• Home
  • About
  • Piqq.us Invite Feed
  • RSS CULT
  • The Lost Art of Proxy Scanning

    Ok, so first off apologies to everyone trying to get ahold of me. I was quite sick for a few days, and lost power and internet for several days almost immediately after. And I’m going to the northern Michigan boonies this weekend(Tawas/Oscoda area), so I may not be around. But starting next week I will be, barring some other random catastrophe. Now, to get back on topic.
    I’ve yet to meet an active blackhat that had no use for proxies(unless they control a massive amount of IPs). And since I’ve not had time to check rankings and whatnot on my test sites, I otherwise wouldn’t have much for you guys. So today? We learn the ins and outs of scanning for proxies. Truly a lost art. Use these legally, because many keep logs or are honeypots. And before people ask, these will NOT connect to send email(for the most part) and I will not help with that, so yeah.

    Disclaimer: This pisses off a lot of ISPs. Make sure you’re not on one that cares, and don’t ever run this on a critical server in case it locks up. I’m well aware this is not an SEO article, but thought it could be useful. And while the information is legal to give out, and there are legal uses for this, there is also illegal things people can do with proxies. So know your laws.

    Introduction
    I know you advanced guys are cringing right now. But bear with me. Ok. So true (non cgi/php) proxies come in a few varieties. HTTP(connect to port 80), HTTPS(connect to ports 80,443,sometimes others) and SOCKS4/SOCKS5(can connect to any port, but have unique rules).

    What are These For?
    Hiding your arse. Anonymous/Elite proxies do not pass your IP to the sites you visit. So if you wanted to go to say, Google, but didn’t want Google to know you visited, you would connect to one of these, they would connect to Google, and then send you the resulting page. So they end up being used for everything from Scraping google listings to competitive analysis to (yes, it’s true) comment spam.

    Proxy Scanning – The Lost Art
    For those of you who don’t know, proxy scanning is pretty much having software connect to every IP in a range on a given port to test them to see if they have SQUID or another proxy installed.

    1. Servers – Make sure your server host isn’t going to flip out about port scanning. Also make sure your testing software doesn’t try and connect to port 25, or else you’ll be branded as an email spammer which your host will not like.
    2. IP Ranges – You’re not just leeching. You’re scanning. Which means you need to decide on some IP ranges. Many IP ranges are dead in the water, and have nothing on them. Weed these out as time goes on. But keep in mind your proxy scanner should be running at minimum 500 threads/sockets at a time or you’re just going to burn a lot of time.
      Anywho, to find IP ranges that are not dead, visit http://www.spamcop.net/w3m?action=map (not loading great on FF right now). It’s a map of e-mail spammers activity by IP range. But it’s also a great list of ISPs that have dirty netspaces. And hence more proxies to use.
      To get you started, 200.0.0.0-201.255.255.255 has historically been good.
      60-69.255.255.255 is largely US proxies, and active.
      80.0.0.0-85.255.255.255 is a moderately active range, and can optionally extend to 89.255.255.255
      Really, almost any ips between 200.0.0.0-216.255.255.255 are at least decent. The DoD owns a few blocks there (a 20X.0.0.0 block I think) though, so make sure to avoid such nastiness.
    3. Ports
      When selecting ports to scan for proxies on, it’s a question of quality to quantity. 8080 for example, is really common. So a lot of people scan there and the proxies are lower quality. 6588 meanwhile is less common and generally faster. Other ports to take a look at are 80 and 3128. SOCKS proxies have entirely different ports they run on, but I’m not really going to talk about that.
      Anyways, some ports are common in certain IP ranges but simply do not exist on other(active) IP ranges. Odd, yeah.
      Scanning port 80 will give more complaints than scanning any other, and also tends to slow down scanning software due to the volume of hits.
    4. How Fast Should I be Scanning?
      • However fast you can. ProxyHunter is an old one that can run from 500-2000 sockets at a time, but it slows down and requires a 2 second connect timeout, with a 30 second data transfer timeout. Be aware of the limitations of your software. Sometimes it will pretend to be functional, but in reality is going so fast no connects are going through.
      • When I’m giving these numbers, I’m talking about my experience running off of pretty high powered servers back in the day. Do not even attempt these numbers off a cable/DSL line.
      • If you’re running a windows server, at 3700 sockets or so chances are it will throttle your connects and either lock up or not allow you any new connections. If this happens, look at changing a few of the lines in SYSTEM\CurrentControlSet\Services\Tcpip\Parameters in the Windows Registry. Certain things (like Max user ports) can help to make windows stop throttling your connection. I’ve seen servers scan at 16.5k concurrent sockets with a 1 second timeout without locking up. So if you’ve got the bandwidth and high quality software, go for it.

    -XMCP
    Soon as I’m caught up on work I missed while I was out, I’ll get a real SEO article out here. Thanks for the patience all.

    9 Responses to “The Lost Art of Proxy Scanning”

    1. cd says:

      If you want a list of proxies that not everyone in the world has you can use nmap with the following string:

      nmap -n -p81,553,554,1026,1263,1499,2301,3124,3127,3128,3382,4480,4816,6588,7212,8000,8080,8888,9597,9999,11833,20367,21624,25021,29122,33718,49400,49401,50050 -T5 --host-timeout 5000 -iR 10000 -PI -v -v --open -oG proxies1.txt

      It’s then easy to pipe the results through a script that checks the proxy info: socks, http, elite, etc.

    2. underworld says:

      Nice post – especially useful if your needing to check a lot of stuff with the goog very quickly ;)

    3. SEO underWorld » Blog Archive » IP’s - Need a bit of anonymity? Get anonymous with your router says:

      [...] on the internet that anonymity is an essential requirement. I have just been reading shady’s

    4. Freddy says:

      WTF RU Talking about?#$#%^?

      (:o)

    5. Gab Goldenberg says:

      you realize you’re running pSA ads by G?

      More on topic, this was cool. Any footprints for searching for these quality proxies?

    6. Should I put my URL Here? says:

      Thanks for the tip. I haven’t focused much on using proxy IP’s, as I hadn’t had explored creating multiple accounts (legit – seriously, I’m just helping a client optimize their social media accounts…)

      I’ve used mutliple real computers, and managed them with gotomypc to hide IP addresses, but I haven’t gone to proxy IP’s. So I’ve got a lot to learn.

      Keep up the good work – and if you have a couple more tips…:)

    7. Gab Goldenberg says:

      When the hell you gonna get power dude? Hit me up!

    8. Child Behaviour Problems says:

      hi,its a nice post and also very helpful .The definition about proxy scanning is really nice and described thoroughly so one can understand it easily.

    9. Proxy says:

      Your post is quite interesting and useful. I have bookmarked it for later use to see what other great articles you post!

    Leave a Reply

    XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

    Marketing & SEO Blogs - Blog Top Sites
    SEO,