Yup, and I seriously appreciate those that do that, but it's the small providers which inevitably end up screwing us over. Some small VPS company has a vulnerable server that someone makes a VPN on, and suddenly we get a wave of ban evaders. It ends up being a constant headache.
If it's default ports, you can just probe on login and deny it. We do this for a game I've admined for, and it's in the terms of service. Common L2TP, PPTP, etc.
Scanning the defaults for open proxies with a note in the ToS is not super uncommon with some types of services. I don't recommend sweeping random visitors to your website.
https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.... https://www.microsoft.com/en-us/download/details.aspx?id=416...