Trade Expert Support Forum

My sites keep on getting hammered by proxy attacks, I do not know how low should I set the autoblocking IP feature, I mean, I do not want to block 'normal' surfers.

I have now:

block IP for 30 minutes if

incoming raws is more than 15 hits/minute

or

clicks T/G more than 30/minute

but I still send lots of proxy out to my trades. Many trades dropped me. Why cannot I simply block ALL proxys.
Please, Please, you must implement this as a basic security feature in up coming updates!

I mean, if you can decide what to do with nocookie hits, why cannot you decide what to do with proxy ins/clicks?

bump

bump bump

Hi there,

if you really have a problem, set more strict rules for autoblocking.
block IP for 60 minutes if incoming raws is more than 10 hits/minute or clicks T/G more than 10/minute
and choose: Send them to galleries only (those who click directly on the toplist links will still get "blocked message" displayed)

Which means, u won't really block anyone, in worst case scenario if someone is blocked because they produced too many clicks, will be sent to galleries.

Regarding your request for improvements for proxy blocking. We hear you, we're considering how we could further improve it. But we need to be careful. You must understand that all proxies are NOT bad, there are many legit proxies out there (such as AOL public proxy and others) and we must not block them completely, because we would also hurt real surfers. Let me know how you'll be doing with stricted blocking rules. If it won't work as expected u can even lower number of hits/clicks per minute.

best regards,
Jim

hello,

My problem is that I dont know what would be a normal pattern for surfers. I set it to 10/10 now as you suggested.
Fortunately I also stumbled upon a php code that I inserted to all my sites, that should block all proxy access.

I understand that not all proxy is bad proxy however I cannot take chances. Trades will dump you if you have high proxy traffic.
I would rather block all proxy traffic to make sure I am safe.

I do really feel TE3 should have an optional setting - jut like for nocookie traffic, so you can choose what to do with it.

Basically proxy traffic should be among the system trades just like in the case of most other traffic trading scripts.

While TE3 is a great program, right now this is one weak spot.

Best Regards,
bbhrucy79

We'll think about it and we'll see what we can do about it. I understand your point ,but we have to look at both sides of the problem if we want to implement a good solution. We need to find a way to eliminate bad proxy traffic or perhaps have stricter rules for proxy traffic in general. We absolutely should not block ALL legit proxy traffic. Blocking AOL proxy and similar legit proxies will result in traffic decrease on any site.

best regards,
Jim

I understand your point,

This is a difficult issue, because as you say not all proxy is bad, it can be normal visitors. However, most trade scripts will skew you if you send high amounts of proxy traffic. They really dont care whether its AOL or not. They might even shut you down, it happened with many trades of mine. And there is no way of telling what is the good auto blocking settings. Is it too low? I may block many normal users. Is it too lax? I am in the danger of proxy attack.

So the problem really is there is no way of telling or diagnosing what would be a normal pattern and what would be abnormally high?

How could you measure that?

So you either block your normal visitors - and loose traffic in this way, or you offer your ass for proxy attack - which will also result in traffic loss because your trades will shut you down.

For now, I came up with the solution, to allow 20 ins/min and 20 clicks/min, however in the same time I have a set of codes in my .htaccess that eliminates 95% of all possible proxy attack.

At least since I have this code I am not getting complaints and shut downs from my trades.

Hi brucy,

regarding your auto blocking question i already explained above, i'll copy paste it again:

"if you really have a problem, set more strict rules for autoblocking.
block IP for 60 minutes if incoming raws is more than 10 hits/minute or clicks T/G more than 10/minute
and choose: Send them to galleries only (those who click directly on the toplist links will still get "blocked message" displayed)"

So u don't need to be worried about really BLOCKING anyone. The blocked ones simply won't reach your trades, they'll be sent to galleries instead. 10/10 is quite
strict, but if it doesn't help u could even lower it a bit.

Regarding proxies, we will implement a method which allows you to select: send proxies to: galleries or to a specified URL, basically this is what you are looking for. We'll leave it disabled by default and those that have a huge problems with proxies can adjust this setting. Sound ok to you?

kind regards,
Jim

hi,

Yes, that would cut it. Basically proxies should not be sent out at all to trades. I understand what you say and you are right regarding not all proxy is bad. But the problem is this: try to explain that to your traders. They will shut you down for high proxy traffic.

So what you are about to implement is definitely a good idea. I personally do not care about the fact that I send out a bit less traffic to trades if I can be certain that I dont send them such traffic that would score me down(proxy). Thanks.

We'll add this option for you with the next update and u'll be able to set how to handle proxy traffic! thank you