WinMX World :: Forum

Discussion => Think Tank => Topic started by: Pri on March 23, 2013, 08:15:43 am

Title: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 23, 2013, 08:15:43 am
The aim of this thread is to share with you tools and information to enable you to easily stop people who spam your chat room using vulnerable or hacked servers which have been turned in to proxy servers.

This has always been a problem on WinMX since the creation of the network but in the last few years (Since around 2008 to present) the problem has become more annoying as someone has written a "very good" spammer program that is multi-threaded and able to spam a room with hundreds of proxies simultaneously. This has made previously developed tools like my own Proxy Blocker less effective.

In 2009 I released the first version of my Proxy Blocker and it has been continually updated since then, it does still work but you need to make sure you have it configured correctly so it can protect your room properly. I'm going to detail how to do that in in a second. The other thing you should do is use Peerblock with an Anti-Proxy list. I have developed three such lists and I'll show you how to use those too.

So first of all lets just explain what a proxy is and how the attacker uses them. A proxy server is a computer on the internet that acts as an intermediary between two other computers. So when an attacker wants to get in your room without you knowing who they are they simply forward their clients traffic through one of these servers and then your Chat Room Software is unable to see the persons true IP Address and instead sees the Proxy Servers.

There are literally thousands of "open" proxy servers setup all around the internet. Most of these are setup by criminals. They hack in to someone else's server and install the proxy software without the owner knowing. Then they will use these proxy servers to send spam emails, click on advertisements on the websites they own (this is known as click fraud) and once they've used the proxy for all their own activities they will sell the information to access this server online. That's the last stage of the attacker using the server for their own financial gain.

Now once they sell the servers information it will become known to the public and this is where the bottom feeders come in. People like the ones spamming our rooms. They scour these proxy websites and collect all the IP's posted (Many of these sites post 1,000 to 3,500 new proxies per day) and then he loads them in to whatever program he has to spam with and their attack begins.

So that is what a proxy is and how they originate and who uses them. What about blocking? Well as I said before there is my Proxy Blocking software you can run.

To use it you need two things, the first is a compatible Chat Server such as WCS, ZCS, RSWCS, or FXServer. If you're not using one of these I highly recommend you switch to one of them. Personally I recommend WCS but I understand not everyone is at the same level when it comes to editing configs. Out of all those servers, WCS, FXServe and RSWCS will work with every feature that the Proxy Blocker supports.

The second thing you will need is a version of the Metis chat bot that supports web lookups. The proxy blocker is designed to work with Metis v2.82 or higher, using a lower version it will not run. To get a copy of this Metis or an entire installer that is much easier to use you can download those here: http://www.mxpulse.com/board/viewtopic.php?f=9&t=405 These Metis versions are made by myself but the source code is available and they are fully compatible with all the scripts you already use.

Now that you have both of those things you just need to install the Proxy Blocker in Metis. You can download the latest version of the Proxy Blocker at his page here: http://www.mxpulse.com/board/viewtopic.php?f=9&t=194

So lets just detail what the Proxy Blocker does.

1. It will kick out Proxy servers when they enter your room.
2. It will automatically download and ban the IP's of proxy servers that are currently (within the past 5 minutes) being banned in other rooms.
3. It will "Lock" your room for up to 60 minutes in the event a large scale Proxy spam attack begins on your room.

Now the first feature is self explanatory but I just want to go over the other two.

The 2nd feature will pre-ban, that is ban IP's before they enter your room if the Proxy Blocker detects that those IP's are being used in other rooms. What this means is, if a large scale multi-room spam attack is happening the amount of IP's that the spammer can use diminishes extremely quickly as all the rooms together become "detectors" sharing their information through our Proxy Blocker communication server. This is done in a secure way with our server verifying that all bans placed by the Proxy Blocker clients are actually real proxies. The API always treats the client software as hostile and verifies all information itself.

The 3rd feature, the locking system. The way this works is if three proxies enter your room within 60 seconds the bot executes the command /limit 5. This makes it so no one can enter your room (If you already have over 5 users inside which is assumed). The proxies will keep attempting to get in but will all be blocked. This has a bad side effect that nobody even legitimate users will be able to gain entrance but that is why this is a last ditch effort to stop spam and it automatically turns itself off after 60 minutes.

Due to that 3rd feature having a negative side effect it is off by default and you have to turn that feature on manually by typing !lockdown on just to be clear, typing this doesn't lock your room that second, it simply gives the software the permission to lock and unlock your room when an attack starts. So you only need to type this command once and it will "just work".

If the event your room locks but you know the attack has ceased and you want to override the feature and open your room again simply type /reload in your chat from your normal client you talk with (not from the bots window) and it will override the /limit set by the script.

Something to keep in mind, for this feature to work your Bot needs high level access in your room, otherwise it will issue the command and nothing will happen. You also need to make sure your Bot has a high enough access to use /kick, /ban and view the IP Addresses of users who enter. Without these things the bot won't be able to protect your room from proxies.

So that's the bot and Proxy Blocker. The last part is a prophylactic measure, Peerblock Anti-Proxy lists.

Now Peerblock is a piece of software you can run on Windows which acts like a Firewall except instead of blocking Port Numbers it blocks IP Addresses. It is completely safe to use Peerblock with your own Firewall software it will not interfere at all and Peerblock is not a replacement for a Firewall you already use as again it blocks IP's and not Ports.

You can download the latest version of Peerblock from their website here: http://peerblock.googlecode.com/files/PeerBlock-Setup_v1.1_r518.exe

It supports Windows 2000, XP, Vista, and 7. I don't know if it works on Windows 8, if you use Windows 8 and tried it please reply and let us know if it works or not.

