Last Updated on August 13, 2024 by theadmin

Proxy Detection Service Information

One of the major problems with using proxies for legitimate online activities is that they are also heavily used by people like online fraudsters, hackers and spammers.    In fact, arguably these groups know more about using Tor nodes, VPNs and proxy services than anyone else.

They want to hide their IP addresses and location to commit crimes, whereas online businesses use proxies to do research, place adverts and promote their websites.   The problem is that it can be difficult to distinguish between and online fraudster and an online marketing company conducting research.  Obviously you can hardly blame and e-commerce site for trying to block online fraudsters, so how can you avoid being tarred with the same brush?

How Does Proxy Detection Work ?

There are a variety of methods used but as it can be quite specialised and resource intensive, most larger companies will outsource this sort of work.  The  goal is to identify any online fraudster who is trying to mask their IP address through some sort of connection redirection technique.   The logic used that anyone who is using such technology is much more likely to be creating fake accounts, using stolen credit cards or other fraudulent behaviour.

If a proxy is detected, the IP address can then be labelled as ‘malicious’ and blocked from purchasing or posting on the site.     Generally it’s difficult to differentiate between these ‘spoofing attempts’ so an anonymous proxy or Tor node if detected will likely be treated in the same way as an expensive (and legitimate’ expensive VPN used for security reasons.   All of these connections will be considered potentially dangerous and will have difficulty using the site properly.

Most of the proxy detection techniques will happen in real time when a user connect to the site.  Most of the commercial ‘proxy detection’ services offer an API which can be used to lookup inbound connections.   They will conduct an analysis of any IP address using forensic techniques to help identify the use of a proxy or VPN.   Once an IP address has been identified and labelled as a potential threat then it becomes virtually impossible to use that address on that website.

So What Do Proxy Detection Services Look For?

At the core of all of these services is the IP address itself.  This is the single most important factor and is why the effectiveness of a proxy online is tied to the quality of it’s IP address range.   You could have the most sophisticated, anonymous proxy server in existence but if it’s assigned with a blacklisted IP address used by ‘Nigerian scammers’ then it’s completely worthless.

Basically it’s primarily the difference between any proxy service – the quality of the IP addresses.   Cheaper or free proxies will have IP addresses that are generally blocked or blacklisted, there’s little point using them.   Indeed if you use them to manage social media accounts, there’s a risk your accounts will get deleted too.

It’s not just the history of the addresses which are important – other factors include location and classification.   If an IP address originates from an unexpected or unusual location then this is also used as a high indicator of a spoofed connection.  The classification refers to where the IP address is originally registered – the most important differential is residential, datacentre or mobile.

Other important aspects include looking at the user agent (from the browser), language and various other pieces of meta data passed through the connection.  These can all be spoofed and modified though through software or even on the proxy itself.

IP Address Classification is Important

If the hardware and proxy software is configured securely and there is sufficient fast throughput available then it really is all about the IP addresses.  The classification isn’t everything but depending on the platform you’re trying to access – it’s definitely the single most important factor.  There are a wide variety of different classification, however the main ones are in the following list –

• Datacenter/Commercial – the cheapest and most available IP addresses are registered and deployed mainly in commercial datacentres. If it’s not specified the address range probably is assigned here.    There’s nothing wrong with these addresses technically but they are much more likely to be assigned to proxies and VPNs than ordinary users, hence are much more likely to be flagged as ‘suspicious’.
• Residential – mainly assigned to ISP (Internet Service providers) – more trusted than datacentre IPs as  they’re indicative of home users.
• Mobile  – address ranges assigned for use with mobile devices, hard to obtain for proxies but very trusted also.

Obfuscated Proxies

Obfuscated proxies are tools used to mask VPN traffic, making it difficult for network administrators, ISPs, or governments to detect and block. These proxies can disguise VPN traffic by transforming it to appear as regular internet traffic, thereby avoiding detection through deep packet inspection (DPI) methods.

Traffic Transformation: Obfsproxy can modify VPN traffic to make it look like any protocol, such as HTTP, SSL, or other ordinary internet protocols. This is achieved by encrypting VPN traffic with additional wrappers, making it harder to classify as VPN traffic.

Methods: There are several methods used by obfsproxy to obfuscate traffic, including:

• obfs2: Adds a wrapper to the traffic to make it appear as regular internet protocol.
• obfs3: Similar to obfs2, but with enhanced obfuscation.
• obfs4: A more advanced method of obfuscation that employs dynamic detection and response to blockages.
• Scramblesuit: This method uses a password to encrypt the VPN traffic before sending it through the obfuscated channel.

Implementation

To set up an obfuscated server, the following steps can be taken:

1. Install Obfsproxy: The obfsproxy software is used to install the obfuscation methods. This can be installed from the Ubuntu repository using `sudo apt-get install -y obfsproxy`.
2. Create Service Configuration A service configuration file needs to be created and edited to include the obfuscation settings and the password generated for scramblesuit. This file is used to start and manage the obfsproxy service.

Use Cases

Obfuscated proxies are particularly useful in environments where VPN usage is restricted or monitored, such as:

• Censored Networks: Countries or institutions with strict internet regulations, where VPNs are blocked to control user access.
• Public Hotspots: Public networks like cafes or schools that may restrict VPN traffic to maintain network control.
• Firewalled Networks: Networks with firewalls that block VPN traffic by detecting its digital signature.

Hiding Proxy Tools

Other VPN services and tools offer obfuscated servers, such as NordVPN and Surfshark. These services provide modified versions of the OpenVPN protocol to achieve better obfuscation. Additional tools, like TOR, can also be used to create more secure and anonymous connections.

Additional – Proxy Detection

It’s difficult to list a comprehensive list as obviously the proxy detection system vary from different providers and are obviously kept a secret.  There’s little doubt that the IP addresses are the fundamental metric that all systems check, which is why if you’re serious about anonymity and online activities then a residential or mobile address range is becoming more and more important.    Unfortunately that’s not all, simply because of the amount of monitoring that is done in some of the detection systems.

How the proxy companies operate and function is critical too, especially in how they use their address ranges.  Although a residential IP address may add some protection, if twenty other people are using that same address to spam social media accounts then it’s completely irrelevant.  In essence, the secret is to find a professional proxy service which is careful in how it assigns addresses.  What often happens is that proxy companies lower their prices to attract new customers and then overuse their IP addresses.  The ideal of course, is to use dedicated and reserved residential IP addresses however this can be extremely expensive.   The more sophisticated providers have introduced special backconnect proxies which rotate the IP address ranges automatically, so it’s worth keeping an eye out on these.

If you’re focused on a specific platform then it’s worth checking out providers who offer dedicated services for that platform.  These can work well if you’re not worried about using proxies for a variety of tasks.  So for example, a marketing firm who wanted to manage their customers social media accounts may use a combination of Facebook, Twitter and Instagram proxies depending on which platform they were managing.  Some of the better automated software like Jarvee will allow you to specify which proxies to use for which task too.