The aim of this thread is to share with you tools and information to enable you to easily stop people who spam your chat room using vulnerable or hacked servers which have been turned in to proxy servers.
This has always been a problem on WinMX since the creation of the network but in the last few years (Since around 2008 to present) the problem has become more annoying as someone has written a "very good" spammer program that is multi-threaded and able to spam a room with hundreds of proxies simultaneously. This has made previously developed tools like my own Proxy Blocker less effective.
In 2009 I released the first version of my Proxy Blocker and it has been continually updated since then, it does still work but you need to make sure you have it configured correctly so it can protect your room properly. I'm going to detail how to do that in in a second. The other thing you should do is use Peerblock with an Anti-Proxy list. I have developed three such lists and I'll show you how to use those too.
So first of all lets just explain what a proxy is and how the attacker uses them. A proxy server is a computer on the internet that acts as an intermediary between two other computers. So when an attacker wants to get in your room without you knowing who they are they simply forward their clients traffic through one of these servers and then your Chat Room Software is unable to see the persons true IP Address and instead sees the Proxy Servers.
There are literally thousands of "open" proxy servers setup all around the internet. Most of these are setup by criminals. They hack in to someone else's server and install the proxy software without the owner knowing. Then they will use these proxy servers to send spam emails, click on advertisements on the websites they own (this is known as click fraud) and once they've used the proxy for all their own activities they will sell the information to access this server online. That's the last stage of the attacker using the server for their own financial gain.
Now once they sell the servers information it will become known to the public and this is where the bottom feeders come in. People like the ones spamming our rooms. They scour these proxy websites and collect all the IP's posted (Many of these sites post 1,000 to 3,500 new proxies per day) and then he loads them in to whatever program he has to spam with and their attack begins.
So that is what a proxy is and how they originate and who uses them. What about blocking? Well as I said before there is my Proxy Blocking software you can run.
To use it you need two things, the first is a compatible Chat Server such as WCS, ZCS, RSWCS, or FXServer. If you're not using one of these I highly recommend you switch to one of them. Personally I recommend WCS but I understand not everyone is at the same level when it comes to editing configs. Out of all those servers, WCS, FXServe and RSWCS will work with every feature that the Proxy Blocker supports.
The second thing you will need is a version of the Metis chat bot that supports web lookups. The proxy blocker is designed to work with Metis v2.82 or higher, using a lower version it will not run. To get a copy of this Metis or an entire installer that is much easier to use you can download those here: http://www.mxpulse.com/board/viewtopic.php?f=9&t=405
These Metis versions are made by myself but the source code is available and they are fully compatible with all the scripts you already use.
Now that you have both of those things you just need to install the Proxy Blocker in Metis. You can download the latest version of the Proxy Blocker at his page here: http://www.mxpulse.com/board/viewtopic.php?f=9&t=194
So lets just detail what the Proxy Blocker does.
1. It will kick out Proxy servers when they enter your room.
2. It will automatically download and ban the IP's of proxy servers that are currently (within the past 5 minutes) being banned in other rooms.
3. It will "Lock" your room for up to 60 minutes in the event a large scale Proxy spam attack begins on your room.
Now the first feature is self explanatory but I just want to go over the other two.
The 2nd feature will pre-ban, that is ban IP's before they enter your room if the Proxy Blocker detects that those IP's are being used in other rooms. What this means is, if a large scale multi-room spam attack is happening the amount of IP's that the spammer can use diminishes extremely quickly as all the rooms together become "detectors" sharing their information through our Proxy Blocker communication server. This is done in a secure way with our server verifying that all bans placed by the Proxy Blocker clients are actually real proxies. The API always treats the client software as hostile and verifies all information itself.
The 3rd feature, the locking system. The way this works is if three proxies enter your room within 60 seconds the bot executes the command /limit 5. This makes it so no one can enter your room (If you already have over 5 users inside which is assumed). The proxies will keep attempting to get in but will all be blocked. This has a bad side effect that nobody even legitimate users will be able to gain entrance but that is why this is a last ditch effort to stop spam and it automatically turns itself off after 60 minutes.
