Payment Processing Fixed

Some time between the 17th and 20th of October our payment system stopped loading within the Dashboard. This was caused by a compatibility issue between our CDN Partners Javascript compression technology and our payment widget.

We managed to fix this problem this morning and we are once again able to take new payments. This bug may have also affected customers trying to cancel a paid plan, if you were trying to do that, you can now do so. This issue did not affect customers who were already subscribed, your payments during this time would have been processed normally.

Thank you to the users who made us aware of this issue this morning, we are very sorry it happened and have taken steps to make sure this doesn't occur again in the future.

Enforcing Terms of Service

An issue that almost all service providers will come up against when they offer any kind of free plan is users finding ways to maximise their use of these free resources well beyond the limits imposed by the service provider. For us this manifests itself in two ways.

1. Users signing up for a registered account multiple times under different email addresses

2. Unregistered users performing queries from a large pool of IP Addresses and/or Proxy Servers/VPN's

For the most part we don't mind if a registered user has two accounts. Perhaps you need one for production and one for your development environment. We do not police users that have 2 accounts, especially if you're under the 1,000 query limits on both accounts.

However we have found recently multiple users signing up for 10 to 15 accounts and load balancing their queries. This essentially means they have a 10,000 to 15,000 daily query limit for free when it should only be 1,000.

Another problem is unregistered users performing queries from Proxy Servers. So instead of making 100 queries per day from a single IP Address they are making thousands of queries per day across hundreds of IP Addresses. In-fact we've seen some users utilising more than 1,000 proxy servers in a single day to load balance their queries.

The thing to keep in mind if you're a user that does this is our API is not an unlimited resource so we cannot let the abuse of our API and the disregarding of our Terms of Service continue.

To this end over the past week we have been contacting registered users that have more than two accounts to let them know we've disabled all but one of their accounts. In these situations we always leave the account that has performed the most queries active while the rest are disabled.

We're also tackling the unregistered user abuse issue by now checking that the IP you're using to contact the API isn't a proxy server. If it is, the query will go unanswered. To be clear, this only affects unregistered users, we do not perform this check if you have registered for an account and are using your API Key to make your queries. We're also not blocking VPN services from making unregistered queries.

So if you wish to contact the API through a proxy server you can still do so, you'll just need to signup for an account and supply your API Key with your queries.

We hope that these changes will not disappoint too many of you. If you're a registered customer and adhering to our Terms of Service you will not notice any change to your service. If you're an unregistered user you may find your queries take a few milliseconds longer while we verify you're not accessing our API from a Proxy Server.

Thanks for reading and have a great day. If you have any questions please feel free to contact us.

ASN support added to Whitelist/Blacklist feature

Recently we've had customers ask us if our Whitelist/Blacklist feature supports ASN's and if not, when will support be added. Today we've added full support for ASN's to both the Whitelist and Blacklist feature. We've also enhanced the API responses when you perform queries which are affected by either of your custom lists.

So firstly the way you add ASN numbers to be White or Blacklisted is a new ASN format like this: AS1928 So for example here is a screenshot showing some examples:

So to place ASN's you simply follow the format which is AS###### you can place as many ASN's, IP's and Ranges in the White and Blacklists. All will be lifted from the box and you can still place comments besides your entries.

Now we've also altered the JSON result from the API when one of your Whitelists or Blacklists has been utilised for the IP you're checking, this is how that looks:

{
    "node": "HELIOS",
    "ip": "62.205.245.173",
    "proxy": "yes",
    "type": "blacklisted by AS28843",
    "query time": "0.001s"
}

Previously it would only say blacklisted or whitelisted, now it actually will tell you what triggered the type of detection, it can list individual IP Addresses, Ranges or the ASN numbers you've specified.

We hope you enjoy these changes they are a direct result of your feedback.

Brand and Logo Usage

Recently we've had a lot of enquiries about the usage of our name and logo within customer websites and software so we thought it would be a good idea to make a blog post about our stance.

Firstly we welcome you to tell people that you use our service, it's good for us whenever people are exposed to our branding. So to put it simply feel free to place our name or logo on your products.

We do have a few minor stipulations though. Please do not modify our logo beyond resizing it or changing the colour to monochrome to fit within your products design. Don't use our logo for your application or make our logo bigger than your own logo so that there can be no confusion about the connection between us and your product.

Finally don't make it seem like you are us or endorsed by us or that your software has been made by us, you should always make it clear that we're seperate entities.

To assist you in adding our branding to your product we've provided our logo here: https://proxycheck.io/images/proxycheck.io-logo.png it does feature a transparent background and it's 547 x 559 pixels in size. Please rehost the image instead of linking directly to it.

Thanks for reading and have a great day!

Expanding our Code Examples page

Last year when we added our Code Examples page we started off by offering a basic PHP script which you could insert into your webpages. We later expanded it with a proper function and opened a GitHub account.

Since then we've been looking at ways to expand the types of software that work with our API, our open approach to including third party developer clients and third party code on our example page has been a great way for us to increase the exposure of our API and to allow our customers to use the API more easily.

Earlier this year we added several more Minecraft plugins to the Examples page, four in-fact. And those plugins have resulted in many new people using our API.

Two weeks ago we further expanded the examples page by giving it a new interface that allows us to share many more code examples. One of the latest ones we've added is a C# console app assembly example written by a third party developer.

In exchange for writing that example he received a paid tier account for a period of five years with the volume of queries he needs for his software. We love doing deals like this because it benefits both parties. He had already written the integration code for his own software and simply by sharing it, he has secured access to our API for several years.

We want to do more of these kinds of deals and so if you have some code examples for C++, C, JAVA or Node.js please let us know about them, we would love to give you a paid account in exchange for sharing your code, plugin, class or function with us and not only will we feature it on our website but you'll receive full credit and we're more than happy to link to your personal website, GitHub projects and Twitter account.

We've spoken previously about third party software that integrates our API and our stance is still the same, you can integrate the API however you wish in any software you release and you are free to monetise the software you make, you don't owe us a penny of your revenue. We make our money by selling access to our API and so for us the client software is not a profit centre. We can prove our stance by actions as we do advertise a paid Minecraft plugin on our examples page which was written by a member of the Minecraft community and is not affiliated with us in any way.

So if you have the skills to make some great client software that you want to give away for free or sell at a profit, to you we say, hitch your wagon to our star, let us worry about maintaining an always accessible and accurate proxy detection API while you make great software.

Thanks for reading this blog post, if you would like to talk with us about anything discussed here please email us at [email protected] we read every response and you'll always receive a reply from us.

Reducing stagnant data

When you operate a data driven service such as proxycheck.io you will come up against an issue where you need to decide at what point data has become old and irrelevant.

For us that means how long should we consider an IP Address bad before we remove it from our database. In the past we would cache an address for a period of 90 days since we last saw it operating as a proxy or compromised server.

But this presents an issue in that addresses are often repurposed and bad services running on compromised servers get cleaned up constantly. So this means it's not always best practice to hold IP data as long as we have been.

So we're extending the duties of our inference engine to not only discover new IP Addresses acting as proxy servers but also to go through our old data and verify that the IP Addresses there are still bad.

This means we're now holding IP's for a minimum time of 15 days down from 90 days. The inference engine will make assessments every day from the moment we first add an IP to our database and then slowly discard Addresses where it has a 100% confidence rating they're safe again.

We believe this will cut down on false positives allowing more of your legitimate users to access your services without being blocked unduly just because they received a previously abused IP Address. This change has been active for a while on our development platform and after positive and accurate results we've engaged the system on our live data.

Thanks for reading this change and as always have a great day.


Back