Page 2 of 3
Posted: Mon Aug 01, 2005 3:23 am
by bokehman
How can you second guess what type of server or connection I have. Your answer is pathetic and shows a complete lack of understanding. My server and connection are perfectly matched to my use and that is all that matters. It doesn't make me either dodgy or mean I am operating through a proxy. I think you are just mad because you realise how stupid the logic of your script is.
Posted: Mon Aug 01, 2005 4:43 am
by fresh
sir, I have seen your website already, I have looked at your specs and they are not any faster or better than mine. Plus, to run your equipment 24 hours a day seven days a week is not free and actually accumulates a larger cost annually than what I pay annually, I guarantee that! Plus, what if your integrity is comprimised and the attacker deletes the access logs, database, and all your files; who will have your offsite backup? Oh, I bet you rent a vault and store your tapes there, right? Think, what if someone used your buggy gallery and injected some PHP, got to the system and started deleting everything? That would effect you personally as well, who knows what files you have in other directories on that server of yours. The point is that you are using the same PC to informally navigate the Internet while your webserver is running. You could just as easily set up a client node on your LAN and surf with that, which isn't foolish. Note, I said, anyone running a webserver and navigating the Internet at the same time is foolish. And, I will continue to stand by that and if that makes you out to be a foolish person then, you should take that as advice rather than an insult.
Posted: Mon Aug 01, 2005 4:56 am
by Revan
bokehman wrote:how stupid the logic of your script is.
Indeed, good thing serious websites don't do this.
Posted: Mon Aug 01, 2005 5:04 am
by bokehman
My server and the machine I use to surf the web are completely different but it just so happens they are on the same LAN network and that network shares the same WAN IP. I can't think of one good reason why I shouldn't use the same IP to surf the net and connect my server machine and you certainly haven't come up with one yet.
Also, just out of interest, how could you know the specs of my server. Maybe you could make a guess at the connection speed but the specs of the server?
fresh wrote:Think, what if someone used your buggy gallery and injected some PHP, got to the system and started deleting everything?
That is an old and completely unmaintained site and is purely html. There is no php code used there at all. The only thing that is php is the file extention of the html files. So how would someone go about injecting php into that site?
Posted: Mon Aug 01, 2005 5:31 am
by fresh
well first of all gentlemen, I was replying to a post about how to detect a proxy (which I did), remember the topic still? And I have yet to find compassion for your qualms with my script. I don't care what your second rate setup is like and how it conflicts with my logic, I am not here to cater to your complexes.
EDIT:
That is an old and completely unmaintained site and is purely html. There is no php code used there at all. The only thing that is php is the file extention of the html files. So how would someone go about injecting php into that site?
OK, lets see, this server is running Linux and Apache with PHP 4 installed.
Server: Apache/1.3.29 Sun Cobalt (Unix) mod_ssl/2.8.16 OpenSSL/0.9.6m
PHP/4.3.10 mod_auth_pam_external/0.1 FrontPage/5.0.2.2510 mod_perl/1.26
And you have php pages and a gallery which obviously uses a database.
Link:
http://www.moralet.com/gallery/albums.php
Link:
http://www.moralet.com/gallery/login.ph ... popup=true
And I am suppost to believe:
There is no php code used there at all. The only thing that is php is the file extention of the html files.
you mistake me as new?
Posted: Mon Aug 01, 2005 5:46 am
by Revan
fresh wrote:well first of all gentlemen, I was replying to a post about how to detect a proxy (which I did), remember the topic still? And I have yet to find compassion for your qualms with my script. I don't care what your second rate setup is like and how it conflicts with my logic, I am not here to cater to your complexes.
Do you even know what 'complexes' means? Once again, good thing no
serious site would do this, says a lot.
Good day to you ma'am.
Posted: Mon Aug 01, 2005 5:49 am
by shiznatix
give the guy a break! seriously i dont see anyone else coming up with a good idea as how to solve this. probebly the only way to do it would be get a large list of proxy servers and check the users ip against those and if it matches then its a proxy but thats really not going to be 100% accurate but still might be the best way to try it
Posted: Mon Aug 01, 2005 5:51 am
by timvw
fresh wrote:I was replying to a post about how to detect a proxy (which I did), remember the topic still?
And we told you it is retarded to think that you can detect a proxy only because there is a port accepting connections.
After that the only argument you came up with that you must be a foolish person to be in that situation.
Posted: Mon Aug 01, 2005 5:54 am
by bokehman
fresh wrote:well first of all gentlemen, I was replying to a post about how to detect a proxy (which I did), remember the topic still? And I have yet to find compassion for your qualms with my script. I don't care what your second rate setup is like and how it conflicts with my logic, I am not here to cater to your complexes.
Your script would only be valid if and only if it could detect a proxy without making mistakes. And even then just because someone is connecting through a proxy doesn't make them a spammer. As for your comments about my 'second rate setup' it seems you are just making those comment in an immature attempt to draw attention away from your errornous script.
Posted: Mon Aug 01, 2005 5:57 am
by shiznatix
girls, girls! simmer down this is not some slumber party pillow fight, no need to get so angry!
Posted: Mon Aug 01, 2005 6:04 am
by fresh
First off I am not a ma'am, boy! Secondly, you and bokehmam are a couple of douchebags whose opinions mean absolutley nothing to me. Thirdly, I think I have had enough of explaining myself to two fools, so continue to fight amongst yourselves. BTW, dude your wife is hot!
Posted: Mon Aug 01, 2005 6:04 am
by timvw
Now, if the script actually performed requests (So the process that accepted the connection is really a public proxy) it would be useful

Posted: Mon Aug 01, 2005 6:10 am
by Revan
fresh wrote:First off I am not a ma'am, boy! Secondly, you and bokehmam are a couple of douchebags whose opinions mean absolutley nothing to me. Thirdly, I think I have had enough of explaining myself to two fools, so continue to fight amongst yourselves. BTW, dude your wife is hot!
First of all, I'm matching your gender/sex assumptions, secondly, 'douchebags'? Very mature, very mature indeed, as empty an insult as 'fagget' is, could you lower yourself more?
Good day to you, ma'am.
Posted: Mon Aug 01, 2005 6:28 am
by shiznatix
timvw wrote:Now, if the script actually performed requests (So the process that accepted the connection is really a public proxy) it would be useful

so if you connected to the ip then requested a webpage like
http://www.google.com and it returned it then it would be a proxy otherwise it wouldnt even if they had a server on their computer
Posted: Mon Aug 01, 2005 6:33 am
by Roja
shiznatix wrote:give the guy a break! seriously i dont see anyone else coming up with a good idea as how to solve this. probebly the only way to do it would be get a large list of proxy servers and check the users ip against those and if it matches then its a proxy but thats really not going to be 100% accurate but still might be the best way to try it
Actually, there is already a large list that is maintained that does exactly that - it lists known open proxies that are commonly abused.
http://opm.blitzed.org/
You can do a simple dns check against their dns server, and if the domain is found, its an open proxy. Its fairly reliable, easy to use, and nowhere near as unreasonable as doing a portscan of a connecting computer.
Portscanning to detect a proxy is a good way to cause a denial of service to yourself and others. A few good spoofed IP addresses, a reflection attack, and suddenly your webserver is doing a thousand port attacks a minute against the whitehouse.
All of that said, the language and attitude in this thread is unacceptable. Mods, please, do some editing of the posts. Personal attacks, name-calling, and flat-out insults aren't part of our discussions here.
Fresh, I'm often in the minority in my views here, but I respect everyone enough not to insult the person. Focus on *helping*, not attacking. You'll find the forums, the people, and the world in general will appreciate you for it.