We have been thinking for very long time about it. It's easy to escape abusers who use my server to send email spam by blocking email ports, but how to ban abusers who use my public SOCKS5 proxy server to brutforce 3-rd party sites? The proxy server is anonymous, what makes the issue even more difficult.
Asked
Active
Viewed 174 times
0
-
Do your users supply a login or is this an anonymous proxy? They they accept an AUP? The AUP should state terms of use and what happens if they abuse the AUP. I would consider those things and maybe put abusers in a rate limited bucket. If this is anonymous, all bets are off. Rules should be around usernames, not IP's, or you will play whack-a-mole. – Aaron Jun 09 '17 at 18:36
-
6Step 1 for me would be not to run a public proxy. The most common use is for abuse. If someone has the need for a proxy for legitimate purposes, they can set one up themselves or they can use credentials to a proxy they have authorization for. – Jun 09 '17 at 19:19
-
1I agree with @yoonix I am watching the logs on my low interaction honeypot and I get several requests per second from bots that think they are talking to a real proxy. – Aaron Jun 09 '17 at 20:11