On Wed, 19 Apr 2000, Eric Cholet wrote:
> > (Off topic again, but lots of people here are using reverse
> > proxy).
> >
> > For a while I had 'ProxyRequests On' in my httpd.conf mistakenly
> > thinking that it was necessary to make ProxyPass and mod_rewrite
> > proxying work. Then I noticed entries in my logfile where
> > remote sites were sending full http://requests to other
> > remote sites. I've turned off the function, but the requests
> > keep coming in, mostly appearing to request ads from somewhere
> > with referring pages in Russia and China.
> >
> > Is this a common practice and what are they trying to accomplish
> > by bouncing them through my server?
>
> Yes it is very common practice, and so is scanning for open proxies
> on ports 80, 8080 and 1080. Here's a link to a list of open proxies
> and a faq that explains their use.
>
> http://www.cyberarmy.com/lists/proxy/
That leaves out the biggest reason why most of these type (ie. repeated ad
requests from the same small set of IPs) of requests are attempted: fraud.
There are lots of lusers out there trying to defraud banner exchanges and
various types of paid affiliate programs. The reason they use proxies is
to make it appear that the hits are coming from a wide variety of
different IPs so the company they are defrauding doesn't get as
suspicious as easily.
The annoying thing is that many of the servers they use are not and never
were proxies, but they are just too dumb to tell the difference.
