 
Full Disclosure mailing list archives
Re NiX API
From: "TOR" <fulldisc () tor hu>
Date: Fri, 10 Jun 2011 02:33:52 +0200 (CEST)
Im not saying our system is 100% and unbreachable but I do know it does give you reasonable protection to address this issue.
Again, of course it provides some protection, I'm just not sure about the 'reasonable' part. The big issue is with the false positives.
hosting provider or not. Needless to say, this is very hard work.
One of my points was that many legit users end up using a datacenter's hosting IP.
web proxies by whole world are hosted of course in hosting providers datacenters
Blocking web proxies would be OK, but you're blocking the whole provider because of it, refusing payments from the maybe hundreds or thousands of IP's that were never proxies and my be used by regular customers.
thousands of hacked dedicated servers as well to this list that are being used for scraping, hacking attempts, brute forcing and so on.
Blocking servers that have done portscanning in the last week/month would be reasonable too, I guess. But from what I've seen (again, look at your stats) you put the whole /24 on block (as part of your 'very hard work') and probably leave it there for months.
We leave this decision to you what to block or allow.
After a while it just seems like with that much effort of always adding/removing hosts one could just use his own blocking lists.
Im happy to hear you're using similar technology. You've just said yourself why you do want to block proxy users.
Block them from coming back with a proxy to sign up for free, YES. Blocking paying users, NO. There is a big difference.
This is true indeed. But if you would have 50 fraudulent purchases in a short period. What would you do? You sell TV's. Someone will order a $2500 nice new TV from your online shop. OK, you go and check this client IP it's a proxy or Tor exit node.
If it's a TOR exit node, probably not. If it's some IP that belongs to a data center, probably yes. To make a decision, I would more rely on inconsistency between credit card country, geoip, and where the item will be shipped to. Blocking just based on the IP is a bad idea, and this has been my point all along.
Im happy to hear it works out to you. A few days ago, i received an email from https://www.proxpn.com/ admin that he suspended fraudulent user VPN account due to the abuse. A fraudster used a stolen credit card using their VPN to purchase a service from us. Needless to say, their CIDR's has been also added to this list.
Cool story, bro. We probably agree for the most part, proxy IP's are suspicious I'm just saying I don't necessarily agree with your definition of what a proxy is and the idea of blocking customers blindly based on your list. Anyway, the whole thread seems kind of offtopic to FD so no more replies from me. The only reason I replied in the frist place was to share my two cents related to the subject based on my experience with blocking proxies, Paypal chargebacks and to speak out for the legit customers who are 'suspicious' in your list but still pay for TorVPN. Regards, http://torvpn.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re NiX API TOR (Jun 09)