Due to that 3rd feature having a negative side effect it is off by default and you have to turn that feature on manually by typing !lockdown on
just to be clear, typing this doesn't lock your room that second, it simply gives the software the permission to lock and unlock your room when an attack starts. So you only need to type this command once and it will "just work".
If the event your room locks but you know the attack has ceased and you want to override the feature and open your room again simply type /reload in your chat from your normal client you talk with (not from the bots window) and it will override the /limit set by the script.
Something to keep in mind, for this feature to work your Bot needs high level access in your room, otherwise it will issue the command and nothing will happen. You also need to make sure your Bot has a high enough access to use /kick, /ban and view the IP Addresses of users who enter. Without these things the bot won't be able to protect your room from proxies.
So that's the bot and Proxy Blocker. The last part is a prophylactic measure, Peerblock Anti-Proxy lists.
Now Peerblock is a piece of software you can run on Windows which acts like a Firewall except instead of blocking Port Numbers it blocks IP Addresses. It is completely safe to use Peerblock with your own Firewall software it will not interfere at all and Peerblock is not a replacement for a Firewall you already use as again it blocks IP's and not Ports.
You can download the latest version of Peerblock from their website here: http://peerblock.googlecode.com/files/PeerBlock-Setup_v1.1_r518.exe
It supports Windows 2000, XP, Vista, and 7. I don't know if it works on Windows 8, if you use Windows 8 and tried it please reply and let us know if it works or not.
When you first run Peerblock it will have a few lists already in it that you can tick or untick. I recommend you not to use these lists as they are grossly inaccurate but that is just my advice and you're free to ignore it.
Once you have Peerblock installed you will open the program and select "List Manager" in the top left. Then in the bottom right select "Add". This is where you will add the lists. Here is the information for the three lists I produce. (I suggest you don't view these lists in your browser as the lists are enormous and may lockup your browser).Block Proxies: http://blocklists.mxpulse.com/pri.proxy.blocklist.php (Updates every 4 hours)Block Bad Servers:
link removed by request (Updates every 24 hours)Block Tor Exit Nodes: http://blocklists.mxpulse.com/pri.tor.exitnode.blocklist.php (Updates every 4 hours)
This is what the menu should look like when you're filling each list in (You need to do this for each list separately)
Now to just quickly go over each list and what it blocks. The first list simply blocks Proxy Servers (HTTP, HA1, HA2, SOCKS4, SOCKS5 etc) that are found on Proxy Server listing sites. My software "scrapes" the content of these sites, verifies the Proxy Servers work then compiles this list once every 4 hours. These lists cannot be used by Proxy seekers as the Port Numbers are all removed.
The 2nd list blocks "Bad Servers" basically servers that send spam emails, spam forums, spam comment fields on blogs, spam guest books and have also been known to operate as proxy servers. Bad Servers are mainly hacked servers and the owner isn't even aware of what is happening.
The 3rd and last list is the Tor Exit Node list. Tor stands for "The Onion Router" And it is a proxy service originally funded in part by the U.S. Naval Research Laboratory. It was designed as a way for dissidents, freedom fighters and agents in foreign countries to be able to organise and disseminate information without being blocked or snooped on by their countries government. It is very easy to use which is why it has previously been a staple of the spammers arsenal on WinMX. They very seldom use Tor now because my software blocks it so completely but we have to keep blocking it because as soon as we don't they will go back to using it again due to its high reliability.
So once you have added these three lists to your Peerblock it will download the lists from my server and it will automatically update them once every day. Make sure however you tell Peerblock to update once a day in its settings, by default it only updates once every two days which is too long.
And with all of this your room should now be protected. The peerblock lists will bring down the volume of the attack immensely taking out 99.9% of it. The room bot will then handle the rest. If you need any help with any of these feel free to reply here or to PM me, I am more than happy to come to your room and talk you through setting any of this up.