dnsbl.net.au Helping you block invalid E-mail

HOME LOOKUP REMOVE SUPPORT GRAPHS REJECTIONS STATUS FAQ TESTING FEEDBACK TYPES LINKS
REGISTER SUBSCRIPTION MEMBERS FIREWALL | pdl orid ahbl wpbl ucepn spews probes spamsites dsbl sorbs |
| t1 | rddn ahrh orrh jwrh | rmst ricn rdts | osrs omrs osps ohps owps owfs | |

ohps.dnsbl.net.au

Open Http Proxy Server Block List

servers which have open web proxies which are being abused, are listed here.

Operating on the common ports of 3128 or 8080.

Consists of collections of IP addressed networks, which are being abused by spammers, due to them running an insecure (open) web proxy server.

Software which is not configured correctly, is the usual suspects here. Cisco caches, squid, Microsoft proxy and others.

Probably some IP sharing hardware devices and software packages may also default to being open.

Spammers use these open proxies to hide their identity, and then usually abuse another open relay server, to further confuse and hide their identities.

The use of open proxies and open relays can entirely hide the identity and origin of spammers, so they are a very bad thing indeed.

There are currently very few tools around for testing for these open proxies, so the numbers here will be small, until those tools are developed further.

See this page of a web based, public, registry, of open proxy server. http://tools.rosinstrument.com/proxy/

And this little gem, from a similar page. proxies

But how exactly do they do it? 


Subject: Open web proxies on port 3128

Try connecting, then enter the line

CONNECT a.mail.server:25 HTTP/1.0

then hit return _two_ times.  If you get a message saying something
like "200 Connected"  then you can begin talking SMTP with the
target mail server.

Also see http://www.cyber-abuse.org/?page=abuse-proxy

I don't know more than that... 

furio ercolessi




From: Paul Howarth 
Subject: Open web proxies on port 3128

It works exactly the same as the open port 8080 CONNECT proxies
that every Korean school seems to have:

# telnet 12.100.6.90 3128
Trying 12.100.6.90...
Connected to 12.100.6.90.
Escape character is '^]'.
CONNECT belfast.city-fan.org:25 HTTP/1.0^M^J

HTTP/1.0 200 Connection established

220 belfast.city-fan.org ESMTP Sendmail 8.12.2/8.12.2; 
Thu, 24 Jan 2002 12:14:46 GMT
HELO spammers-r-us
250 belfast.city-fan.org Hello 90.mugc.chcg.chcgil24.dsl.att.net 
[12.100.6.90], pleased to meet you
MAIL FROM:
250 2.1.0 ... Sender ok
RCPT TO:
553 5.5.4 ... Domain name required for sender 
address spammer
QUIT
221 2.0.0 belfast.city-fan.org closing connection
Connection closed by foreign host.

Cheers, Paul.




From: spackard@fastlink.com
Date: Thu, 24 Jan 2002 08:56:12 -0800 (PST)

I found you can pretty much download the AnalogX Proxy
software, unzip it to extract the installation/user manual,
and read it to find out how to abuse the proxy.  It's not
just a web proxy, it's a general-purpose proxy.  People out
there may be using it just for it's HTTP proxy, but it'll
do a number of ports and is open to the Internet by 
default.

Regards, Scott
dnsbl.net.au abuse [at] dnsbl [dot] net [dot] au