When you first run Peerblock it will have a few lists already in it that you can tick or untick. I recommend you not to use these lists as they are grossly inaccurate but that is just my advice and you're free to ignore it.

Once you have Peerblock installed you will open the program and select "List Manager" in the top left. Then in the bottom right select "Add". This is where you will add the lists. Here is the information for the three lists I produce. (I suggest you don't view these lists in your browser as the lists are enormous and may lockup your browser).

Block Proxies: http://blocklists.mxpulse.com/pri.proxy.blocklist.php (Updates every 4 hours)
Block Bad Servers: link removed by request (Updates every 24 hours)
Block Tor Exit Nodes: http://blocklists.mxpulse.com/pri.tor.exitnode.blocklist.php (Updates every 4 hours)

This is what the menu should look like when you're filling each list in (You need to do this for each list separately)

(http://forum.winmxworld.com/proxy.php?request=http%3A%2F%2Fi.imgur.com%2FQCHjkSA.png&hash=55efead48f407d681d81a9b98e43746d)

Now to just quickly go over each list and what it blocks. The first list simply blocks Proxy Servers (HTTP, HA1, HA2, SOCKS4, SOCKS5 etc) that are found on Proxy Server listing sites. My software "scrapes" the content of these sites, verifies the Proxy Servers work then compiles this list once every 4 hours. These lists cannot be used by Proxy seekers as the Port Numbers are all removed.

The 2nd list blocks "Bad Servers" basically servers that send spam emails, spam forums, spam comment fields on blogs, spam guest books and have also been known to operate as proxy servers. Bad Servers are mainly hacked servers and the owner isn't even aware of what is happening.

The 3rd and last list is the Tor Exit Node list. Tor stands for "The Onion Router" And it is a proxy service originally funded in part by the U.S. Naval Research Laboratory. It was designed as a way for dissidents, freedom fighters and agents in foreign countries to be able to organise and disseminate information without being blocked or snooped on by their countries government. It is very easy to use which is why it has previously been a staple of the spammers arsenal on WinMX. They very seldom use Tor now because my software blocks it so completely but we have to keep blocking it because as soon as we don't they will go back to using it again due to its high reliability.

So once you have added these three lists to your Peerblock it will download the lists from my server and it will automatically update them once every day. Make sure however you tell Peerblock to update once a day in its settings, by default it only updates once every two days which is too long.

And with all of this your room should now be protected. The peerblock lists will bring down the volume of the attack immensely taking out 99.9% of it. The room bot will then handle the rest. If you need any help with any of these feel free to reply here or to PM me, I am more than happy to come to your room and talk you through setting any of this up.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: PlanB on March 25, 2013, 05:55:30 pm
How is your list any diffrent to this? http://www.winmxgroup.com/index.php?id=peer-block that has been running for months?

Where is your server based? i know ure a US citizen is your server US based?
Do you keep logs? even apache? You code states you "Send the roomname to the Analytics API". What are you analyzing?
 
Why do you need my name room i joined and IP? Really concerns me this, especially when winmxunlimited is josh!!! Why do you need all that information, id certainly never join a room with it running? Its a huge invasion of privacy.

edit
a few lines down

If this user was detected as using a proxy, send the IP, Username and Room Name to MXPulse (Analytical data for Pri)

This shouldnt be supported here, anyone using a proxy for legitimate purposes can be traced by you, this is a massive invasion of privacy, i will speak to a few others but i dont think we should be supporting this at all.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 25, 2013, 06:12:29 pm
Ok I see you have looked at the source code of the script and that is great! - I will now go over your questions and reply to each one.

How is your list any diffrent to this? http://www.winmxgroup.com/index.php?id=peer-block that has been running for months?
That list is for primary threats. It isn't blocking Proxy Servers, compromised servers or spam bots. What it is blocking is companies known to be Anti-P2P. That list is more for people who are concerned about the MPAA, RIAA and other associated copyright defenders from making a connection your computer system. My list is all about blocking malicious users (not companies) who are trying to spam your chat room with threatening messages.

Where is your server based? i know ure a US citizen is your server US based?
I am not a US Citizen, my server is 2 feet away from me in my home in England, United Kingdom.

Do you keep logs? even apache?
I do keep access logs for the IP's that access the Peerblock lists I've provided above. And I also keep logs for API calls the MXPulse service. I don't know what logs Josh keeps on his WinMXUnlimited service but I would assume he keeps some. His proxy service serves hundreds of thousands of queries every day, much more than just those from WinMX. We developed the Anti-Proxy software together.

You code states you "Send the roomname to the Analytics API". What are you analyzing?

When the Proxy Blocker software performs proxy checks it only sends the IP Address of every user that enters your room to WinMXUnlimited.net's Anti-Proxy detection service. Nothing else is sent about the user to that service apart from the IP Address. The Analytics part of the script that sends the IP, Username and Room Name to my server (MXPulse) only happens when the Proxy Blocker receives a detected response from the WinMXUnlimited API. Basically if a proxy enters your room and it gets detected then their Username, IP of the Proxy Server and your Room Name are sent to me. I use this information to track proxies, figure out where they are getting them from (There are hundreds of sites offering free proxies) and also to track the usefulness of the software and how it is being deployed.
 
Why do you need my name room i joined and IP? Really concerns me this, especially when winmxunlimited is josh!!! Why do you need all that information, id certainly never join a room with it running? Its a huge invasion of privacy.

Again that information (Room name, IP of user joining and their username) is only sent to me once they have been identified as a proxy by the software. I don't get that information unless they are using a Proxy Server. And 99% of the time the username is not their real name, they have either made one up, randomly generated it or are cloning another user on the network.

