Wikipedia:Open proxies noticeboard/Guide to checking open proxies: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 07:31, 6 March 2015 edit John of Reading (talk \| contribs) Autopatrolled, Extended confirmed users, Pending changes reviewers 787,572 edits m →How to confirm open proxies: Typo fixing, replaced: adress → address using AWB ← Previous edit		Latest revision as of 04:40, 18 March 2025 edit undo Elli (talk \| contribs) Edit filter managers, Autopatrolled, Checkusers, Oversighters, Administrators 58,422 edits m Elli moved page Wikipedia:WikiProject Open proxies/Guide to checking open proxies to Wikipedia:Open proxies noticeboard/Guide to checking open proxies: per parent move
(13 intermediate revisions by 8 users not shown)
Line 1: [[Open proxies]] are IP addresses that can be used by anyone anywhere with an Internet connection, usually with the intention of hiding the real origin. They are often used by vandals and sockpuppets to evade blocks, or sometimes it's just useful to know if the IPs you are dealing with are open proxies. This will tell you how to confirm whether an IP address really is an open proxy, in most cases using only your browser. ==How to confirm open proxies== # Step one: You would normally first have reason to suspect that an IP is an open proxy. There may be a banned user or sockpuppets using IP addresses from different countries, or the vandal or other users might mention it directly. There might be an IP already blocked as an open proxy requesting unblock.[~~http~~https://en.wikipedia.org/w/index.php?title=User_talk:89.18.180.142&oldid=318350560] The edit might malform some wikitext.[~~http~~https://en.wikipedia.org/w/index.php?title=San_Jose,_California&diff=prev&oldid=320637803] Proper spambots and vandalbots will also usually use open proxies.[~~http~~https://en.wikipedia.org/w/index.php?title=Santorum&diff=prev&oldid=316919186] If there are no suspects around then you might want to find a recently blocked open proxy for testing. # Identify the access point. You are hopefully going to use it yourself. Google the IP address. Do [[rDNS]] and [[WHOIS]] lookups. Be creative if you have to, like ~~look~~looking at neighbouring IP ~~address~~addresses ([[toollabs:ipcheck/iprange.php\|Tool]]). While you're there check if it looks dynamic. The first question to ask is whether it's a web proxy or an HTTP proxy. ## Does it look like a web server? Keywords to look for in search results are PHP-proxy, CGI-proxy, Glype, and NPH, as well as ___domain names. Do the rDNS and WHOIS suggest it's a dedicated server or hosting range? Open the IP address in your browser. Is there a holding page, or even a web proxy there? Find which sites are hosted on it using rDNS and Google. Nmap will almost always say that port 80 is open on webservers, but this does not necessarily mean there is an open proxy there. ## Or does it look like an [[SOCKS#Comparison_to_HTTP_proxying\|HTTP/SOCKS proxy]]? Such proxy IPs are always associated with a [[TCP and UDP port\|port number]]. The most usual ones are 80, 1080, 3128, 8000, 8080, 8888, but it could be any number up to 65535. These ports are usually displayed in search results following the IP address and a colon, for example 111.282.3.1:3128. They are, in so far as they obfuscate e.g. the user's original IP address and other data, sometimes [[Proxy_server#Anonymous_HTTPS_proxy\|referred to]] as "Transparent" or "Elite". Use the IP address with colon and port number in your browser's address bar. If the port is open there will usually be some response, but probably nothing very interesting. If a normal Nmap-portscan is used the ports will be said to be open, but this does not necessarily mean there is an open proxy. Nmap can, however, check via its scripts [~~http~~https://nmap.org/nsedoc/scripts/http-open-proxy.html http-open-proxy] and [~~http~~https://nmap.org/nsedoc/scripts/socks-open-proxy.html socks-open-proxy] ~~if they actually operate~~. ###An example would be: <code>nmap -P0 --script=socks-open-proxy --script=http-open-proxy.nse -p<ports to check> <host></code> ## Or is it another type of anonymiser? They are beyond this article's scope, but the same principles apply. For examples see [[:Category:Anonymity networks]]. # Connect to the proxy. If it's a web proxy go to its page in a browser. If it's an HTTP proxy change the network settings in your browser options. # Find your new IP address. Using your new proxy connection, visit one of those sites that tell you about your IP address. It might tell you you're now in China. GoMake sure you are not logged in and go to [[Special:Mytalk]] on Wikipedia. This will confirm you can use the same IP address to read Wikipedia. On any page (like your new talkpage) click edit, add a signature, and click preview. This will confirm without a doubt that you (and any other person) can use this IP to edit Wikipedia. Some people make confirmation edits to a sandbox, but since the IP user could be anyone this isn't as helpful as mentioning how you are accessing it so others can check. # Use your new found powers to check some IPs in [[CAT:OP]]. Hopefully this will show you both the open proxy attrition rate, and that confirming that an IP address ''isn't'' an open proxy isn't always as straightforward. Line 16 ⟶ 17: ==Port scans== [[Port scanning]], and [[nmap]], ''may'' help to identify which ports are open on suspect IPs, however, even when it says that proxy ports are open itthe default scan does not check to see if it is an open proxy using that port. It could be a closed proxy expecting authentication, or even a normal website. Open proxies cannot be properly confirmed by scanning, but only by using the proxy to fetch a page for you, in a similar way to that described above. Port scanning may have [[Port_scanning#Legal_implications\|legal implications]] in some jurisdictions, your network provider may have rules against it, and it's generally considered a bad thing. Moreover it's usually completely unnecessary. If you ''must'' use nmap, consider using the <code>-F</code> flag. ==Exit servers== Line 22 ⟶ 23: ==Duck test== It is not unheard of for admins to only use the [[WP:DUCK\|duck test]] when considering whether an IP is an open proxy. For example sometimes just being used by a banned user and having a holding page on port 80 is sometimes considered good enough. Use the duck test wisely. Keep the blocks relatively short unless you know what you're dealing with. Do not use [[DNSBL]]s (blacklists) for this purpose, as they are often stale and often misinterpreted. A common mistake is to block a legitimate closed caching proxy as an open proxy, simply because it has ports open. Test the suspected open proxy by connecting to it as explained [[#How_to_confirm_open_proxies\|above]]. ==Legitimate users== Line 29 ⟶ 30: ==See also== [[Wikipedia:New admin school/Blocking]] [[Wikipedia:WikiProject ~~on open~~Open proxies]] [[Wikipedia:Blocking IP addresses]] [[Wikipedia:Open proxies]] Line 38 ⟶ 39: {{New admin school}} ~~[[Category:Wikipedia New admin school\|Open proxies]]~~ [[Category:Administrator instructions\|Open proxies]] [[Category:WikiProject Open proxies\|Guide to checking open proxies]]