New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
-1 more dynamic check is live and running (results should be more accurate)
- ASN blacklist has been implemented. In the process, I've created a tool for someone to look up the AS number given an IP address. http://geoip.getipaddr.net/asn.php?ip=IPHERE
- I decided not to do the semi-whitelist for now, everything is coded on my end but with these "residential" VPN providers, that doesn't seem like a good idea.
- I'm playing with project honey pot and other DNSBL services. I'll probably write a web based tool for this as well similar to ASN lookup. Hopefully you'll find these tools useful, if you're not using the full VPN/proxy IP check. If DNSBL services are implemented, they'll be used as another dynamic check.
Neat. Some CC IPs still return non-1 results :P. (Mostly the b2h networks crap, the stuff they hide under other ASNs and shit that still routes to the same damned boxes in Buffalo... even goes through the same damned switches.)
PM me those ASNs?
Sure, give me a moment. Check B2Solutions as well, ServerMania is a shameless CC reseller. "We are an online-only business" was the excuse we were spoon fed in regards to why they couldn't get anything besides CC-exact hardware specifications at CC-exact pricing. [ and only having a buffalo location. ]
It's awesome, I think it would be very useful if you keep updating it. however, I got this:
I looked into this. Some people are hosting websites in your /24. For example 113.160.58.90, is hosting
and a couple of nameservers. That's why you're seeing a fairly high value. In fact it should be "0.8775", the slave server serving your request had a bug in it (which I've just fixed).
This is wonderful!
I can't stand the mindset behind the VPN check during sign up.
Since when does using a VPN equal fraud?
Criminals will simply use their neighbours open wifi...
Drives me nuts when my order is marked fraud, simply for wanting to have some privacy..
I've attached the other things MaxMind checks for.
I hope it helps!
Fraud checks are a necessary evil. But please, implement methods to verify the customer anyway (not with ID scan, however).
I've just implemented DNSBL. The service is no longer in development at this point (feature wise). It's using 6 different unique dynamic checks to determine if an IP address is a proxy/ VPN, along with various custom blacklists. Hopefully, some of you will find this useful
Sorry for bumping the thread. I added another unique dynamic check, making it a total of 7. From February 1st to February 27th (now), the server has serviced 973k requests. With only 1 real complaint (which I've resolved), I think this service is production ready. If you're dealing with forum trolls, spam cough LET cough, fraud, or just want another point of view from whatever you're already using, be sure to check it out.
I already use it in productions :P
curl -s eth0.ga
Not really the same. getipaddr.net is similar but check.getipaddr.net is not.
Some updates: I'm working on a new version. Use check.dynamic.php instead of check.php
Dynamic checks are faster and there's more of them. I've added detection for 'bad agents' like spammers as well.
There's 9 dynamic checks on the beta version.
The backend slave servers are multi-threaded.
The old system got an update as well where everything is running in ram. I've adjusted some values because one attribute was being too heavy handed.
For more information / updates, check http://check.getipaddr.net I don't want to bump this thread too much.
@black which geoip db are you using ? is that maxmind ? can't see any copyrights.
Are you talking about getipaddr.net or check.getipaddr.net? If it's getipaddr.net, I'm not pulling information from maxmind.
Edit: man, I should really buy a domain for this proxy check project
@black this http://getipaddr.net/more/ , it contains complete ip geo location information plus ISP and Organization. Where did you get that?
I'll PM you the source.
There's been some major improvements made so I thought I'd let people know. Firstly, I've curated my own datasets which is about 40 GB in size that I maintain on a daily basis. This means that queries take around 150 - 300 ms instead of 3 secs to 11 secs on previous versions. I've upped the query limit from 40 to 80 queries a minute. There are 15+ unique dynamic checks at this point, compared to < 10 in previous versions. When it comes to boosting in machine learning, the more weak classifiers there are (in this case, more dynamic checks), the better the result.
As always, this is 100% free. If you're having issues with bots scanning your application, crawlers, fraudsters, trolls, people trying to ban evade, etc, try it out.
@black any plans to make it open source?
http://lowendtalk.com/discussion/comment/652301/#Comment_652301
@alexvolk To add to @Traffic ,
More over the fact that some VPN companies can reduce their score if they own large IP blocks, the source code is useless without the database, which is updated multiple times a day. The DB is pretty big and uses a lot of ram, so to distribute the database is a huge logistic hassle. I hope free does just as well.
So long as it doesn't become a burden to you to maintain...
Curious how you're storing the IP space in memory. I take it you'd just store the subnet blocks, perhaps store your scoring there, and a pointer to some stringy data if required?
It already is. Dedicated servers aren't cheap and the constant attention in terms of data updates is like having a girlfriend. Something like this should exist, because other alternatives charge 1k queries for $5 or something similar. Since the beginning of July to now (the 12th), there's been 657k queries to the system. If you work that out, I could've made a lot of money, but I choose to offer this as free. Perhaps I'll add a flattr / donation button or something later in the future.
Sort of? For each dynamic check attribute (there are 15+ of them), it contain datasets about a specific IP or a specific IP block. That single dynamic check produces a result using those datasets that becomes a weak classifier. When all 15+ of them produces a result, the system then boosts the overall result, and that's what you get at the end. The only simple lookups are explicitly banned AS & CIDRs and from the cache table (if you've looked up the same IP 10 minutes ago, it's not going to recompute it). By simple, I mean lookup the IP in a table, and just throw out whatever is in the table.
I'd suggest having a free service is nice, but for 'guaranteed volume', there can be a paid option. Real-world people surely agree that you're not running a charity
Anyways nice work.
I'd agree with that & thanks.