And about joining a room with it running, I'd estimate that about 1/3rd of the rooms on WinMX already use the software. Maybe even some of the ones you already frequent. I do not believe it is a huge invasion of privacy because you have incorrectly read the source code of the Proxy Blocker and are under the impression it sends the Username with the IP every time someone enters your room when in-fact it only does that for users who have already been detected as Proxies and thus are hiding their real identification. What we have is in the truest sense of the word, fake information for an IP that isn't theirs.

I hope that clears it up! =)

EDIT: You edited your post before I had a chance to reply, just to reply to this new section:

This shouldnt be supported here, anyone using a proxy for legitimate purposes can be traced by you, this is a massive invasion of privacy, i will speak to a few others but i dont think we should be supporting this at all.

The Proxy Blocker I make has been supported here for a long time. Since I first posted it in 2009. Ghostship has even made a guide on here previously that included links to the Proxy Blocker and the Peerguardian (Now Peerblock) lists that I've produced. This isn't a new thing, it has been available for literally years and solves the issue of spammers for the hosts who choose to use it. If people don't want to use the Analytical parts of the Proxy Blocker they are more than welcome to modify the source code which is not obfuscated in any way as my license allows them to modify and redistribute as they see fit and I welcome any improvements.

EDIT: Here I found the Guide that has my Anti-Proxy methods: http://www.winmxworld.com/tutorials/chatroom_pest_prevention.html
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: PlanB on March 25, 2013, 06:26:48 pm
Yes but i use a proxy every day, so every-time my proxy could be detected in one of these scripts you could potential see every room i try and join with this, i dont use a proxy to spam rooms, and i use my name.

 Where i can i opt out to this invasion of my privacy at least as part of UK Law? Never mind many other legitimate users of proxy services.

 If lots of people are using it then thats great, thats the great choice in life, So who else has access to this long list of IP services i use with my name on it? you have got to see here why im mega pissed at what ive seen. Considering the whole point of me using proxys is to protect my online privacy. And you are breaching it left right and center, and your not someone like Josh id like to be able to trace me online. Im sure if people where aware of that potential they wouldnt use it at all!
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 25, 2013, 06:37:05 pm
Yes but i use a proxy every day, so every-time my proxy could be detected in one of these scripts you could potential see every room i try and join with this, i dont use a proxy to spam rooms, and i use my name.

 Where i can i opt out to this invasion of my privacy at least as part of UK Law? Never mind many other legitimate users of proxy services.

 If lots of people are using it then thats great, thats the great choice in life, So who else has access to this long list of IP services i use with my name on it? you have got to see here why im mega pissed at what ive seen. Considering the whole point of me using proxys is to protect my online privacy. And you are breaching it left right and center, and your not someone like Josh id like to be able to trace me online. Im sure if people where aware of that potential they wouldnt use it at all!

There is no opt-out. This is no different to you visiting a website and them handing off your browser user agent and IP Address to an Analytical service like Googles or to an Ad Network. It is perfectly legal for a host of any service to keep access logs and to share those logs with other people.

And yeah if you visited a lot of rooms using a public Proxy Server it would be tracked between rooms if you used the same username. But what does that information afford me? I don't know who you are, I've never seen your username before to my recollection. If you use a private server or a VPN/VPS then you won't be tracked, just using public insecure proxies is what gets detected and tracked by our service. Things like TOR, HideMyAss and similar services are what we detect.

Room hosts are just sick of people abusing their trust by changing their names when they are supposed to be banned, using proxy servers to get around bans and spamming their rooms with automated programs. I am merely providing them a solution and as you can see by the download counts on my site (100+ for each version) it is something a lot of hosts want and use.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: PlanB on March 25, 2013, 06:50:50 pm
Yes and google and the such are bound with contracts and LAWS to provide privacy protection to its users threw encyption and controlled destroying of data, do you encrypt this data? what is your method of destroying this data? You are just a person, that has signed or agreed no contracts to anyone. You shouldnt be harvesting and storing this data, you are certainly breaking the law by not meeting any details within the data protection act? do you meet anything in that regard? Your basically just someone that has made a script without thinking of anyones personal safety. And to me that is truly very silly, and dangerous thing to have put yourself into. I dont know you from adam, and i have no idea who your third parties are if any. You offer no privacy contract, and i strongly think your probably breaking UK law by doing this.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 25, 2013, 06:59:27 pm
I'm going to have to educate you on the law now. There are two parts to the data protection act which make it null in this circumstance.

1. Section 29 - Crime and taxation. Data processed for the prevention or detection of crime, the apprehension or prosecution of offenders, or the assessment or collection of taxes are exempt from the first data protection principle.

In this section of the DPA it is okay to keep data for the prevention of a crime. If you intend to use a Proxy Server to commit a crime (Such as the death threats made in my own room by Proxy Users) we have the right to track this behavier.

2. The definition of personal data under which the DPA is confined is classed as data which relates to a living individual who can be identified through said data.

This data includes: race, ethnicity, politics, religion, trade union status, health, sex life or criminal record.

None of which we log. Basically what this means is none of the data we have about you can be used to identify who you are. We don't have your real IP Address, we don't have your country of origin or your internet service provider. We don't have your real name, your place of residence your political affiliations or religion. We don't even know your skin color let alone what you look like.

This all basically means the DPA does not apply. The only data we have is the room name of the room you entered the proxy server you were using and your Alias. And again that is only if you actually use a proxy in the first place.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: PlanB on March 25, 2013, 07:10:09 pm
You record my name and ip, also the room i join. this is personally identifiable information. used with other evidence notably my ip is a massive map. Your spouting organisational law, and missing the storing of personally identifiable information. Please, let me correct you on your understanding of the law.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 25, 2013, 07:12:28 pm
You record my name and ip, also the room i join. this is personally identifiable information. used with other evidence notably my ip is a massive map. Your spouting organisational law, and missing the storing of personally identifiable information. Please, let me correct you on your understanding of the law.

