How to Detect Proxy Attacks

detect proxies

A proxy server gives a user an alternate address to use the internet from. They can be used by fraudsters as well as legitimate users. Some organizations also block proxies to prevent employees from accessing sites that run contrary to policies or distract them from their work.

There are several methods to detect proxies that web developers and fraud teams can use in their tools. One popular approach is to check if the proxy is a transparent or cache proxy. This can be based on the HTTP headers that are passed with the request. Another way to detect a proxy is to compare the IP address with a list of known proxies. This list is maintained by vendors and can be a great source of intelligence for fraud teams.

Unveiling Hidden Proxies: Techniques for Detecting and Identifying Proxy Connections

Some fraud scoring services use a combination of these checks and others to determine if a user is behind a proxy or VPN. This data is then used to score the order based on likelihood of fraudulent activity. In addition to detecting proxies, these services will also look for consistency in IP information such as location, ping tests, geolocation APIs, languages and webRTC to help build a fingerprint that is resistant to fraudsters.

There are many options for detecting a proxy and the best option will depend on the needs of an organization. Some services may require a subscription fee to use the system while others might be free for a limited trial period or as part of an all-in-one fraud solution.