Wikipedia:Open proxy detection/Explanation

From Wikipedia, the free encyclopedia

When an IP address has performed an edit, a database with open proxy addresses is automatically searched. This database is periodically maintained and consists of more than half a million IP addresses and IP ranges. If a match is found, it is reported on this page.

This automatic reporting only takes place if the server of RonaldB is online. This is close to 24/7, but there may be downtime from time-to-time.

The system receives input from the irc-stream of recent changes. If the system is operational, it is logged in with the name: op-nnnnn, in which nnnnn is a 5-digit number.

Look here for more (technical) background info.

Explanation of information provided[edit]

type
This provides further info on the type of open proxy. If this is preceded by probably, it means that the IP address has never been published as open proxy, but the scanning module has not been able to confirm this to be the case.
Following types are discerned:
  • open proxy - a "normal" open proxy. The system does not provide the sub type (e.g. transparent, anonymous, etc.).
  • TOR exit node - an IP address of the TOR network, by which servers on the internet can be accessed (which is not the same as a TOR onion node).
  • exit server - some open proxies use another IP address (possibly a zombie) to access servers on the internet.
  • anonymizer - an anonymizing service, generally using a web interface (also called CGI or PHP proxy). The IP address, by which that service is accessing the internet to request pages, is reported. This is not necessarily the same as the IP address hosting the service.
  • web server - The IP address, or the range it belongs to, is solely used for web hosting. It may be hacked or is hosting a CGI/PHP proxy.
  • JAP - also called JonDo, a rarely used and relatively small anonymizing network.
  • SSH - the IP address supports the Secure Shell protocol. If an attacker knows the login data, he may use the IP address as a proxy, which probably occurs in 15-20% of the reported cases.
If the type designation is followed by an asterisk, this means that the IP address is known in the database with multiple types. The type is shown with the most recent confirmed date.
in db since
The date the IP address was first contained in the database.
first confirmed
The first date the scanner confirmed this IP address to be an open proxy.
last confirmed
The most recent date the scanner confirmed this IP address to be an open proxy. If the indication is Now !, this means that the open proxy behaviour has been confirmed by an "on-the-fly" check at the moment of editing. This can only be accomplished for "normal" open proxies.

The date information is used for the background-colouring of the entry. The darker the color, the more likely the IP address is indeed an open proxy at the moment of editing.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Wikipedia:Open_proxy_detection/Explanation&oldid=1081587640"