The IP we have is a Proxy. It isn't even your IP, thus it isn't personally identifiable information. For someone that says he uses Proxies to protect his privacy you sure seem worried it is doing exactly the opposite.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: PlanB on March 25, 2013, 07:27:44 pm
Your completely missing the point, you will have a log with my name attached to many ips sure, but that would be fantastic evidence used with other evidence even from my proxy provider, a court would grant that warrant to recover that information based upon your information. Your entire lack of understanding privacy law when you harvesting data truley is astounding, you seem to have no grip on the effect upon people, like myselves privacy you are having.

Stick your head in the ground all you wish.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: silicon_toad2000 on March 25, 2013, 09:08:33 pm
just going back a few paragraphs

what is the data retention policy pri?
what do you keep and how long for?
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 25, 2013, 09:11:57 pm
just going back a few paragraphs

what is the data retention policy pri?
what do you keep and how long for?

This is the only information I ever get: The IP Address of the Proxy Server being used, the username of the person using the proxy server and the channel name that the proxy server entered. The information is pushed to me in a notification, it gets stored for a couple hours at most.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: silicon_toad2000 on March 25, 2013, 09:43:37 pm
doe that cover all data used/collected by the script?
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 25, 2013, 09:59:08 pm
No there are a few other things, let me detail all its internet usage.

1. It connects to my server when it's first run to download a small piece of text. This text is compared to a code inside the script and is used to verify that the Metis being used has a working internet connection. No data is sent in this query it only downloads the code and compares it, if the two codes don't match then it tells the admins their Metis is probably too old to run this script.

2. It checks my server to see if there is a new version of the script available. No information is sent in this query either, it just downloads a small text file that contains the current version number of the script as available on my site and compares it to the version number inside the script itself. If the two versions don't match it tells the user a new version of the script is available and links them to the download page.

3. It downloads an API health file from my server (MXPulse.com) which tells the script which API's are online, WinMXUnlimited, MXPulses etc and it can also deactivate the local cache in the script. To view the API status in-room you can type !proxy status. This is used to turn off an API that may be down to stop the script from querying it or it may be used to switch off the local script caching in the event that one of the API's was giving bad data for a non-specific amount of time and there may be non-proxy IP's being banned as proxies even after we fix the API due to the cache. These features are just for redundancy handling.

4. It downloads a whitelist file from my website, this contains IP Addresses which should not be banned for being Proxies. This list is used when previously detected Proxy IP's are no longer known as proxies and they should not be detected. I can't remember this feature ever actually being used and the whitelist remains blank, it is just a safety net. There is also a local whitelist for room owners to edit which is seperate to this one that the script downloads from me.

5. When a user enters your room it sends their IP Address (And nothing else) to winmxunlimited.net, winmxunlimited.net goes through its vast database of known proxies, access the TOR network and StopForumSpam & ProjectHoneyPot.com. It then sends a response back to the script which is either 0 = Not a proxy, Tor = Tor Proxy or Public = Random public proxy

6. Once a user has been detected as a proxy their IP, Username and the Room Name they just entered is sent to MXPulse.com (my site) and it is then displayed to be in a text notification if my computer is on. Once that notification goes away it is gone, the information is NOT stored in any kind of database and is not logged. Even the Apache log for my webserver doesn't list httpget queries so the content of the notification is not even stored inside the apache log, the only thing stored in there about the query is the IP Address of the bot that queried the API, the contents of their query are not saved in the log.

7. If a proxy has been detected and it's done all that above, it now loads a page at winmxunlimited.net to download a list of recently detected proxies. Basically any IP that was sent to winmxunlimited.net which was identified as a proxy gets cached for 5 minutes by winmxunlimited.net and then it gives that list to the Proxy Blocker when it queries the winmxunlimited.net site. This is called the pre-emptive banning system and it basically means that if a spam attack is happening across multiple rooms their recently detected proxies all get banned very quickly to keep all the rooms secure. This list of recently banned proxies is also queried whenever someone inside your room changes their username. I do that because it doesn't require a timer to be setup and many people use timers for games and Metis only has 1 timer, by attaching this code to a name change it runs every so often but doesn't impact anything.

8. Finally when you do a manual IP lookup using !Proxy <IP> it sends a query to WinMXUnlimited.net which responds like I documented above, telling you if the IP is a proxy or not.

And that is it. Those are all the web queries that the script makes. Sorry if there are any spelling errors I didn't proof read this before submitting.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: silicon_toad2000 on March 26, 2013, 01:58:21 am
item 4, how long is the retention on IP's on the whitelist?

are the ip's on item 5 logged? if so what is the retention ( i think you covered this but i'd rather ask ask again in case it was something else i was thinking of)

item 6 and 7, are these the ip's that are blacklisted, in the first post your script automatically blocks ip's being banned in other rooms. how long are these kept?

ha ha spelling, i think typonese is the default language of winmx.

Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: winmxuser54 on March 26, 2013, 03:09:16 am
I know of many rooms that have been using this script for years without any issues and it does indeed cut down on spam by these idiots abusing public proxy servers. And I appreciate that at least someone is doing something for the users of WinMX to deter these proxy abusers.

