Jump to content

Meta:Open proxy detection/Explanation

From Meta, a Wikimedia project coordination wiki

When an IP-address has done an edit, a database with open proxy addresses is automatically searched. This database is periodically maintained and consists of more than half a million IP-addresses and IP-ranges. If a match is found, it is reported on this page.

This automatic reporting only takes place if the server of RonaldB is on-line. This is close to 24/7, but there might be drop-outs.

The system receives input from the irc-stream of recent changes. If the system is operational, it is logged-in with the name: op-nnnnn, in which nnnnn is a 5-digit number.

Look here for more (technical) background info.

Explanation of information provided

This provides further info on the type of open proxy. If this is preceded by probably, it means that the IP-address has ever been published as open proxy, but the scanning module has not been able to confirm this to be the case.
Following types are discerned:
  • open proxy - a "normal" open proxy. The system does not provide the sub type (e.g. transparent, anonymous, etc.).
  • TOR exit node - an IP-address of the TOR network, by which servers on the internet can be accessed (which is not the same as a TOR onion node).
  • exit server - some open proxies use another IP-address (possibly a zombie) to access servers on the internet.
  • anonymizer - an anonymizing service, generally using a web interface (also called CGI or PHP proxy). The IP-address, by which that service is accessing the internet to request pages, is reported. This is not necessarily the same as the IP-address hosting the service.
  • web server - The IP-address, or the range it belongs to, is solely used for web hosting. It may be hacked or is hosting a CGI/PHP proxy.
  • JAP - also called JonDo, a rarely used and relatively small anonymizing network.
If the type designation is followed by an asterisk, this means that the IP-address is known in the database with multiple types. The type is shown with the most recent confirmed date.
in db since
The date the IP-address was first contained in the database.
first confirmed
The first date the scanner confirmed this IP-address to be an open proxy.
last confirmed
The most recent date the scanner confirmed this IP-address to be an open proxy. If the indication is Now !, this means that the open proxy behaviour has been confirmed by an "on-the-fly" check at the moment of editing. This can only be accomplished for "normal" open proxies.

The date information is used for the background-colouring of the entry. The darker, the more likely the IP-address is indeed an open proxy at the moment of editing.