ProxyMesh Security

What information do you need right now? Click on applicable links below.

ProxyMesh uses security measures on all levels of the system to protect your data. Our security tools include encryption, firewalls, and access controls.  In this way, every transaction, signup, and login is checked as to its potential for fraud. If they appear too risky, they are blocked.

User IP addresses can be blocked for too many failed logins, too many declined transactions, or other behavior that looks like fraud or cyberattack. On individual proxies, users can be blocked for too many failed login attempts.

We store information you provide to us on a computer system located in a controlled facility with limited access. Employees view your data only on a need-to-know basis.

Privacy Policy

ProxyMesh respects your privacy, and we are committed to maintaining the privacy and confidentiality of personal data we collect. 

Please visit our website and review the Privacy Policy describing the ways we collect information from and about you, and what we do with the information, so that you may decide whether or not to provide information to us.

Website Security

Firewalls

We protect the entire website with Sucuri, a website application firewall (WAF). A web application consists of three layers: view, business logic, and data. Cyberattacks generally target specific layers of a web app. Sucuri protects against threats by analyzing and monitoring traffic between each layer and the Internet.

In addition, we use Fail2ban with iptables to block unauthorized access attempts on the proxy servers. The Fail2ban daemon scans log files and blocks any IP address with too many failures to authenticate correctly, indicating a possible automated attack.

When an attempted compromise is located using the defined parameters, Fail2ban adds a new rule to iptables – a firewall program for Linux – to block the IP address of the attacker, temporarily or permanently.

HTTPS

Login and account pages can only be accessed over HTTPS. Eavesdroppers are prevented from extracting your password, and your data is always protected in transit.

Account Security

Two-Factor Authentication

We offer the option of two-factor authentication (2FA). When you enable 2FA, logging in to your account requires a secondary code from an app or mobile device.

When you've entered your password, you receive a one-time-only passcode via text to complete your login. The additional security of 2FA protects access to your account even if someone succeeds in getting your password.

Several applications are available to help you manage 2FA tokens. We recommend you try Authy, designed to make it easy and straightforward for to use with even a strong Two-Factor authentication.

Password Management

1Password offers apps and 2FA for a range of devices, and it's usable with the major browsers and operating systems.

Hashed Passwords

All passwords are salted and hashed using a secure hashing algorithm, so that your password cannot be read by anyone else. These measures provide a strong defense against brute-force attacks and ensures that no ProxyMesh employee can read your password.

Brute-Force Login Protection

Both for the website and for the proxy servers, if someone tries to log into your account too many times in a row, failing each time, then their IP is automatically blocked for several hours.

Billing Information & Payment Security

We do not store any of your billing information. Instead, it is safely secured by trusted 3rd party services. For credit or debit card billing, we use Stripe. For non credit/debit card billing, we support PayPal subscriptions.

Stripe employs Radar, an intelligent system for detecting and blocking fraud. Radar is designed for modern Internet business operations, using algorithms that adapt readily in response to shifting fraud patterns. It detects fraudsters without blocking legitimate customers in error.

Proxy Security

Authentication

Unlike an open proxy, the ProxyMesh proxies can only be accessed by authenticated users. For the highest level of security, we recommend IP authentication (described in Proxy Authentication) so that your account credentials are never transmitted over the network.

Sub-Accounts

The higher level plans support sub-accounts, usable as an alternative to your main account. If you are using username:password authentication, then using a sub-account can be a way to protect your main account credentials. 

Data Security

Servers directly under control of the ProxyMesh system employ standard protocols to protect the security of data in transit.

ProxyMesh does not store request bodies, and only stores request logs to monitor the performance and functionality of the proxy servers, and to bill your account based on usage. These logs are kept for no longer than 30 days, and are only accessible by authorized support staff.

HTTPS CONNECT Method

Using the HTTP CONNECT method, the servers can securely proxy HTTPS/SSL connections between you and an HTTPS server.

All communication between your client/browser and the secure site is encrypted; the proxy server's function is limited to moving the data back and forth, and does not even detect what method of request you are using. Most HTTP client libraries support the CONNECT method for HTTPS requests over HTTP proxies.

Open Proxy

Access to the ProxyMesh Open Proxy server is included free with every ProxyMesh account. Our proxy server can forward your requests to a list of known open proxies.

Be aware that, because ProxyMesh does not control the open proxies, someone running an open proxy could potentially "snoop" on your data.

World Proxy