What I don't appreciate is the attitude of the majority of users left on the network, and I've seen it time and time again even on the new client thread on this very forum. Everyone wants something now, now, and complain and moan while not ever contributing anything at all. It's like they think they're owed something when they clearly are not. The developers of the new client are dedicating their OWN time for FREE for you. That gives you no right to bitch and complain about how it's taking so long as YOU are contributing nothing.

It seems like a lot of the users left on the network are either stubborn or paranoid like this PlanB character. The only people who tend to use proxies and make such a big deal out of their uses being severed have something severely illegal to hide like child porn or say illegal ddos attacks on say the wpn network? hmmmmmmm

As the WinMX app itself says when you click chat, the rooms are UNMODERATED and it's your own choice to risk what information is being collected, and what subjects of discussion are being discussed in the chat rooms. If you don't like it then simply only join a chat room a known host you trust is running.

Also, as was said above but clearly needs reiteration is the fact that this kind of service is no different than google analytics which in case you didn't notice PlanB, THIS SITE USES. So please take your petty complaints about your oh so beloved abuser used proxy servers being blocked from chat rooms that want them blocked. You're not required to visit them, and I'm sure they wouldn't want such a person filled with such paranoia and mischievous motives in their chat rooms.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: GhostShip on March 26, 2013, 03:54:06 am
I think the point of concern here is that anyone running this tool will be sending the IP's of everyone entering those rooms to the winmxunlimited server even before Pri gets to do anything with the data as he only gets the IP's of those checked that turn out to be proxies.

Winmxunlimited is US based and thus there exists a well known weakness with users privacy.

I am split on this one really as I fully understand the wish of all to enjoy a chat free of harassment and mindless character vomiting from bots but the potential cost of this is to deliver up all the chat user base IP's.

Also there has been voiced some suspicion that this is a solution created to fill an artificial problem, as prior to a few days ago there was no problem with such attacks and now we have a solution seeming to appear overnight almost at the same time as the problems start up.

I think the base of this is simply if you wish to use the software to retain chatroom users and provide a reasonably quiet life free from annoyances then aside from the caveat above (loss of chat room user data) this seems like a fair solution, we all agree I hope that it's short sighted to shoot solutions down without looking at their potential benefits and their costs as a guiding line on making informed choices, that said I suggest this is one we must make individually as no clear line of argument exists to cover this situation and thus having laid out the pros and cons I shall say no more.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 26, 2013, 09:30:38 am
I think the point of concern here is that anyone running this tool will be sending the IP's of everyone entering those rooms to the winmxunlimited server even before Pri gets to do anything with the data as he only gets the IP's of those checked that turn out to be proxies.

Winmxunlimited is US based and thus there exists a well known weakness with users privacy.

I am split on this one really as I fully understand the wish of all to enjoy a chat free of harassment and mindless character vomiting from bots but the potential cost of this is to deliver up all the chat user base IP's.
WinMXUnlimited.net's Anti-Proxy API serves literally a hundred thousand IP Lookups per day. The API is open for anybody to use. The lookups being performed on WinMX IP's sent to the service aren't even 1/1000th of its total daily traffic. What this means is, the IP's for people on WinMX are like finding a needle in a haystack. Put simply there is too much data to even log and there is no logging setup beyond the basic webserver logs which are overwritten every day due to the sheer volume of requests.

Also there has been voiced some suspicion that this is a solution created to fill an artificial problem, as prior to a few days ago there was no problem with such attacks and now we have a solution seeming to appear overnight almost at the same time as the problems start up.

This really surprises me. First of all, I have been authoring the Proxy Blocker software since 2009, it isn't a new solution. And the version I have posted here was authored over one year ago. It too is not new. The only thing new is the newer Blocklists I posted. The Tor and Proxy Server Blocklists are old (Over 2 years old, But at new url's now) but the Bad Servers blocklist is new. The reason I developed that new Blocklist is because the other two Blocklists on their own weren't effective enough.

Now if 3 out of the 4 solutions I posted here are old then why did I even make this thread? Because the spamming on the network started again 2 months ago. It began with my own room being spammed and one of my admins having their life threatened and the life of her grandson. Then it escalated to him spamming 4 other rooms that I know of, then over the past several days he has DDoS'd my home line, my webserver and spammed countless rooms on the network.

Most of his messages are of a threatening nature but sometimes he writes things like "Pri's software has failed you! Come to x room". And in some of the rooms that use my software they were not using it correctly allowing him to get in. For example they were running only the Proxy Blocker but not the Peerblock lists or they were running the Proxy Blocker without the Lockdown feature or they had their Bot not logged in with high enough access level to be able to kick or ban the proxies. As you can see this thread is a guide for using the software properly.

I have not seen anyone voicing their opinion that this solution was created to fill an artificial problem, it was created in 2009 when all the rooms on the network were being systematically spammed and I have updated the software since then each time some nutjob starts spamming again. Even your own site suggested people use it in this guide: http://www.winmxworld.com/tutorials/chatroom_pest_prevention.html
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 26, 2013, 09:37:13 am
item 4, how long is the retention on IP's on the whitelist?

are the ip's on item 5 logged? if so what is the retention ( i think you covered this but i'd rather ask ask again in case it was something else i was thinking of)

item 6 and 7, are these the ip's that are blacklisted, in the first post your script automatically blocks ip's being banned in other rooms. how long are these kept?

ha ha spelling, i think typonese is the default language of winmx.

Item 4: The whitelist is Blank there are no IP's in it nor have there ever been. If I put any IP's in there they would stay there until I removed them. Whitelisting an IP means the Proxy Blocker won't treat that as a Proxy Server.

Item 5: Just basic webserver logging but the IP's are lost within a hundred thousand queries a day. And the IP's are just IP's theres no other information making them useless in a court because it doesn't say anything else about you other than you were checked as a proxy, even the room you entered isn't known to winmxunlimited.

