GoFuckYourself.com - Adult Webmaster Forum - View Single Post

pennywize_v3 · 10-15-2002, 04:27 PM

Hi Sleepy,

Yep, i don't disagree. If you had 90,000 proxies, then 1 guess through each would be 90,000 guesses. Now, proxypass has good intentions (even tho someone from there seems to want to slam pennywize at every opportunity for his own gain -- but i'm not going to get into that) however by 'blacklisting' zillions of proxies, I believe you're probably going to do more harm than good.

Also, regardless of whether you have proxypass or not, your server (apache) is still going to have to 'accept' 90,000 TCP connections, examine the request, examine the IP and then drop the connection. Unless you firewall each IP out (which is even more horrendous) then there is no way around this, even with a C module.

For example, what if a guy starts hacking through an AOL/@home/etc proxy. It gets blocked. But then it gets blocked for *all* proxypasses clients, and any legitimate members would be disadvantaged. I dont think this is acceptable and i wouldnt put it in Pennywize. I dont also want to play god and say what IP addresses are going to be banned for all my clients, we'd get overrun with complaints from clients.

Pennywize has had reasonable proxy protection until now, but in the new version 3, it *really* steps upto the plate. With the new per second/minute/day thresholds, we could configure any level of tolerance you wish.

Steve

10-15-2002, 04:27 PM
pennywize_v3 Registered User Join Date: Oct 2002 Posts: 55	Hi Sleepy, Yep, i don't disagree. If you had 90,000 proxies, then 1 guess through each would be 90,000 guesses. Now, proxypass has good intentions (even tho someone from there seems to want to slam pennywize at every opportunity for his own gain -- but i'm not going to get into that) however by 'blacklisting' zillions of proxies, I believe you're probably going to do more harm than good. Also, regardless of whether you have proxypass or not, your server (apache) is still going to have to 'accept' 90,000 TCP connections, examine the request, examine the IP and then drop the connection. Unless you firewall each IP out (which is even more horrendous) then there is no way around this, even with a C module. For example, what if a guy starts hacking through an AOL/@home/etc proxy. It gets blocked. But then it gets blocked for all proxypasses clients, and any legitimate members would be disadvantaged. I dont think this is acceptable and i wouldnt put it in Pennywize. I dont also want to play god and say what IP addresses are going to be banned for all my clients, we'd get overrun with complaints from clients. Pennywize has had reasonable proxy protection until now, but in the new version 3, it really steps upto the plate. With the new per second/minute/day thresholds, we could configure any level of tolerance you wish. Steve