How do antifraud systems detect a proxy connection and how to hide it?
09.03.24
Today, let's discuss how security systems try to catch us trying to hide a proxy connection, and how to avoid it.
How do anti-fraud systems detect proxy connections?
In one of my previous articles I wrote about how antifraud systems create temporary blacklists of IP addresses. Let me remind you that these lists are compiled on the basis of a lot of data about the IP address collected by the antifraud system. Using the same data, the web resource can determine the probability of your connection to the proxy. You may be in the "risk zone" if:
- your IP has recently been caught in honeypots of antifraud systems
- DNS spoofing has been detected
- your operating system fingerprint has been spoofed
- your IP has a high Fraud Score
- your IP has been found to belong to suspicious networks
- other factors.
The more red flags there are, the more likely it is that the web resource will think you are connecting through a proxy.
What are the consequences of proxy detection?
For web resources, the behavior of a person with a proxy connection is different from that of a normal user and can cause certain losses to the service, which the service does not want to allow. Therefore, detection of such behavior is dangerous with possible denial of services. Usually this is expressed in account blocking and additional checks.
How to hide proxies reliably?
There are a lot of tips on this issue on the Internet, but all of them belong to the category of "clean cookies", "use TOR", "switch to VPN". Believe me, following these tips, it is not always possible to effectively hide proxies. Here are some time-tested ways:
First of all, use high-quality and clean proxies with UDP protocol support and WebRTC IP spoofing._ This is very important, as these fingerprints are successfully tracked by anti-fraud systems. If the proxy does not spoof UDP or WebRTC, your real IP address will be very easy to detect.
Regularly do a DNS leak test. If your device's network settings are set incorrectly or you have a bad proxy, a so-called DNS Leak can occur. In this case, antifraud will see that DNS queries come from different devices, which of course will raise suspicions.
Do not use DNS of Google, Cloudflare, Amazon_ and other large companies. A few years ago, antifraud systems did not pay much attention if the user went to a site with such DNS. Now the algorithms have changed, and as practice shows, it is better to use the DNS of the proxy operator.
Watch the stability of the proxy connection. If there are frequent disconnections with the proxy server, in this case there is also a risk of "leakage" of your real IP address and DNS. This can be a signal to the anti-fraud system that you are using a proxy or VPN. I also recommend to set the "Kill Switch" setting on your device.
At Detect.Expert you can buy reliable anonymous and clean proxies with UDP support at a bargain price!
Use virtual machine based anti-detect with proper proxy. InAnti-Detect by Vektor T13, by spoofing your computer's OS and hardware fingerprints (which browser-based anti-detects can't), you greatly reduce the risk of being detected connecting to a proxy.
Conclusion
Anti-fraud systems have many mechanisms to detect a connection to a proxy. This poses significant risks to you, as it can result in the web resource refusing to provide services. The quality of the anonymous proxies you purchase directly affects whether or not antifraud will detect a proxy connection.