Item 6 & 7. These IP's are ones that are detected as proxies. These IP's are stored for 5 minutes in a temporary cache at winmxunlimited.net which is then wiped afterwards.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: GhostShip on March 26, 2013, 06:55:59 pm
Quote
I have not seen anyone voicing their opinion that this solution was created to fill an artificial problem, it was created in 2009 when all the rooms on the network were being systematically spammed and I have updated the software since then each time some nutjob starts spamming again. Even your own site suggested people use it in this guide: http://www.winmxworld.com/tutorials/chatroom_pest_prevention.html

So what are you suggesting ? That no one has concerns and those that do all que at your door ?
There have been concerns And I did you the decency of voicing them in place of those who voiced them to me.

You know as well as I do that claims are made whatever anyone does on this network and the best policy to deal with such claims is simply to open the doors and show folks there is nothing up the sleeves etc and try your best to answer any queries raised, this you seen to have done and so I urge you to reread my post where I make clear this is something for each room host to make a decision on and not anyone else, not you not me not PlanB.

You have proffered a solution, there is little to be gained from thrusting it too hard upon those who may need a little time to be convinced of its veracity, be patient.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 26, 2013, 06:57:41 pm
Can this thread be deleted please? Thanks.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: GhostShip on March 26, 2013, 07:07:03 pm
I'm not seeing patience here.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 26, 2013, 07:08:46 pm
I'd prefer it was just removed, people know where to get the software if they want it, this thread is unnecessary.

I request it to be erased, thanks.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: GhostShip on March 26, 2013, 07:15:12 pm
I wont be removing it as I want folks to have a chance to protect their rooms, I thought you also wanted that.

I'll ask Silicon to look at this thread and speak to you in PM as I think you are being a bit hotheaded but its not for us to force your post to remain here if thats what you really want.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 26, 2013, 07:18:10 pm
I want people to protect their rooms also it's just this has happened a few times before like when I posted Pulse Protection and IMDB. I just don't wan't to be defending the stuff I make all the time, if people want it they know where to get it the software is pretty well established and many hosts who are tied in to the community know what it is and where to get it.

The main reason I made this thread was for those who maybe didn't know about it but yeah I just don't want to be defending it. The source code is there for all to see, very well commented so there's no confusion. :)
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: GhostShip on March 26, 2013, 07:24:30 pm
I fully understand that Pri, as you point out I was happy to make a whole page based around your last effort to help the users and look forward to doing so again when I have a few minutes to spare from my main work here.

You have set out your stall rather well and delivered on the fine details asked of you by those with concerns so tbh If I where you I would rest on my laurels and let the fruits of your efforts speak for themselves.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 26, 2013, 07:26:43 pm
Also I just want to reply again and explain something else.

This guy the one spamming, I know who he is. He used to be a user of my chat room but he was banned for threatening behavior. I feel somewhat responsible for this rampage he is going on because it started a year ago and he is dragging more and more people in to it. In some of the messages he spams he tells people to come to my room and then I get hosts coming to me and saying hey why are you spamming my room for? And I have to explain to them it isn't me, it is this guy.

He has made threats against my administrators, he has posted their real names and what he thought were their addresses in to his messages, he has threatened their children and their grandchildren's lives he has DDoS'd my home line and my shared hosting account, in-fact on Sunday it was my daughters first birthday and while we are at the Zoo he is DDoSing my website so hard that my hosting company closed my account. It took the rest of the day and lots of phone calls to convince them to turn it back on and then yesterday (Monday) he tried it again and I had to use a DDoS mitigation service just to keep my websites (MXpulse, RenMX.com etc) online.

So I posted these fixes on here the other day, after trialing them against his spam for the last week or so. He turned to the DDoS attacks because these tools I made worked and he couldn't spam our room affectively. I also host the Help 4 Your PC room which is owned and run by Niko, he spams that room too and that too was protected.

When I read here that people said to you that they think it is me behind this spamming I was seriously shocked but really I was angry because all I've tried to do this whole time is stop this one guy. I provided these tools because I know he is now going after other rooms not just mine and I just wanted to help.

It has been a very stressful week.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: GhostShip on March 26, 2013, 07:41:28 pm
I,m 100% sure your work will be appreciated, and I agree its nearly always the case that those who know how to deal with the attackers feel a moral duty to do so and are often the first to jump in and try to put a stop to such mindless activity, no one can fault you for anything you have done so far and I offer my thanks for taking the time to explain much of the key reasonings behind the creation of this solution, the logic of it is clear and acceptable to me at least.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 26, 2013, 07:52:52 pm
Thank you for your kind words it means a lot to me that you think that way. I hope people will find it useful if they need it too.

You know making these solutions has painted a big target on my back, even going back to 2009 when I first released it I have been under constant attack by spammers and people who want to make a name for themselves by coming in to my room and defeating the solution I provide. It is amazing how much of a life some of these people lack to be able to just sit around for hours coming up with these automated spamming programs for entertainment.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: reef on March 26, 2013, 08:43:51 pm
I also think it's commendable that you take the time and effort to provide an option that can help alleviate these annoying spammers who
try to ruin everyones chat experiences and fun with friends.I fully understand that your API's are needed for greater efficiency and to make things run smoother , i ran the proxy script for quite a long time, from it's early days up until a year ago or maybe slightly longer. Anyways i can understand peoples concerns about the possible invasion of privacy, but since (with the proxy script) it's not the users real details i don't see it being that big of an issue myself, and i give you credit Pri for caring enough and continuing to provide scripts, when it sometimes seems it's not worth the hassle due to somebody always having a gripe about something. That's the main reason why i gave up posting scripts, i'm not saying i was that great at it but i sure did get tired of all the BS that goes along with it. So keep up the good work it's appreciated by a lot of hosts and winmxer's out there. Currently i personally don't use any of your scripts, but it's nice to know they're out there if needed, and i admire your coding, i even borrow bits and pieces of it sometimes lol :) Hmm actually i lie now that i think of it, i do use your wiki script lol. Thanks and again keep up the good work.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 26, 2013, 09:11:49 pm
Thank you reef :)

