As already mentioned in a previous posting I stumbled upon an old proxy server code that attracted my attention again. Driven by the same idea as at the first time, out of curiosity how the spammers and hackers do their  job and who else is using this anonymizing srvices I modified and installed the script on my computers again. To avoid the  situation supporting “them”  doing their business and being a piece in their chain I incorporated new filter mechanisms. I remember the anonymizng proxy users from these days had the nasty habit to bruteforce email accounts and HTTP authentication.  Allowing this would cause troubles if affected system administrator see my IP address. They would contact my Internet provider which will cut my connection or evn  go one step further and inform the law enforcement.  To control these peoples  bad attitude I customized the black and white listing feature inside the script that way abuse is restricted at its maximum.

Before explaining what tasks were to do to lead the desired traffic to my server and how to process it, here a short overview about the actors involved into the communication chain and what role they play:

Proxy server user : The person that is ready  to pay money for anonymity, for what reason ever.

Proxy server provider : The service provider that searches freely usable proxy servers in the Internet and also the one who is offering people access to “his” anonymizing proxy servers.

Proxy server owners : The real owner  of  the anonymizing proxy servers.

Peer system : The peer system the proxy server user wants to reach anonymously.

I started the  script and registered my IP address as a new proxy server at some “Anonymizing proxy server” providers homepages. Finding them is fairly easy. By searching them with google I’ve found their links within the first searching results and visited their homepage. I was looking for the input box to type in there my IP address and they can do the checks for that system to recognize its proxy server capabilities. If such tests passed successfully the IP address is added to their proxy server list and distributed among their customers. Simple and strightforward. I was registered.

After a short time the first requests came in from control servers that contacted the registered proxies again to check its availability and analyzed what proxy server ports are open (HTTP, HTTPS, Socks4, Socks5). And after the first assessment also the first real requests dropped in. Fresh data to analyze.

At the moment it is not enough data yet and it takes some further days to find out what kind of data is passing these anonymizing proxy chains.  I keep the script running for the next days to have better results to determine the meaning of the traffic, its origin, destination and if there are further ways how to profit in good and bad sense from that traffic.