MyADSL recently wrote an article about “Free proxy service fraud allegations“. Basically some guy from George, apparently, named Zaine Lourens installed a PHP based web proxy, firstly on a server at Hetzner, then at Afrihost, and then finally at Elitehost.
I read thru the entire “thread” where Lourens originally posted information about his “free” international web proxy.
The amount of social engineering that was enacted by this guy is actually pretty amazing. He fed off MyADSL forumites’ hate for Telkom and being capped and only having local access.
He turned that thread into his own personal glorification field day and I can see how things went from bad to worse over the course of a month. Nearing the end of August, when both Hetzner, Afrihost, and Elitehost had finally kicked him off their servers for breach of Acceptable Use Policy he simply started pasting the IP adresses of some REAL open proxy servers listening on port 3128. Placating forumites with “I’m checking it out” (when they inevitably went down) and inferring that they are somehow “his proxies”.
He had to keep feeding his ego somehow, because everyone was just calling him “Mr Awesome”. And the reaction of people in the forum was even more shocking. Of course MyADSL’s userbase contains all kinds these days, so I guess it’s only natural that something like this happened, and then actually got some airtime on MyADSL in the form of an article.
Unfortunately, now, people are crying because fraud has been perpetrated, donations have been sent to a fraudster, and waaaaah all around. If it’s too good to be true, then chances are that it’s too good to be true. If someone offers me something for free, my geneneral first response is: “What’s wrong with it?”
Enough about Lourens though, it is on these open proxies that I want to focus for a bit. The info is all publically available information from the posts.
196.41.132.28 (cte-cache.vwol.net)
Hosted by: MWEB
Type:Netapp/Netcache
FAIL: 8080, 8081, and 3128 left open with no ACLS or authentication.
Status: Looks like ACL’s have been applied.
196.41.26.122
Hosted by: Datapro
Type: CentOS
FAIL: Squid/port 3128 left open by admins with no ACLS or authentication
Status: Looks like 3128 is now being filtered.
Currently: mysql and another bunch of stuff quite open.
196.41.26.123, and 196.41.26.124
Hosted by:Datapro
Type:FreePBX boxes
FAIL: squid/port 3128 left open by admins with no ACLS or authentication
Status: Looks like 3128 is now being filtered
Currently: mysql, webmin and others still wide open.
The FreePBX boxes are weird. What are they doing with an Open proxy installed? Is this a default thing ? Why do you want squid on a PBX ?
In conclusion:
Someone told me the other day that Africa, and South Africa isn’t really prepared for this “true broadband” and “loads of bandwidth landing on the continent thing”. If we consider that these proxies were well-abused over the course of a month, and were probably copied and pasted from some standard “Open Proxy List” off the Internet, or even just discovered using nmap, then I have to say that that statement is probably holding true.
Once hackers, and script kiddies get nice low-latency access to South African data centres, they’re going to have a field day. And I reckon most local companies simply aren’t ready for it. Go get some kind of security certification now and I reckon in a year or two’s time you’ll be earning top dollar.
Just want to say that Zaine is a great guy and he was only giving people what they deserved instead of waiting for the big guys to lower their stupid prices which will never happen. It sucks that he got busted but he was doing something good and I just wish everyone would lay the hell off him he aint a normal hacker and he aint a script kiddie, he’s way too smart for that!!
Peace 😀