blackdotsh
commented
6 years ago Hi,
If you believe there's false positives you can always report them to me via email or twitter DM and I'll look into this issue. I'll be happy to look into why this is happening and I can adjust certain values manually if I need to. A broadband IP doesn't strictly exclude it from being a proxy as I've seen many proxies running on residential networks. Please contact me privately and I'll discuss why the score for a particular IP is high.
To address why your server is getting a value of "1": We blacklist server IPs. The reason for this is that your online infrastructure should not get traffic from hosting IPs unless it's apart of your online infrastructure. For example, if you were running a website or an online service and you were getting traffic from Amazon EC2 that's not apart of your online infrastructure, then it is proxy / VPN or bot traffic. You can make this conclusion because Amazon EC2 IPs represent a server, not a person. Therefore, an Amazon EC2 IP would only connect to your infrastructure if it is instructed to do so via code, which represents either bot / automated traffic or proxy / VPN traffic.
We have specific assumptions listed on our website which states: The following assumptions must be met for the sake of accuracy and correctness.
- It is assumed that the IP you're looking up is making a request to your services on an application level. If you block IPs on a lower level, important services such as DNS maybe be blocked which is not desired. Be sure the source IP addresses are correct (not spoofed) if you're trying to protect a UDP based service.
- If your online services involve multiple servers or external services that interact with your online infrastructure, it is assumed that you do not look up these IPs or the IPs are whitelisted on your system.
Looking up IPs that are connecting to your infrastructure and excluding IPs that are apart of your infrastructure makes complete sense when implementing our API but I explicitly listed them as apart of our assumptions just in case. In this scenario, your server IP was looked up without satisfying the first assumption. If your server did connect to an online service that was protected by our API and resulted in a lookup of your server's IP, then I would stand by the conclusion that it is bot / automated traffic or proxy / VPN traffic because your server would not go and interact with another online service on an application level if you did not instruct it to do so on your behalf.
does it exist?
Seems you operating some kind of blacklisting database system, which obviously will have false positives.
I tested with a few random ip's
One is a personal server which has never ran a TOR node, proxy or VPN, yet scores 1. Other ip's were broadband ip's but one of those scored 1 as well.
So false positives in the system but no reporting system.
If there is no way for people to report false positives then this isnt a credible system for my services to use, please advice thanks if there is such systems in place.
Thanks