Closed sharoncreech closed 4 years ago
Great question; So let us begin with what the backend actually sees it as, and that is as "hosting." Which then brings in your question, is this a proxy? So I would look at it this way:
As such via these constraints and the constraint of only being able to respond via a (Y/N) answer in the original API I'd mark this as "Y". In the newer API, which is still in alpha, we mark this more accurately as "hosting." I've also included what that detection looks like below.
https://blackbox.ipinfo.app/api/v2/209.85.220.41
{
"ip": "209.85.220.41",
"asn": {
"name": "GOOGLE - Google LLC",
"number": 15169,
"network": "209.85.128.0",
"cidr": 17
},
"detection": {
"bogon": false,
"hosting": true,
"proxy": false,
"spamhaus": false,
"tor": false
},
"suggestion": "block"
}
Thanks for reply. I would personally ignore 'hosting' as something that belongs to the group of proxies, TOR, VPN etc ... And to be honest I would completely remove it from the blackbox as it can only confuse, but it's your script is still a great job done. Do you have any function.php script (as you have for version 1) for v2?
Thanks
Hello @sharoncreech,
We do list on the site that we are "A free proxy, hosting, tor detection api." This is something the previous API did as well, but maybe with not as many hosting networks.
As of the moment, I do not have a PHP function for working with the new v2 API, and it is still in beta.
Thanks for the clarification. Can you explain to me what falls into the definition of “hosting detection.” Are these IP ranges used as web proxies, spam activities, etc ... or ... What is the rule for hosting IP ranges that are within your list?
Thanks
Hosting would be something like a web site host. We don't expect human traffic to originate from it, but rather traffic generated by bots, scripts, web applications, et cetera.
A good example would be if you had an online store. You would not expect a server to be purchasing an item from a website. As such, you would probably want to verify the order if it was flagged by Blackbox.
I understand what you mean, but there are legitimate hosts that are not malicious and that do not function as a proxy, and are still on the list. Since I have been in these internet waters for a long time I still can’t understand the logic of hosting. Does this mean that under hosting is everything that is hosting and even many who have not had suspicious activities?
If whatever.com that has a unique IP address x.x.x.x is on the list, and the IP address has not participated in any illegal activities in the past found in the list with VPN, Proxy, TOR then in my opinion it is totally confusing.
We built this list from the viewpoint of a server where we expect the users to be coming from residential and cellular providers.
I think the question here really is what are you trying to do with this list? Can you give me an example of your goals, and wants?
I'd say in the long term, that you probably want to use the /v2/ API. You could easily only block things from tor and or proxy and avoid hosting all-together. The original API however, is rather inflexible.
I created some time ago https://www.ip-lookup.org and since the site is about different types of lookup, from IP lookup through Email and Whois lookup it seemed more than interesting to include a script for detecting proxies, VPN , TOR IP address. Of course, I don't like hosting as I already said, since they are not in the same category with proxies, VPN and TOR addresses. Probably the solution will be API V2 one day when it is a stable version. Thanks a lot for the reply and keep up the good work.
@sharoncreech
Just a quick re-ping... I've gotten the V2 API up.
https://rapidapi.com/CMunroe/api/blackbox/
Feel free to try it out, and if you like the API... DM me, and maybe we can do something about a free tier for you.
Hi, Thanks for let me know.
Actually I thought to have only more accurate detection for proxies. Right now i use hard coded V1 which works fine:
if ($err) { echo "cURL Error #:" . $err; } elseif ($response === 'Y') { echo "VPN/TOR/Proxy: Detected"; } elseif ($response === 'E') { echo "Request Error"; } else { echo "VPN/TOR/Proxy: Not Detected"; }
I'm not sure how to integrated V2 with similar response as above where it will calculate of only proxy and TOR values are true or not and then show it same way as it has been done above.
Regards, Make
On Fri, Nov 12, 2021 at 6:04 AM Munzy @.***> wrote:
@sharoncreech https://github.com/sharoncreech
Just a quick re-ping... I've gotten the V2 API up.
https://rapidapi.com/CMunroe/api/blackbox/
Feel free to try it out, and if you like the API... DM me, and maybe we can do something about a free tier for you.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Munzy/blackbox/issues/715#issuecomment-966823056, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADKRAYRY5MPR2BR7Q27WUUDULSN5LANCNFSM4OE5ROQQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
@sharoncreech I think the below will work nicely. You might need to adjust it to work for your setup a bit.
<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://blackbox.p.rapidapi.com/v2/9.9.9.9",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"x-rapidapi-host: blackbox.p.rapidapi.com",
"x-rapidapi-key: -snipped-"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
}
else {
// Json Decode
$response = json_decode($response);
// Transition to using the first object.
$response = $response[0];
// If a proxy is detected.
if($response->detection->proxy === true || $response->detection->tor === true){
echo "VPN/TOR/Proxy: Detected</li>";
}
// If a hosting provider is detected.
else if($response->detection->hosting === true || $response->detection->cloud === true){
echo "VPN/TOR/Proxy: Likely</li>";
}
else {
echo "VPN/TOR/Proxy: Not Detected";
}
}
Results:
php test.php
VPN/TOR/Proxy: Likely</li>
Hi,
Thank you. Everything works fine :)
Can you give me a free tier? I can give you credit for proxy detection part on Terms & Conditions - IP-Lookup.org https://www.ip-lookup.org/iplktos
Regards, Make
On Fri, Nov 12, 2021 at 6:49 PM Munzy @.***> wrote:
@sharoncreech https://github.com/sharoncreech I think the below will work nicely. You might need to adjust it to work for your setup a bit.
<?php
$curl = curl_init();
curl_setopt_array($curl, [ CURLOPT_URL => "https://blackbox.p.rapidapi.com/v2/9.9.9.9", CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "GET", CURLOPT_HTTPHEADER => [ "x-rapidapi-host: blackbox.p.rapidapi.com", "x-rapidapi-key: -snipped-" ], ]);
$response = curl_exec($curl); $err = curl_error($curl);
curl_close($curl);
if ($err) { echo "cURL Error #:" . $err; } else {
// Json Decode $response = json_decode($response); // Transition to using the first object. $response = $response[0]; // If a proxy is detected. if($response->detection->proxy === true || $response->detection->tor === true){ echo "VPN/TOR/Proxy: Detected</li>"; } // If a hosting provider is detected. else if($response->detection->hosting === true || $response->detection->cloud === true){ echo "VPN/TOR/Proxy: Likely</li>"; } else { echo "VPN/TOR/Proxy: Not Detected"; }
}
Results:
php test.php VPN/TOR/Proxy: Likely
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Munzy/blackbox/issues/715#issuecomment-967301777, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADKRAYWIWJOSDCSKORCQNO3ULVHRNANCNFSM4OE5ROQQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
I should have offered you access to the "Custom-Mega-Free" tier.
Should be visible here: https://rapidapi.com/CMunroe/api/blackbox/pricing assuming you didn't get an email.
Just wonder why is 209.85.220.41 flagged as proxy? It is an IP from Google Gmail mail-sor-f41.google.com.