Jump to content

Open proxy checking


ozzzo

Recommended Posts

Posted into the SpamCop Discussion > Discussions & Observations > How to use .... .. yet, nothing included as far as a How to use ... tutorial or instruction set .. so making the call that this post is actually a question about output from the Parsing & Reporting tool .... with this post, moving this Topic/Post to the appropriate Forum section ....

A specific answer might have been offered if the actual IP address question had been offered up, as explained in numerous places about How to post a 'good' question ....

The generic answer is that IP addresses are submitted by the parsing tool to several other places for these types of checks. The parsing output of a spam submittal also includes the actual location of the place that lists the IP address as being an open proxy. There are numerous places that check for different things in different ways. Some don't get updated on a minute-by-minute basis.

Link to comment
Share on other sites

  • 3 weeks later...

I suspect that the OP was describing where, in the full report from submitting spam for reporting, it would say:

210.56.96.173 not listed in dnsbl.njabl.org

210.56.96.173 not listed in dnsbl.njabl.org

210.56.96.173 listed in cbl.abuseat.org ( 127.0.0.2 )

210.56.96.173 is an open proxy

210.56.96.173 not listed in accredit.habeas.com

210.56.96.173 not listed in plus.bondedsender.org

210.56.96.173 not listed in iadb.isipp.com

I would suggest that the OP is unfamiliar with SC terminology and used "email" to refer to the reports that I don't know the correct name for either. Like me, (s)he is probably dazzled by the numerous terms that normally have no sigificance until one actually is confronted with a situation where more information is needed or desired. There are tons of TLA's and FLA's that require definitions of definitions for one to translate and understand the significance. This is really foreign territory for someone who is not in IT and hasn't had the time, interest or need to study in-depth and doesn't work with this stuff every day.

I don't read this to be a request by the OP for specifics on a particular IP address so much as "Can sombody tell me, in simple terms, what an open proxy is? I don't know what a closed proxy is, and I'm a little uncertain of what a proxy is because I've seen the term used but the context didn't really help with understanding it." A simple "No, it cant be explained simply" would probably do the trick.

At least this one tried to do some research before posting here, which is more than I can say for numerous others who refuse to do anything before posting a question that is answered under 5 or 6 different headings. I followed the link that the OP included and found myriads of information that I already knew (at my current level of understanding), much that had no relationship to proxies but nothing that I found in a hurry that contributed much toward decyphering "open proxy". I can understand coming here for clarification.

Link to comment
Share on other sites

I suspect that the OP was describing where, in the full report from submitting spam for reporting, it would say:

spaceman jogged my memory and he may be right. The quick report replies, entitled: "SpamCop Quick reporting data" contains the parse of the spam with a section like:

x.x.x.x not listed in dnsbl.njabl.org

x.x.x.x not listed in dnsbl.njabl.org

x.x.x.x not listed in cbl.abuseat.org

x.x.x.x listed in dnsbl.sorbs.net ( 127.0.0.7 )

x.x.x.x not listed in relays.ordb.org.

which can include the x.x.x.x is an open proxy line.

Every one I could find in my evidence here was in this pair:

x.x.x.x listed in cbl.abuseat.org ( 127.0.0.2 )

x.x.x.x is an open proxy

Perhaps that second line is triggered by the listing at cbl.abuseat.org? The example spaceman provided seems to have been listed because of a possible naming issue, however: http://cbl.abuseat.org/namingproblems.html is linked from: http://cbl.abuseat.org/lookup.cgi?ip=210.56.96.173

Link to comment
Share on other sites

I suspect that the OP was describing where, in the full report from submitting spam for reporting, it would say:

I'll agree, but then note that he/she went to to talk about trying to 'test' an IP address which came back with negative results.

I would suggest that the OP is unfamiliar with SC terminology and used "email" to refer to the reports that I don't know the correct name for either. Like me, (s)he is probably dazzled by the numerous terms that normally have no sigificance until one actually is confronted with a situation where more information is needed or desired.

This begat the generation of a Dictionary here, then Glossary, and most recently, a Wiki that has 'technical terms' in use here defined.

I don't read this to be a request by the OP for specifics on a particular IP address so much as "Can sombody tell me, in simple terms, what an open proxy is? I don't know what a closed proxy is, and I'm a little uncertain of what a proxy is because I've seen the term used but the context didn't really help with understanding it." A simple "No, it cant be explained simply" would probably do the trick.

For starters, try Proxy here, which at least starts the definition process. As stated there, a Proxy is simply a bit of code that can do any number of things, so th question of Closed, Open, Abused, etc. depends on the context and usage of the specific Proxy .... the "specific IP address" response was based on the dialg in the initial query, again; "checking one that always came back 'not open'"

At least this one tried to do some research before posting here, which is more than I can say for numerous others who refuse to do anything before posting a question that is answered under 5 or 6 different headings.

I can't agree enough to this thought / comment .....

Link to comment
Share on other sites

Well, it is being abuse by somebody:

CBL The CBL - Composite Blocking List: cbl.abuseat.org -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=210.56.96.173

--------------------------------------------------------------------------------

XBL Exploits Block List (includes CBL): xbl.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=210.56.96.173

--------------------------------------------------------------------------------

SBLXBL Combined zone to reduce queries. Includes both SBL and XBL zones: sbl-xbl.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=210.56.96.173

--------------------------------------------------------------------------------

UCEPROTECTL2 UCEPROTECT®-Network Project - Level 2: dnsbl-2.uceprotect.net -> 127.0.0.2

Sorry 210.56.96.173 is Level 2 listed at UCEPROTECT-NETWORK. See http://www.uceprotect.net/rblcheck.php?ipr=210.56.96.173

--------------------------------------------------------------------------------

DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=210.56.96.173

--------------------------------------------------------------------------------

DRBL-VOTE-CARAVAN Distributed RBL node: Used within the Caravan ISP's network: vote.drbl.caravan.ru -> 127.0.0.2

spammers are not welcome here: abuse silence after 48 hrs

--------------------------------------------------------------------------------

I guess the last line above says it all :lol:

Link to comment
Share on other sites

DNSStuff has a utility that will check an IP address against most all of the major DNSbls (which will often be an indicator that the IP is a proxy of some time). To use this, simply enter the IP into the field called "spam Database Lookup" that can be found at the top in the middle row under IP Tests.

On a similarly related issue, I have been trying to find a tool to determine if an IP/hostname is a web proxy. I am a moderator on a large forum and we routinely check IP addresses from registered users to see if they match any other in the database, but often times, we can't tell if it is a proxy. The only way I know of to determine if an address is a proxy or not is by running a port scan on the IP address to see if any of the common proxy ports and open on the IP address and then trying to connect to them either through a web browser or telnet and see what the response is.

If anyone knows of a better method of determining this, I would be most grateful for the information.

Thanks, and sorry if I've hijacking the thread. Feel free to PM me if the OP or the mods want to keep this discussion on topic.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...