0.5.3 Public Beta Testing

[thewird]

Also, when you get a complaint, you don't know which proxy its from. All you have is the server IP, time, and URL they accessed (sometimes you have to have to ask for the URL).

thewird

[hibob]

Hmm, the logging seems to still not work. I don't know, I seem to have done everything right...
Directory chomdded to 777, logging desination given, unique urls enabled.
Argh.

[Nick]

Originally Posted by thewird

All you have is the server IP, time, and URL they accessed (sometimes you have to have to ask for the URL).

If you've got the time of the request then I don't know what the issue is. You could probably decode at least 1000 URLs a minute so you must have billions requests per second for that to be a problem.

Personally I think you're being very unreasonable here. You might have grounds to complain if the option for unique URLs was there with no mention of the consequences. That's not the case - not only is the user informed of the need for logging, the script also provides the means to do it. If the user chooses to ignore that, I'm sorry but there's just no way that that is my responsibility. If it's a concern for you as a service provider, surely the right course of action would be to include in your TOS that you require logging of unencoded URLs?

In any case, how do you propose logging is enforced? It can only write to files where permissions allow so that'd only work if the proxy refused to function without logging. What if the owner has setup an alternative form of logging? It's not fair to introduce a forced logging system that may prevent the occasional idiot from causing problems if it's going to hinder the rest of the serious proxy owners.. especially so when the script is marketed for the latter and very little / no support is given to the former.

What happens if they decide to remove the code that forces logging without setting up an alternative? Is that still my fault? And if not, how does that differ from explaining to them that they need logging when the unique URLs option is enabled? Should I also encrypt the source just so that can't happen?

[thewird]

No, you should never encrypt the source, I'm highly against that. At the very least you could make it on by default. Well see how this goes but I can almost smell the problems coming

Could you possibly change the encoding so that there is an intact copy of the base64 encoding with an addition to your salt?

Also, how do you propose someone goes about decoding URL's from thousands of different proxies that all have unique salts and "may or may not be done for each user - str_rot13() and strrev()"? The times are never accurate anyway since each server time is different and I never use the time as a method to search the logs. What I've been doing up to know is just convert the URL to base64 and do a search for that in every domlog and then forward that to whoever asked for the information.

thewird

[EdwardTobia]

Nick,

I dont know whats causing this, not sure if its the beta update or what but now whenever i try browsing through the proxy i get a "name lookup timed out" error or something similar...

Any idea on what can be causing this?

Here are my sites so you can test:

http://www.antibloxx.com
http://www.plzunblock.com
http://www.hidensneak.info

Regards,

Edward Tobia.

[thewird]

Here is a sample of what happens on a regular basis. Even though this request came from the Texas, one hour after this was faxed to me, I received a call from Homeland Security as well because this was about a wanted murder suspect.

http://wdservers.com/request.JPG

If proxy developers leave this in the hands of the webmasters. It's only a matter of time before the US government (and other countries as some have already done so) puts a ban on anonymizers (as they call it) since they do not care about anything but traffic. I have always done my best to prevent abuse and help the authorities in problems like these and I really don't want to put a ban on a proxy script just because of something so small like this when its designed to prevent bot abuse which is a good thing. I'm sure we can reach some compromise. Either in the script or in a way to decrypt the domlogs.

Originally Posted by EdwardTobia

Nick, I dont know whats causing this, not sure if its the beta update or what but now whenever i try browsing through the proxy i get a "name lookup timed out" error or something similar... Any idea on what can be causing this? Here are my sites so you can test: http://www.antibloxx.com http://www.plzunblock.com http://www.hidensneak.info Regards, Edward Tobia.

Check your resolvers.

thewird

[BlissOfBeing]

Thewird: Did you hear Nick? There IS a logging system and it is turned on by default when you choose that option. I think you just don't want this out in the public because it will cause a lot of competition to your proxies which probably already use this encoding system, trying to scare people away. Nick don't listen to him.

Originally Posted by thewird

Here is a sample of what happens on a regular basis. Even though this request came from the Texas, one hour after this was faxed to me, I received a call from Homeland Security as well because this was about a wanted murder suspect. http://wdservers.com/request.JPG If proxy developers leave this in the hands of the webmasters. It's only a matter of time before the US government (and other countries as some have already done so) puts a ban on anonymizers (as they call it) since they do not care about anything but traffic. I have always done my best to prevent abuse and help the authorities in problems like these and I really don't want to put a ban on a proxy script just because of something so small like this when its designed to prevent bot abuse which is a good thing. I'm sure we can reach some compromise. Either in the script or in a way to decrypt the domlogs.

[thewird]

Originally Posted by BlissOfBeing

Thewird: Did you hear Nick? There IS a logging system and it is turned on by default when you choose that option. I think you just don't want this out in the public because it will cause a lot of competition to your proxies which probably already use this encoding system, trying to scare people away. Nick don't listen to him. Originally Posted by thewird Here is a sample of what happens on a regular basis. Even though this request came from the Texas, one hour after this was faxed to me, I received a call from Homeland Security as well because this was about a wanted murder suspect. http://wdservers.com/request.JPG If proxy developers leave this in the hands of the webmasters. It's only a matter of time before the US government (and other countries as some have already done so) puts a ban on anonymizers (as they call it) since they do not care about anything but traffic. I have always done my best to prevent abuse and help the authorities in problems like these and I really don't want to put a ban on a proxy script just because of something so small like this when its designed to prevent bot abuse which is a good thing. I'm sure we can reach some compromise. Either in the script or in a way to decrypt the domlogs.

I could care less about competition lol. I don't use PHP proxy at all because they are inferior but that doesn't matter anyway. I WANT PHP proxy to improve, I want the proxy community to evolve. The last thing I want is to hold anything back. I'm trying to make a sustainable proxy community and its people like you who only think of profit who are turning proxies to crap and eventually get the government to put a ban on proxies just like they put a ban on child p0rn.

I want to give input based on my experience. I want their to be the perfect proxy and it needs to be free and open source to people can contribute even more. Those people selling encoded proxy scripts that only have a few improvements to work with sites piss me off. Anyway, I've said all I wanted to say for now. If anyone has any questions, they know how to contact me I'm almost always available and help with whatever I can except for "how to get traffic to my proxy" and "how to monetize".

thewird

[Phantom]

Another release. Great.
I've actually already added strrev() and str_rot13() to my test proxy. (testing it out) it works great.
But I'll give your beta a test

[Nick]

Originally Posted by thewird

... its people like you who only think of profit who are turning proxies to crap and eventually get the government to put a ban on proxies just like they put a ban on child p0rn.

Oh grow up. If you're expecting people to take you seriously you'll need to be able to make a point without drawing utterly ridiculous and downright stupid comparisons like that.

To summarise:
- unique URLs can still be decoded from the server access log anyway
- unique URLs are disabled by default
- the same setup script that allows them to enable unique URLs will warn users that logging is necessary
- a logging feature to do exactly that is included

There is nothing to be gained by forcing logging to occur. It's not going to be possible for a user to enable unique URLs without realising logging is required. If they've decided not to bother with a log, maybe because they've set up a mySQL logging system or maybe they just don't care, all the script can do to "force" logging is refuse to operate until it is set up and writable. And all that achieves is annoying legitimate users, make people use another script or they just open up the code and cut out the relevant part. The only way to force logging would be encrypt the source and of course I'm not going to be doing that.

If you're worried about not being able to track down activity through sites you host then it is your responsibility to ensure your users enable logging with a suitable TOS. It's not for me to say what people do with a copy of my script, whereas you are perfectly entitled to say what people can/can't do on your server.