Jump to content

Meta:Open proxy detection/Explanation

From Meta, a Wikimedia project coordination wiki

When an IP-address has done an edit, a database with open proxy addresses is automatically searched. This database is periodically maintained and consists of more than half a million IP-addresses and IP-ranges. If a match is found, it is reported on this page.

This automatic reporting only takes place if the server of RonaldB is on-line. This is close to 24/7, but there might be drop-outs.

The system receives input from the irc-stream of recent changes. If the system is operational, it is logged-in with the name: op-nnnnn, in which nnnnn is a 5-digit number.

Look here for more (technical) background info.

Explanation of information provided

[edit]
type
This provides further info on the type of open proxy. If this is preceded by probably, it means that the IP-address has ever been published as open proxy, but the scanning module has not been able to confirm this to be the case.
Following types are discerned:
  • open proxy - a "normal" open proxy. The system does not provide the sub type (e.g. transparent, anonymous, etc.).
  • TOR exit node - an IP-address of the TOR network, by which servers on the internet can be accessed (which is not the same as a TOR onion node).
  • exit server - some open proxies use another IP-address (possibly a zombie) to access servers on the internet.
  • anonymizer - an anonymizing service, generally using a web interface (also called CGI or PHP proxy). The IP-address, by which that service is accessing the internet to request pages, is reported. This is not necessarily the same as the IP-address hosting the service.
  • web server - The IP-address, or the range it belongs to, is solely used for web hosting. It may be hacked or is hosting a CGI/PHP proxy.
  • JAP - also called JonDo, a rarely used and relatively small anonymizing network.
If the type designation is followed by an asterisk, this means that the IP-address is known in the database with multiple types. The type is shown with the most recent confirmed date.
in db since
The date the IP-address was first contained in the database.
first confirmed
The first date the scanner confirmed this IP-address to be an open proxy.
last confirmed
The most recent date the scanner confirmed this IP-address to be an open proxy. If the indication is Now !, this means that the open proxy behaviour has been confirmed by an "on-the-fly" check at the moment of editing. This can only be accomplished for "normal" open proxies.

The date information is used for the background-colouring of the entry. The darker, the more likely the IP-address is indeed an open proxy at the moment of editing.