Comment by BLKNSLVR
9 hours ago
I have a script that logs IPs for any traffic coming in to my servers on ports that don't accept traffic. I then block those IPs from accessing ports behind which there are services.
If they're checking my locked doors, I don't want them coming in my unlocked doors.
This might be a good idea, but consider banning them for, say, a couple hours at a time. It’s easy to rotate IP, especially if you’re using a residential proxy service, and there’s a good chance you’ll end up blocking real users using the same ISP.
yeah, I'm using https://proxybase.xyz for this. It's like Mullvad but for proxies. No kyc, no email but supports xmr.
You should put your business (https://proxybase.xyz) in your HN profile. It might help to find more customers.
1 reply →
Is this your service? Since you've made seven posts to HN about it and also your username shows up in the commits on their GitHub.
Because I'm quite curious on where the IPs are from. Usually residential IPs is a fancy wording for malware infested devices from regular people.
5 replies →
Do they say how do they have access to those IPs? Most residential IPs are malware-infected devices.
3 replies →
I like the API-centric nature of it. $10/GB seems a bit steep though, especially compared to Mullvad’s 5 €/mo.
Search for “mobile proxy” – those are usually cheap-ish monthly subscriptions, with unlimited traffic, and often an API to rotate the IP programmatically if you need it. No KYC, but you usually do have to sign up with an email.
@ notpushkin,
yes, it's a bit more expensive because it's for different use cases. You can't use VPNs or Mullvad for anything mission critical. Just try to log in to your bank in US, it will increase your risk score on their end because VPNs by nature are very easy to detect whereas "residential proxies" much harder.
3 replies →
That’s nice, I need to implement this.
Closed ports are not "locked doors", and open ports are not "unlocked doors"
That is a binary thought process with a lot of assumptions. You might introduce even more attack surface in pursuit of this "security" measure by installing additional software like fail2ban, for example. Close your ports, maybe assign a non-standard port to the popular ones (like SSH) to reduce log spam, and patch your server often. Anything more complicated than that is not worth it, IMO.