Stealther 2.7 Proxy Server

[SilentFog]

I thought Stealther 2.7 Proxy Server should be a program PROVIDING privacy and NOT to disclosure it ???

1. After starting prog, intialising connect to this server, posting my IP to it.

2. Every 'Assh.le' can review the last ACTIVE users by simply typing it. If You make a refresh of Your Browser, the list will be updated ...

So i can EASILY take this IP's for an 'hostile attempt' no need to make a scan, because they are OUTED to be online - Port:14000


http://www.florenz016.server4free.de/cgi-bin/show.cgi

Get List: (last digits xx from me, to not spam their IP's)

2.7203.162.137.xx-14000-VOOAWGL-2.7-1062817245-0
68.119.36.xx-14000-FQEKRJMAVOJ-2.6-1062817105-0
81.132.131.xx-14000-L@SEJ-2.7-1062817106-0
68.16.89.xx-14000-AOYRWPIF-2.7-1062817107-0
24.192.119.xx-14000-UJIVLAEB-2.7-1062817108-0
62.101.193.xx-14000-OPXDV-2.7-1062817109-0
213.10.12.xx-14000-RBVGYP@QF-2.7-1062817110-0
213.114.115.xx-14000-FMA@EUUW-2.7-1062817110-0
211.28.174.xx-14000-LSGMDHGG-2.7-1062817111-0
172.165.130.xx-14000-CNNYFU@JELX-2.7-1062817112-0
209.193.56.xx-14000-ERSFH-2.7-1062817113-0
24.155.25.xx-14000-IAWUEJXUMC-2.7-1062817113-0
209.143.37.xx-14000-NJYI@BDB-2.7-1062817114-0
161.5.64.xx-14000-WRXKJXU-2.7-1062817114-0
12.105.215.xx-14000-OYGPCFGAPU-2.7-1062817114-0
12.214.211.xx-14000-RWMXNBQS-2.7-1062817114-0
81.203.11.xx-14000-WVVYPL-2.7-1062817116-0
68.37.98.xx-14000-ABFSMNCBO@O-2.7-1062817117-0
68.11.34.xx-14000-NJDEQMRGX-2.7-1062817117-0
195.229.241.xx-14000-@BJAI-2.7-1062817117-0
142.237.100.xx-14000-CSDHXGHWXW-2.7-1062817117-0

Can anybody tell me, please, what the 'hell' this should be ?

They claim to make an connect for updating the 'internal' proxy data - 'Sh.t' - I have disabled all+loaded on startup my own list and my IP always got compromised by this script...

Or does anyone other members of BUG/SEC - Forums to FIND an answer ???

Greetz SilentFog

[Laighleas]

An anonymous proxy server is only part of the answer. Your IP (and browser info, and much more) can be obtained, despite anonymous proxies, through cookies, HTTPS or, in this case, by running scripts. Now although Stealther is a very good proxy server, and although it does have cookie rules, it's not designed to handle things like scripts - I'm not aware of any proxy server that does. One option, of course is to turn off HTTPS and scripts (e.g. Java) altogether using the settings in the browser; the folks at Photon suggest this. This however has its drawbacks.

There is a far more useful alternative, and one which I've been using for quite a while; use Proxomitron between the browser and Stealther. Proxomitron is a free program (do a Google search for it) which is more than capable of either disabling scripting/cookies/ads/fill in here completely or, more usefully, filtering web pages on the fly in order to block only the nosey stuff, as well as filtering HTTPS and HTTP headers. Furthermore, you can endlessly rewrite filters to keep up with the latest developments to get your IP etc.

For example, my standard secure config for Proximitron only allows cookies from named sites, and even then, they're only for that session. All other cookies are shredded on the way in, and any that get in from a bit of insecure browsing are prevented from getting out. Java has it's teeth drawn, so it can't be used for tracking or getting info about the PC, and webbugs and pop-ups are trashed. In addition, various bits of info such as referrer, browser and OS can be spoofed. Nothing outlandish; the idea is to give information that looks normal.

The upshot is that the remote site is forced to rely on the proxy for the IP. Of course, since you're behind chained anonymous proxies, it will only get the IP of the nearest one. Quite frankly, you could be anywhere on the planet using almost any OS and browser.

The combination has so far proved bombproof. Nevertheless, I still give the system a hammering from time to time, just to make sure it's still secure. I did BTW try that site - no it didn't get my IP, but then I didn't expect it to.

Now if you're interested, you can chain Proxomitron and Stealther by setting the proxy settings in your browser to 127.0.0.1:8080 for HTTP and secure (that points it at Proximotron), then setting the remote proxy in Proxomitron to 127.0.0.1:14000, which tells Proxomitron to point Stealther. You can BTW bypass both filters and proxy server easily if it's appropriate.

Mind you, if you're going down the lines of privacy, I'd also have a look at getting a Zone Alarm Pro firewall. Amongst other things, it blocks unauthorised programs from getting out, blocks outgoing NetBIOS, and it doesn't respond to being pinged, leastways apart from telling you.

Hope that solves your problem.