14 DAY TRIAL // A new service that will help administrators block open and anonymous proxies has been set up at proxybl.org. The system is fully automated and re-confirms IPs found to run open proxies at a predefined interval.
Proxy servers allow users access to services over HTTP or other protocols. Because they connect through them when accessing a resource, their IP is successfully concealed from the target. Such servers are generally used by network admins for controlled caching and load balancing, but when they are left "open," anyone can connect through them and achieve anonymity.
Though they do have some legit uses, open proxies are mostly employed by cyber-criminals and other abusers to hide their real identities online. "This DNSBL is for admins who feel that, considering the amount of abuse open proxies facilitate, the small percentage of legitimate use of these proxies is acceptable 'collateral damage' and wish to prevent all open proxies from connecting to a service they provide," the proxyBL creators write.
The service works by crawling the web for references of open proxies and checking the identified IP addresses. If, after the scan, an anonymous proxy server is found running, the IP is added to the blacklist. There are currently 126,857 possible open proxies being tracked, out of which 4,479 have been confirmed and listed.
Unlike some other DNSBL services, proxyBL does not accept removal requests. However, this does not mean that a host will be tagged as offensive forever, which would be a problem for admins who have failed to properly configure their legit proxy server and have left it opened. Instead, the system periodically re-checks each list entry.
The re-checking principles it follows are even more interesting. At the beginning, the system will verify each host after one hour of being into the system. However, if the host is still found to be running an open proxy, the interval of time until the next check will increase. "This means that the longer a host is a verified open proxy, the longer it takes for it to be removed. Call it karma," the proxyBL management notes.
Furthermore, if an IP is no longer accessible when re-checked, it automatically gets removed from the DNSBL and scheduled for a later test. Admins interested in using the service can access the DNSBL zone at dnsbl.proxybl.org, but the website also has a form for manually checking if a specific IP is in the list.
The backend software used by proxyBL is a modified version of DroneBL, an open source package developed by the DroneBL project and used to maintain a DNSBL zone of abusive hosts involved in spam campaigns, botnets, malware distribution, etc. The proxyBL admins can be reached on the #proxybl IRC (Internet Relay Chat) channel on the EFNet network.