And I think it is great that you make use of the stuff I release, makes all those comments I put in there worthwhile atleast  :lol:
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: White Stripes on March 26, 2013, 11:46:11 pm
your peerblock lists will not download (as of this post) ... server timeout error...
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 26, 2013, 11:51:17 pm
I just tested all three of them after reading your post and they are working for me. However if you're using a Proxy Server, Bad Server/Vulnerable Server, Exploited Server or a server in Russia, South Korea, India or China then the requests will get denied and you won't be able to download them.

Are you able to load this: http://metis.mxpulse.com/script.compatibility.ini

It is hosted on the same server, if that works it must be something else.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: White Stripes on March 27, 2013, 12:11:10 am
that url loads but http://blocklists.mxpulse.com/pri.bad.server.blocklist.php does not
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 27, 2013, 12:13:16 am
If you're loading that in your browser it may not work as it's very large. Several megabytes, the PHP will time out in 30 seconds if you've not got it by then. I recommend only loading that list in Peerblock as it can very quickly download it but viewing it inside your browser will take a very long time. I myself am not even able to load that list in my browser without the tab crashing/locking up.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: White Stripes on March 27, 2013, 12:16:30 am
well... answers that question.. heh
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 30, 2013, 11:22:15 pm
Everyone this is an alert. Please stop using the Bad Server Blocklist immediately. The spammer has managed to get my own IP Address, the WinMX Peer Cache IP's and many other IP's in to that list by submitting fraudulent server reports to StopForumSpam.com - What htis means is by using this list your WinMX client will not connect nor will you be able to update the list itself.

I'm very sorry for this as I did not see this eventuation. I have already disabled the list on my side and I am acting immediately to change the IP of where the list resides to make sure that your Peerblocks will update to a new (and blank) list. I am going to stop offering the Bad Server Blocklist due to this way it has been exploited.

Again my apologies.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 30, 2013, 11:54:42 pm
Just to update this it actually appears that he added every room that is being hosted to StopForumSpam by making fraudulent queries claiming all the IP's were sending spam. This is incredibly frustrating for all concerned. This is in addition to him also adding all the WinMX Peer Caches, my own update servers and other things.

I am completely stopping use of any API IP harvesters that I don't personally control as of my last post because I just cannot be assured the one spamming and attacking isn't meddling with the data.

I have already changed the IP of the update server for the Bad Server Blocklist so that Peerblock will at least update to a blank list which doesn't contain anyones IP's - It may take up to 48 hours before your Peerblock gets that update, I would advise you to just remove the Bad Server Blocklist from your Peerblock right now if you're reading this message instead of waiting as that blocklist itself will no longer be used from now on.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: silicon_toad2000 on March 31, 2013, 12:37:54 am
could the automated lists still be used as they were in conjunction with a whitelist?

would it be difficult to automate a conversion for the room hashes from winmxunlimited to IP's for a whiltelist with the caches manually added?
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on March 31, 2013, 12:40:08 am
The Proxy Blocker List and the Tor Exit Node list are safe to keep using. This is only for the Bad Server Blocklist where the source data was being provided by a source that has no way to verify their entries.

I check the Proxy Blocker IP's to make sure they are actually working proxies and the Tor Exit Nodes come straight from Tor so they actually have to be active inside their network which he can't spoof.

I have already changed the IP of the Bad Server Blocklist and once peoples DNS update they will receive a new (and blank) update from me to undo the incorrect blocks he has been able to insert in to that blocklist.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: silicon_toad2000 on March 31, 2013, 12:40:59 am
cool thanks for the clarification
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on April 01, 2013, 08:42:24 pm
I have a brand new version of the Proxy Blocker that I hope to release later this week. It is finished and I have a few people testing it in their rooms but if you would like to be involved in the beta and speed up its release you are more than welcome to PM me and I will send you a copy of the new version. Right now it has no bugs but that is why we are testing it.

I don't want to describe what the new feature is right now but it is brand new and very unique, something people have never tried before and it tightly integrates with the server you are using to tackle Proxy Servers before they enter your room. To use this new feature and be a part of the Beta you must be using either WCS or RSWCS. People using FXServe, Ouka or eServe need not apply as this feature does not work on those servers.

For anyone else wondering, the new Proxy Blocker will still work on all those servers I just listed but this new feature within the Proxy Blocker will not.

Thanks for reading :)
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on April 06, 2013, 03:49:16 pm
A new version of the Proxy Blocker has been posted: http://www.mxpulse.com/board/viewtopic.php?f=9&t=194

The feature I discussed in the post above this one in vague detail has not been included in this version of Proxy Blocker because it is simply too complicated for room owners to use effectively and it wasn't that great at stopping the spam anyway.

This new version posted today allows you to specify a password inside a text file (C:\Pri.Script.Dependencies\Proxy.Blocker\.forcelogin.password.ini) and once a user enters and is verified as not using a proxy they will be logged in with the password in that file. This uses the /forcelogin command which means it supports FXServe, WCS and RSWCS.

