Score:0

Checking visitors IP for open port 25 smtp and blocking this IP

in flag

I try to figure out which IP is a residential proxy. The most IP's with a fraud score +75 has an open port 25.

A normal visitor's IP does not have port 25 open.

So you can assume that it is a configured IP address, right.

My questions

  1. Is there a relatively reliable way to expose a residential proxy IP if that IP is using/opening port 25?

  2. Is it possible to query an IP that calls a webstei directly on an open port 25 and then block it accordingly. ....IF ip-port_25=true THAN add_to_htaccess_blacklist; ?

StefanBD avatar
in flag
u can use a database on httaccess or u block the ip direct over iptables. Do u need the check direct, or do u have some kind of time? for the last i would check the access log over cronjob and try making a connection over telnet/php later u can easy rewrite the httacces with. When u want direct response i would make fake image going to a php file who did the check for u
anx avatar
fr flag
anx
You mean I should not be able to browse your website if I accept mail on the same IP? What kind of website has that requirement?
Legion avatar
in flag
Hi StefanBD, thank you for your answer. I really appreciate it. Your ideas - both - are fine! I like them. So, I need to write a bash script to do the logfile job. Yes, that's it! Then, the check via a fake image sounds interesting. Do you have some details about how it should work?
Legion avatar
in flag
@anx - About your first question: Yep, you are a not wished visitor in that case (bye bye baby). Ok, let's be serious: My customer works in the valuable metals sector and is currently having massive problems with IP addresses, which on the one hand scrape certain content. 24/7 long. He doesn't want that. I can certainly understand why you don't want that in certain areas. Even if it's difficult to prevent. On the other hand (his main problem): fake orders are placed daily (for whatever reason) via residential proxies (G3/G4 mobile proxies).Hosting IP's can be blocked from 0 to 100 in seconds
StefanBD avatar
in flag
U can generate images or output images with php so u can do with mode rewrite image.png goes to tool.php who does the check like connect to the visitor ip(u got from request variable) and if a login to the mailserver is possible u add the ip to the httaccess and give out a image with header png and code of 1 pixel, this method is used in tracking pixels for example
StefanBD avatar
in flag
Btw why not use some service who blocks bots or use a capcha? Just a hint, when it's really bots then they probably don't load ur fake image then you should do the check direct in the page and do something like caching then this telnet stuff will take time which makes ur site slower https://stackoverflow.com/questions/2226374/test-if-port-open-and-forwarded-using-php
Legion avatar
in flag
If i use the mod_rewrite rule `RewriteRule ^([_0-9a-zA-Z-]+/)?berliner-wurst.png /jetzt-schlagts-13.php [END]` the Browser will call the .php file, yes. The process of rewriting is made by the server. In the browser console I would be able to see the php file under the `Sources` Tab. Is there something magical I don't know, about calling first an harmlessly image file and than pumping the .php into the browser?
Legion avatar
in flag
About external services... Yes, Cloudflare is used for bot blocking, rate limiting, and blocking via WAF ASNs. Most bad IPs are used by Vodafone and O2. I also notice an increased use of IPv6 from AS3320 DTAG - fixed network. Maybe because these guys are running out of hosting IPs and frontal blocking of G3/G4 IPs thins that out too. And banning those IPs is downright suicide for a platform. So no permanent solution. Anyway, using IPv6 is another thorny issue. Most reputable blacklist IP database providers do not have accurate IPv6 abuse information.
Legion avatar
in flag
A scraping pro could easily load a captcha resolver library to solve the problem he would face after loading content (e.g. via scrapy and co). It's not really a problem - including the JavaScript challenges from our beloved Cloudflare. Caching is active for static content (not for dynamic routines like Ajax). Now I will carefully read the information from your link on stackoverflow.com - thanks for providing!
StefanBD avatar
in flag
no the user will not see that ur image is served over a php file and i dont think they can crack all capchas
Legion avatar
in flag
Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/140916/discussion-between-legion-and-stefanbd).
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.