About connections from proxy servers

[ankso]

Greetings to all!

It's well known to all admins of almost any type of server, (webserver, MaNGOS or whatever), that there would be allways undesirable users that will try to do "bad things". And is also well known that sometimes this "users" will use a proxy server, so ban the IP is a waste of time, they change the proxy server and restart the hostilities.

I need a little help with this stuff, I'm relatively new in administration of on-line servers and any advance about how to fight against that subject will be welcome, for example, is there any way to block all connections comming from a proxy server?

Also this thread could be a good place to discuss about security and exchange tactics/opinions. I post it here beacuse is not only MaNGOS related, and could be interesting.

Thanks for reading!

[antiroot]

Nice idea for a thread.

Typically with the servers I maintain they need to be accessible by our customers, which means trying to block proxies could potentially block legitimate customers as well

We spend a large amount of time just making sure we have secure passwords on anything that needs them, limit which users are actually allowed to login (this means disabling root login and other system users)

SSH logins are only allowed by key based authentication

Firewall setup to allow only specific hosts we define are allowed to connect directly to MySQL, customers have no need to connect to the DB directly since the webserver is the frontend to the DB

One thing i've been working on lately to counter attack MySQL injection attacks is validating the data before it goes through to mysql

for example we have some pages that use a GET variable which should always be numeric and no more than 6 digits, so in code we check that this is the case if its not then we reject the request altogether (some places this isn't as easy, like a website search feature)

Edit: This is more to prevent load on the database than to be a security measure, but if a malicious person is doing DDOS on you then you'd still want to limit what resources they can consume

oh and of course don't forget mysql_real_escape_string.. any time there is a place where the user is able to input ANY type of data, make sure to validate/clean/escape

and in the event that you don't escape user input data, make sure apache/webserver is not allowed to write to anything other than say /tmp/, otherwise a script kiddie could find a spot where they could upload code that gets eval'd and then they can alter/delete/add anything they want to your server

These are most of the ideas i could think of in 5 minutes, hope they are useful to someone

[AmrasTaralom]

There is no way to block all connections from proxy servers because not all proxy servers propagate that they are proxies.

Most public proxy servers (http) however include a proxy header into their requests. You have the possibility to deny access for those based on the header. This might of course exclude legit users as already said. Additionally it's limited to http protocol, so only web servers can be secured this way. Socks servers usually don't include this header (when connecting to a web server).