This version of the Proxy Blocker also supports Automatic Self Updating meaning the script is able to download future updates to itself automatically without the host of the room needing to go to the website and downloading the file and yadda yadda you get the gist. This feature is an optional extra and to use it you need to install wget but the website has instructions on how to do that and a nice download link. If you choose not to install wget you will continue to receive the normal update notifications like you have always done in the past.

Thanks.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on April 17, 2014, 08:51:59 am
A new version of the proxy blocker v1.6.1 was released today. It uses a completely rewritten API (Proxy API v2). It no longer uses winmxunlimited.net for any of its functions, everything including the pre-emptive ban system and proxy checking has been moved to MXPulse. This is due to Josh working on other projects that he is more excited about, I'm still excited about security so I have taken over the proxy blocking API development.  :nerd:

The new API as of this message has over 200,000 Proxy servers on record just from what it scanned in the past 24 hours. It's the fastest API written so far for this usage and can support searching through millions of IP Addresses for detection.

But most importantly this version of the Proxy Blocker client is 2x faster at querying the API. The analytics discussed in the earlier part of this thread have also been adjusted positively for users.

In the old version if a proxy server was detected entering a channel the client would send a second query to an analytical API detailing the room name, IP Address and Username of the proxy user who entered. The new version doesn't perform this second query and instead tacks on the channel name on its original IP Check query. I no longer receive the usernames of people at any point even if they are using a Proxy Server to enter your channel, I only get their IP.

I found that collecting the usernames of proxies that entered your room didn't really help that much in finding where proxies came from. The only thing it provided me was insight as to why certain rooms were being attacked but that is outside of the scope of why I wanted the data, to find the websites where users gained proxies. So in the new version I removed the name sending completely.

The new version can be downloaded here: http://www.mxpulse.com/board/viewtopic.php?f=9&t=194

It does include some other new features such as a verbose mode, signed API responses for security and a key system which I may use in the future to give WinMX users precedent when accessing the API over other types of API queries. But really the main feature here is speed, the 2x faster querying has meant that in my testing it can kick and ban a proxy entering your room in under 250ms, of course your mileage may vary and the closer you are to the API (Hosted in UK) the faster it will boot proxies out.

I wanted to make this update here just so people know I am still working on it, this and all my other software is still being updated as are their associated web services :)
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: GhostShip on April 17, 2014, 08:26:39 pm
Welcome news for many I'm sure  :yes:

Excellent news Pri, its good to know that our community is being taken care of still on many fronts  :-D
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on April 19, 2014, 12:34:22 pm
:)

I just wanted to make a quick note. In really poor timing my internet died mid-day on Thursday and was repaired by an engineer today. So anyone who was using the Proxy Blocker and wondering why this new version wasn't working, it was due to the online API being inaccessible. This is I believe the 2nd longest downtime for my internet connection since I've ever had it. I do host the API currently from my home server but I have over 150Mb/s of internet at home, more than adequate for hosting this service.

I had the opportunity to have the line repaired yesterday (Friday) which would have meant only about 24 hours of downtime instead of 48, but I had a prior engagement that I couldn't reschedule so I had to have the engineer come today instead.

I apologize for the inconvenience, I did put up a notice on our websites home page and in the forums but I'm sure some people didn't see those or make the connection between those messages and the Proxy Blocker not functioning.

The good news is everything is now working properly and with the internet faster than ever (182Mb/s now) I'm sure everything will be just fine from here on out. Thank you for your patience :)
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: silicon_toad2000 on April 19, 2014, 01:20:55 pm
Nice work Pri
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on August 30, 2014, 12:59:56 pm
Version 3 of the Proxy API went live yesterday. This one adds features including a low-level caching system for recent detections to speed up querying and a new level based detection system.

LVL0 = Cache of the last 5 Minutes of positive hits (Usually <100 Entries)
LVL1 = TOR Check (2.5K Entries as of this post)
LVL2 = SOCKS4/5/Web Check (112K Entries as of this post)
LVL3 = Compromised Servers (128K Entries as of this post)
LVL4 = Direct connection is established to the IP and common proxy ports are tested for an active proxy server

With the new LVL4 added it is now able to physically test if a proxy is active on the IP being queried without needing to have prior knowledge of it. It literally connects to the IP Address like a proxy user would and tests if it can retrieve access to the internet through it.

The way the levels are staggered is for performance with the fastest checks being performed first and the slowest checks last. Obviously the LVL4 check takes the longest to perform as it must check many different port numbers and free and open proxy servers often have high latency which slows the check down.

If you're using Proxy Blocker v1.6.1 or 1.6.2 (They are the previous and current releases) you will automatically be using the v3 API by the time this post is made as these clients automatically download the API querying URL from my servers. If you have any issues running this software, would like a feature added or a bug fixed don't hesitate to contact me either through this forum, my own forum or my chat room on WinMX.
Title: Re: Tools & Information for room hosts to hinder chat spam & proxy users
Post by: Pri on January 09, 2016, 02:31:29 pm
The Proxy Blocker API was updated about a week ago. It now detects VPN's VPS's and Dedicated Servers. Since no one is actually sitting or living in a data centre these are considered proxies if you're using them on WinMX.

It has been a long time coming to add this feature. Now of course I'm aware many rooms on WinMX use dedicated servers for various reasons and many users choose to use VPN's for privacy. I'm not dictating you to stop using these to access rooms that use Proxy Blocker. Please simply PM me your static IP from your VPN, VPS or Dedi and I will whitelist it immediately in the API which will within a few minutes unblock your IP. I've already whitelisted many servers on request, it is no trouble at all to do it for you.

Alternatively if you only want to be unblocked in your own room and not winmx wide you can use the in-room !proxypardon <ip> command which will allow you access to your own room when using your VPN, VPS or Dedicated Server.