[Full-disclosure] Re NiX API

["TOR" <fulldisc@xxxxxx>]

> Im not saying our system is 100% and unbreachable but I do know
> it does give you reasonable protection to address this issue.

Again, of course it provides some protection, I'm just not sure about the 
'reasonable' part.
The big issue is with the false positives.

> hosting provider or not. Needless to say, this is very hard work.


One of my points was that many legit users end up using a datacenter's hosting 
IP.


> web proxies by whole world are hosted of course in hosting providers 
> datacenters


Blocking web proxies would be OK, but you're blocking the whole provider 
because of it, refusing payments from the maybe hundreds or thousands of IP's 
that were never proxies and my be used by regular customers.


> thousands of hacked dedicated servers as well to this list that are being
> used for scraping, hacking attempts, brute forcing and so on.


Blocking servers that have done portscanning in the last week/month would be 
reasonable too, I guess.
But from what I've seen (again, look at your stats) you put the whole /24 on 
block (as part of your 'very hard work') and probably leave it there for months.


> We leave this decision to you what to block or allow.


After a while it just seems like with that much effort of always 
adding/removing hosts one could just use his own blocking lists.


> Im happy to hear you're using similar technology. You've just said
> yourself why you do want to block proxy users.


Block them from coming back with a proxy to sign up for free, YES. Blocking 
paying users, NO. There is a big difference.


> This is true indeed. But if you would have 50 fraudulent purchases in a
> short period. What would you do? You sell TV's. Someone will order a $2500
> nice new TV from your online shop. OK, you go and check this client IP
> it's a proxy or Tor exit node.


If it's a TOR exit node, probably not. If it's some IP that belongs to a data 
center, probably yes. To make a decision, I would more rely on inconsistency 
between credit card country, geoip, and where the item will be shipped to. 
Blocking just based on the IP is a bad idea, and this has been my point all 
along.


> Im happy to hear it works out to you. A few days ago, i received an email
> from https://www.proxpn.com/ admin that he suspended fraudulent user VPN
> account due to the abuse. A fraudster used a stolen credit card using
> their VPN to purchase a service from us. Needless to say, their CIDR's has
> been also added to this list.


Cool story, bro.

We probably agree for the most part, proxy IP's are suspicious I'm just saying 
I don't necessarily agree with your definition of what a proxy is and the idea 
of blocking customers blindly based on your list.
Anyway, the whole thread seems kind of offtopic to FD so no more replies from 
me. The only reason I replied in the frist place was to share my two cents 
related to the subject based on my experience with blocking proxies, Paypal 
chargebacks and to speak out for the legit customers who are 'suspicious' in 
your list but still pay for TorVPN.

Regards,
http://torvpn.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/