Open Proxy Again?

[bHOLDher]

This from http://www.dnsstuff.com/ (after I eventually got through):
-----------
DNSStuff
WARNING: You are using a web proxy (168.210.90.180) that appears to be an open proxy, and is currently being abused by malware. You should contact whoever is in charge of your web proxy (if you aren't sure, contact your Internet provider) for assistance. You should let them know that the web proxy at 168.210.90.180 is broken (an 'open web proxy' that is being abused), and that the web proxy needs to be fixed. They can contact us (using our info@ address at the domain in the URL you are at) for further details. Searching your web proxy logs for 'netgeo.ch' will definitely find the rogue hits (but could possibly find some legitimate hits).


Sorry for the inconvenience, but we are under a DDoS attack, and your Internet provider is partially responsible.

 

[nocilah]

funny I am getting the same message where as last time someone pointed this out I wasnt...
Anyone else?


myWireless 128, 64, 48, 16 - depends on its mood.

 

[guest2013-1]

yup, me too, thats why my spped has been sh1tty the past two days

<font size="1">
Selling my soul to Telkom for better internet speeds.

Person Me = New Person();
while (Me.Alive)
{
try
{
Me.Drink(Alcohol.Any);
}
catch (HeaveException h)
{
Me.PrayToCeramicGod();
Me.Promise("Never again");
}
}
Me.Dispose();
</font id="size1">

 

[Ditch]

On what port is the transparent proxy running on that server? I'm dialled into ABSA now and tried connecting to it on 80 and 8080 (and even squid's 3128) but I can't connect there. However I suspect it's probably on another port. I suspect the proxy is actually still open because a google search for that IP address turns up sites all over the Web where people clearly seem to be actively using the proxy "illegally" who are most likely not South Africans (e.g. this Taiwanese guesbook: http://www.gtlin.idv.tw/guestbooks/showbooks.php, as well as other sites all over the world). And recently too, e.g. 10th October, which is after the open proxy problem was supposed to be fixed.

 

[noswal]

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by vowthorn</i>
<br />funny I am getting the same message where as last time someone pointed this out I wasnt...

<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

I was that someone. []

Anyhow, I tried DNSstuff a few mins ago and went straight in but in the last 10 mins have had a slowness in pages loading

FYI

WHOIS results for 168.210.90.180
Generated by www.DNSstuff.com

Country: SOUTH AFRICA

NOTE: More information appears to be available at DA25-ORG-ARIN.

Using 47 day old cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).


OrgName: Dimension Data
OrgID: DIDA
Address: Guardian National
Address: 10th Floor West wing
Address: Libridge building
Address: Ameshof Street
Address: Braamfontein
Address: Johannesburg
City:
StateProv:
PostalCode:
Country: ZA

NetRange: 168.209.0.0 - 168.210.255.255
CIDR: 168.209.0.0/16, 168.210.0.0/16

_________________________________________________________________________
custenna, variable 2 - 13 signal, ber 28% - 42%.<i> "I am the only one with this problem." </i>

 

[bHOLDher]

Weird, DiData!?

A tracert puts the server just a few hops away. (Oh, normally that doesnt mean what Im trying to say) Its fewer hops away than the internet.

Tracert calls that ip: stpxc01.sentechsa.net [168.210.90.180]

 

[bb_matt]

I haven't come across that, but what I have found is just as odd.

With direct USB connection, I don't have a problem surfing *aside from the **** speeds* - no DNS issues.

With PPPoE via Smoothwall, I had no problems until recently then suddenly encountered issues where at least 60 percent of sites could not be reached which was directly related to DNS problems.

I decided to get around this by using the Sentech proxy.
I spent 10 minutes trying to find the address without success and on a whim, figured that they probably use the same server for thier DNS as they do for theier proxy - which indeed they do :-

196.38.110.1 port 80
196.38.110.2 also works and it's probably the same server - can't be arsed checking right now tho []

 

[bb_matt]

Forgot to mention, the "odd" thing is the PPPoE problem - not the proxy server IP.

 

[bHOLDher]

I get DNS errors on USB in any case - and working from IS's dns servers had me "blocked" from half of the internet for the last 2/3 days [and didnt really help before that either] - (returned to ST's dns servers again) - SIGH! - "OH thats normal, just press F5!" Normal?