GSA SER Seems to be Leaking IP during posting...

magically

I made a test from my home-connection, using private dedicated proxies from buyproxies.

Before letting GSA SER run and do it's thing, I also connected via VPN in order to hide my real IP during the test.

After a few hours - It was impossible to do a normal search on Google, without applying captcha input to verify not being a bot.

Now how is that possible?

According to prior threads here on the GSA Forum, Buyproxy proxies does not leak the real ip....

I only see two options here really - either the proxies are not 100% Anonymous

 or GSA SER has a serious bug in the way it's handling the proxy rotation.

@Sven can you please clarify on topic - thanks in advance.

PS:

Yes, in options - I did mark "Stop projects on no active proxies"

Yes, All proxies were checked prior to the test

Yes, I did mark "Restart on active proxies"

Yes, I did mark "Use Proxies"

Sven

better make screenshots of proxy options please.

magically

Sure - here we go:

Sven

and now the screenshot on the "Configure" screen.

magically

Inside 'Configure':

Trevor_Bandura

You're not using proxies for searching. That would be why when you go to search through your browser you're getting the captcha. You need to use proxies for everything.

magically

No, because GSA SER is not supposed to do any searching whatsoever (Not in my setup at least).

Only attempt to post - nothing else.

Obviously it leaks the real IP as mentioned.

Trevor_Bandura

Have you double checked all your projects to make absolutely sure that no search engines are selected?

If you have, maybe double check them all again.

Also noticed that you have the option checked to skip for identification. Uncheck that also so SER will always use proxies.

magically

As I only have 1 active project, that wont take more than 3 seconds to check and double check:P

And that setting 'skip for identification' will not affect the issue that the IP gets leaked - that is tested as well.

Buttom line is that somehow the IP does get leaked, exactly as other users here previously have brought up.

However, this time I have tested it using a security line, i.e a VPN as a filter - simply to see what happend.

And the result is clear - the IP was leaked.

Trevor_Bandura

If you're using proxies for everything, the only way that your real IP could be seen is the proxies your using are not fully hiding your real IP. I really don't think it's a problem with SER, but something with the proxies and not being 100% anonymous.

If there is a problem with SER not using a proxy when it should be then i'm sure that Sven will have it fixed soon.

But that still does not explain why you would get a captcha when searching manually?

If you were going through a VPN at the time then that IP is most likely blacklisted. Others do use those ips also before you used it.

magically

First of all - I used a special connection with very very few users i.e 24, and I'm sure it was not blacklisted as the server from that location is rarely used with high ursage.

Secondly, we are fucking paying for dedicated private proxies! NOTHING, and I repeat nothing should get leaked.

Thirdly, this is not the first time this has been brought up here - actually it has been broght up quite a few times lately (do a search on the forum).

And lastly, yeah I expect an explanation surely - not like the last time where the users were bommed down and ended up looking like dumb-asses and clowns...

Actually there are so many try-catch-finally clauses involved in an advanced system like GSA Ser...

So, there is a high risk of something buggy in an try-catch case somewhere...

Sven

recaptcha downloading is also done by search engine proxy config as it is google.com it gets it from...maybe its that,

magically

That could very well be the case @Sven...

A huge amount of such look-ups could lead to such issues - is that handled via proxies too?

Trevor_Bandura

The best way to make sure that there is no chance that your real ip ever gets leaked is to make sure that you use proxies for everything, including identifying sites.

Even if no projects are searching, you should still have the use of proxies checked in that section. Every time SER does not use a proxy leaves an open whole for your real ip to be seen.

magically

@Sven

How about setting up a 'listener' can't remember the name right now....

Similar to the one you use to monitor/sniff/spoof wifi connection...

And let it run for a few hours with different filters - that would probally reveal quite a lot of different information.

Additionally, make a some test sites and let it hammer those via a timer with various proxies.

Add some log on those test-sites to see the IP's being used.

magically

@Trevor_Bandura

It wont help a thing if there indeed is a bug or flaw - you can mark all the settings, surely.

However, if there is a problem with either the proxies or GSA SER - you are basically fucked no matter how many options you enable or disable for that matter.

Trevor_Bandura

Well right now your options are leaving your IP open on some functions. All i'm saying is to make sure that you're using proxies for everything. Then there should be no problem at all.

I have never had any IP leak problem with SER since I started using it, but I use proxies for everything.

magically

LOL

Yeah I also cross my fingers everytime I have to fly:P

Nothing is bulletproof and potential flaws and bugs are possible even in GSA SER, the proxies or the use of the proxies.

Now, you can't be 100% sure that your IP or the VPS IP was leaked - right?

How come there are so many bans of entire datacenters lately - did you ever think of that?

Oh, right the users forgot to disable 'skip for identification' right?

Trevor_Bandura

For instance. Many website owners have Google Analytics on their websites. Because you're not using proxies to identify websites, i'm sure that when Google sees the exact same IP on multiple different websites at the exact same time, it would be very easy for them to start blocking it. I would not put it past Google tracking stuff like this to be honest.

magically

WTF are you talking about?

