One of the major problems with using proxies for legitimate online activities is that they are also heavily used by people like online fraudsters, hackers and spammers. In fact, arguably these groups know more about using Tor nodes, VPNs and proxy services than anyone else.
They want to hide their IP addresses and location to commit crimes, whereas online businesses use proxies to do research, place adverts and promote their websites. The problem is that it can be difficult to distinguish between and online fraudster and an online marketing company conducting research. Obviously you can hardly blame and e-commerce site for trying to block online fraudsters, so how can you avoid being tarred with the same brush?
How Does Proxy Detection Work ?
There are a variety of methods used but as it can be quite specialised and resource intensive, most larger companies will outsource this sort of work. The goal is to identify any online fraudster who is trying to mask their IP address through some sort of connection redirection technique. The logic used that anyone who is using such technology is much more likely to be creating fake accounts, using stolen credit cards or other fraudulent behaviour.
If a proxy is detected, the IP address can then be labelled as ‘malicious’ and blocked from purchasing or posting on the site. Generally it’s difficult to differentiate between these ‘spoofing attempts’ so an anonymous proxy or Tor node if detected will likely be treated in the same way as an expensive (and legitimate’ expensive VPN used for security reasons. All of these connections will be considered potentially dangerous and will have difficulty using the site properly.
Most of the proxy detection techniques will happen in real time when a user connect to the site. Most of the commercial ‘proxy detection’ services offer an API which can be used to lookup inbound connections. They will conduct an analysis of any IP address using forensic techniques to help identify the use of a proxy or VPN. Once an IP address has been identified and labelled as a potential threat then it becomes virtually impossible to use that address on that website.
So What Do Proxy Detection Services Look For?
At the core of all of these services is the IP address itself. This is the single most important factor and is why the effectiveness of a proxy online is tied to the quality of it’s IP address range. You could have the most sophisticated, anonymous proxy server in existence but if it’s assigned with a blacklisted IP address used by ‘Nigerian scammers’ then it’s completely worthless.
Basically it’s primarily the difference between any proxy service – the quality of the IP addresses. Cheaper or free proxies will have IP addresses that are generally blocked or blacklisted, there’s little point using them. Indeed if you use them to manage social media accounts, there’s a risk your accounts will get deleted too.
It’s not just the history of the addresses which are important – other factors include location and classification. If an IP address originates from an unexpected or unusual location then this is also used as a high indicator of a spoofed connection. The classification refers to where the IP address is originally registered – the most important differential is residential, datacentre or mobile.
Other important aspects include looking at the user agent (from the browser), language and various other pieces of meta data passed through the connection. These can all be spoofed and modified though through software or even on the proxy itself.
IP Address Classification is Important
If the hardware and proxy software is configured securely and there is sufficient fast throughput available then it really is all about the IP addresses. The classification isn’t everything but depending on the platform you’re trying to access – it’s definitely the single most important factor. There are a wide variety of different classification, however the main ones are in the following list –
- Datacenter/Commercial – the cheapest and most available IP addresses are registered and deployed mainly in commercial datacentres. If it’s not specified the address range probably is assigned here. There’s nothing wrong with these addresses technically but they are much more likely to be assigned to proxies and VPNs than ordinary users, hence are much more likely to be flagged as ‘suspicious’.
- Residential – mainly assigned to ISP (Internet Service providers) – more trusted than datacentre IPs as they’re indicative of home users.
- Mobile – address ranges assigned for use with mobile devices, hard to obtain for proxies but very trusted also.
It’s difficult to list a comprehensive list as obviously the proxy detection system vary from different providers and are obviously kept a secret. There’s little doubt that the IP addresses are the fundamental metric that all systems check, which is why if you’re serious about anonymity and online activities then a residential or mobile address range is becoming more and more important. Unfortunately that’s not all, simply because of the amount of monitoring that is done in some of the detection systems.
How the proxy companies operate and function is critical too, especially in how they use their address ranges. Although a residential IP address may add some protection, if twenty other people are using that same address to spam social media accounts then it’s completely irrelevant. In essence, the secret is to find a professional proxy service which is careful in how it assigns addresses. What often happens is that proxy companies lower their prices to attract new customers and then overuse their IP addresses. The ideal of course, is to use dedicated and reserved residential IP addresses however this can be extremely expensive. The more sophisticated providers have introduced special backconnect proxies which rotate the IP address ranges automatically, so it’s worth keeping an eye out on these.
If you’re focused on a specific platform then it’s worth checking out providers who offer dedicated services for that platform. These can work well if you’re not worried about using proxies for a variety of tasks. So for example, a marketing firm who wanted to manage their customers social media accounts may use a combination of Facebook, Twitter and Instagram proxies depending on which platform they were managing. Some of the better automated software like Jarvee will allow you to specify which proxies to use for which task too.