarded-For header.
Trusting only certain proxies will work if you don't get a lot of proxy traffic and have a list of "approved" proxies for your site. It is high-maintenance but the best compromise between your users and your site's integrity.
If all proxies are trusted, that means anybody can send an X-Fowarded-For header and masquerade as some random IP. An open proxy scanner might fix this, but this would greatly slow down requests for all proxies - both legitimate and spoofed. This would be used on a site where proxies aren't a big deal.
If a webmaster is concerned heavily with the security of his website, he/she will do the latter. It is the only way to make sure that IP addresses will never be spoofed through a proxy.
Always, always, ALWAYS, X-Fowarded-For headers should be checked to ensure they're not originating from a private/non-routeable subnet (192.168.0.0/16, 172.16.0.0/20, and 10.0.0.0/24 I believe are the official ones).
X-Fowarded-For headers are always done at the web application level - Apache (or whatever webserver is being used) will almost never change REMOTE_ADDRESS based on a simple client header. It's waaaaaay too easy to fake it!
So, those are the options. Every webmaster will have different opinions on how proxies should be handled; at ADISC, I would assume that Moo would lean towards the latter option because that is fair to users and ensures the best security for the site overall.
Note that good networks like Tor don't send X-Fowarded-For headers. Even if someone running an exit node modified their local copy of Tor to send them, they wouldn't have any ability to reach them because exit nodes have no idea what the original IP is.
--Danny :ninja:
- Messages
- 5,568
- Role
-
- Private
Update: open proxies (the type of proxy that allows anyone to connect) should be blocked at ADISC, and you will not be able to use them to access the site. This includes the use of 'Tor'. People are still allowed to connect via closed proxies, though.
Just wanted to add that some people don't have a choice with regards to the use of proxies. For example, my ISP (Starhub in Singapore) uses a transparent proxy for all http requests, and there's no way to bypass that proxy. This has, of course, caused much pain, for example, with websites like RapidShare, and even Google (which thinks the proxy is abusing the service due to the number of requests).
DannyTheNinja
Banned
- Messages
- 852
- Role
-
- Private
An ISP proxy will be considered a "closed proxy."
--Danny :ninja:
--Danny :ninja:
- Status