I don't identify any sites - actually I add them directly unsorted.

What on earth does that have to do with the other issue here?

Trevor_Bandura

Before SER posts to a site, that website needs to be identified so SER knows what platform it is. And in your SER settings you have the option "Skip for identification" checked. SER is not using proxies for that. That's one place your real IP is getting leaked.

magically

Indeed it needs to lookup and identify the site - that is correct.

However, as I stated before I have tried with that options enabled as well as disabled.

Regardless, somehow the ip gets leaked over time - that is the real issue here.

SKIP FOR IDENTIFICATION - is actually a very bad description of the feature.

Notice what is written in red - down below:

'Make sure your proxies are being marked as private'

So as a new green user - what does that exactly mean?

A: If I enable it - it skips using proxies, and uses direct connection?

B: If I disable it - does it then use private proxies?

Actually it's really not clear now is it?

Lonzo

I had similar problem, I got telecommunications hazard abuse from my operator, but not since I unclicked "Skip for identification"

magically

@Lonzo

Indeed that could be an issue - however I did try both options enabled and disabled.

Point is - that the description itself needs to be rewritten - it's simply to buggy to understand for a brand new user. IT SHOULD BE CRYSTAL CLEAR

EDIT:

Actually, what is the point of leaving it like that if it is a security issue - not only for the user but also for the VPS/Dedicated Server sellers.

Imagine running 1000's of threads with 1000s of users unaware of that little 'mark' - simply because they misunderstand the actual meaning.

Secondly, a complete trace of all try-catch blocks that envolves use of proxies should be run through one more time for potential flaws like timeouts etc.

Finally, as Sven mentioned, it would be a good idea to review the recaptcha extraction/lookup

emptee

I think it's pretty unlikely the issue is caused by Google Analytics - GSA isn't a real browser (eg. it doesn't have javascript).

@magically - dude, chill.. you seem to have a really bad attitude.. Have you been wronged? What's up man? Relax, be reasonable...

It sounds like your question has already been answered:

1) Enable proxies for search engine queries (as this config is used for captcha downloads)

2) Uncheck the "skip for identification" box...

As an aside, personally, I had no issue understanding what the meaning of that checkbox meant.. it seemed very obvious to me.. I can't speak for others though..

And dude, you know as much about the code base as I do, which is to say.. nothing.. don't instruct Sven trace try/catch blocks. It's extremely rude.

magically

@emptee

LOL - I don't think I phoned you or called you dude? 

Anyway - you are entitled to have an opinion like me and everyone else.

That being said - It's not the first time various vps providers have complained about abuse.

That can be 'legit' and 'not legit' in different terms, meaning caused by some who actually didn't give a shit about using proxies when posting, but also from people misunderstanding that feature/setting in GSA SER.

Regardless of what you are able to 'read' of context and decipher - it does not change the clear facts that several users seems to be confused about that setting.

I simply suggested Sven to relook some of the blocks, as there could be a bug there (God help it).

Finally, I'm really tired of all the 'back-clappers' here always defending everything - not open to any criticisms of GSA SER, regardless if it's true or not.

There can be written several books about suggestions for improvements - even suggestions from people who know what they are doing - like experienced proxy providers.

Lastly, PUNK - I believe in the right and freedom to speak.

magically

BTW - it seems like someone made a really nice post here:

Proxies: Submission Tab

This is the way that I would recommend that you set up your submission option.

Quote:

That’s because this is the option that is going to determine whether or not you received complaints. If you have never used automated SEO tools that basically go out and spam all over the Internet, it’s important to understand that the people you are spamming can complain in a variety of places.

Trevor_Bandura

And that's the exact way I said to have it.

magically

@Trevor_Bandura

Exactly, I know;)

The point is that somehow - this needs to be very clear in the options (My opinion).

It's too easy to misunderstand for new users (and perhaps even too easy to forget for some).

Indeed a good guide - Here is even an index

EDIT:

Here is a user asking  what the different setttings means

And this is certainly not the first time:P

Why not make it more userfriendly - so even a monkey are able to understand it?

After all, those settings are essential and really important - actually the core!

A simpel link to more details would be enough as a start, and i'm sure it would solve quite a few problems for many.

EDIT2:

Here is questions about the proxy-types

I'm sure 85% dont have a clue about those options/features as well.

A simpel small link to more details would be helpfull

emptee

@magically - I'm not saying you aren't allowed to express your opinion - everyone is entitled to freedom of speech (well, in most places anyway).

I'm simply saying that you come across as being very rude, which seems unnecessary. Flies. Honey. Vinegar.

magically

@empty

Hmm, if that is the case (I forgot that some people are very sensitive) - My deepest apology.

LOL yeah - you are right:

Idiom: You can catch more flies with honey than with vinegar

---> This means that it is easier to persuade people if you use polite arguments and flattery than if you are confrontational.

EDIT:

However, I also use another approach if the shit hits the fan:

- It's better to burn out than to fade away

EDIT2:

Idiom: Rude awakening

A rude awakening is a shock you experience when you discover the surprising truth about a situation.