Quote:
Originally posted by pennywize_v3
Hi Sleepy,
Yep, i don't disagree. If you had 90,000 proxies, then 1 guess through each would be 90,000 guesses.
|
So then whats the point ? Why block them at all ? The hacker still gets what they want if you dont attack the root of the problem ( open proxies ).
Quote:
Originally posted by pennywize_v3
For example, what if a guy starts hacking through an AOL/@home/etc proxy. It gets blocked. But then it gets blocked for *all* proxypasses clients, and any legitimate members would be disadvantaged. I dont think this is acceptable and i wouldnt put it in Pennywize. I dont also want to play god and say what IP addresses are going to be banned for all my clients, we'd get overrun with complaints from clients.
|
What they do is they keep a central database of open proxies. They have a server that then tests the blocked proxies repeatedly until they are properly closed. Large ISPs like AOL and Home rarely fuck up and leave a server open but when they do their ( Danube's ) software notifies the admin by e-mail.
Sure, a legit ISP could be blocked for a few hours but to me thats a small price to pay to make sure my legit members do not have their user/pass stolen. Legit members are already paying me $34.95 per month and once their user/pass is stolen you cant simply explain the situation to them. As soon as you say "hacked" they think their credit card could be compromised and its a guaranteed chargeback.
Quote:
Originally posted by pennywize_v3
Pennywize has had reasonable proxy protection until now, but in the new version 3, it *really* steps upto the plate. With the new per second/minute/day thresholds, we could configure any level of tolerance you wish.
|
Im not going to go much further with this steve. Your a good guy and you were good to me when I used Pennywize. Still, the bottom lines is that if you dont stop the "open proxy" requests you might as well be pissing in the wind.