 Proxy Detection And Blocking. |
|
|
|
|
  |
 May 17 2007, 05:35 PM
Post
#1
|
|
|
Teh Coder  Group: Members Posts: 1,053 Joined: 18-April 06 From: Australia Member No.: 12,833  |
Hello, I have tried a few simple methods in PHP to detect and block proxies but it always fails (I tested on an easy to find online list, and not a single one was blocked, they all got the ok message).
It was only a simple X_FORWARD thingy, but even fromy my extensive searches, I find more information about how to get around detection, and not enough of how to detect lol. Is there reasonable solution, aside from storing a massive list stamping the bandwidth into the ground (and not to mention page speed). I don't know if the CPanel has anything included, but I am looking for a general solution (a mate of mine runs a site and needs this pretty bad). Thanks  .
|
 |
 
|
|
May 18 2007, 03:11 AM
Post
#2
|
|
|
Premium Member Group: Members Posts: 206 Joined: 26-February 07 From: Texas Member No.: 20,598 |
Chesso I have a python script that blocks tor...but I know you hate python
 This is something I also am interested in due to NH. |
|
|
|
|
May 18 2007, 04:38 AM
Post
#3
|
|
|
Teh Coder Group: Members Posts: 1,053 Joined: 18-April 06 From: Australia Member No.: 12,833 |
Tor alone won't do much lol.
|
|
|
|
|
May 18 2007, 04:26 PM
Post
#4
|
|
|
Premium Member Group: Members Posts: 206 Joined: 26-February 07 From: Texas Member No.: 20,598 |
QUOTE Tor alone won't do much lol. If you need it for Comhack it'd do the job, but I'd recommend manual activation for that. Privox (cantbustme, hidemyass, 250.eu, etc) proxies almost never change so you can block them like normal IPs. As for other proxies, maybe have a script that is needed to view the site? Because most proxies block scripts. This post has been edited by SilverFox: May 18 2007, 04:27 PM |
|
|
|
|
May 20 2007, 02:21 AM
Post
#5
|
|
|
Newbie [ Level 1 ] Group: Members Posts: 3 Joined: 20-May 07 Member No.: 22,037 |
sounds cool. But some website can still detect it. Like microsoft.com or yahoo.com
|
|
|
|
|
May 21 2007, 05:42 PM
Post
#6
|
|
|
Premium Member  Group: [HOSTED] Posts: 393 Joined: 9-March 07 From: Tucson, AZ Member No.: 20,794 |
I know some of the DNSBLs have known proxies in them for spam blocking...maybe you could do that? Another solution would be to try a port 80 connect() (this will also block people who have open web servers on their machines or something else listening there) to the client ip and if it gets back data, make them jump through a few hoops to get to the site. Or make them unable to post anonymously, etc.
Think of why you want to do this...if it's an abuse issue, great, but keep in mind you'll block people who have network nazis at work and school. This post has been edited by ethergeek: May 21 2007, 05:43 PM |
|
|
|
|
May 21 2007, 10:39 PM
Post
#7
|
|
|
Teh Coder Group: Members Posts: 1,053 Joined: 18-April 06 From: Australia Member No.: 12,833 |
I wish to block anonymous proxies only.
Why would someone in a legitimate circumstance require an anonymous one lol. |
|
|
|
|
May 22 2007, 02:18 AM
Post
#8
|
|
|
Premium Member Group: Members Posts: 206 Joined: 26-February 07 From: Texas Member No.: 20,598 |
@ethergeek: If yo at school you have no bussniess logging onto most websites, epically those blocked. If your at work you need to be working.
As a developer of a game where multiple accounts is a big no-no I find that blocking proxies would be great and important and that there is no need for anonymous proxies unless your doing something naughty. |
|
|
|
|
May 22 2007, 02:54 AM
Post
#9
|
|
|
Teh Coder Group: Members Posts: 1,053 Joined: 18-April 06 From: Australia Member No.: 12,833 |
Well I'm sure there is a legitimate use but I can't think of one, and haven't heard of anyone using it for one so yeah lol.
|
|
|
|
|
May 22 2007, 05:27 AM
Post
#10
|
|
|
the Q Group: [HOSTED] Posts: 1,015 Joined: 13-July 05 From: Lithuania, Vilnius Member No.: 7,059 |
I don't see any point of blocking a proxy connection, due to I myself sometimes use a proxy and it is usually not bad and there are reasons, of course, some anonymous proxies might be used to hack your site and that you wouldn't be able to find them, but usually if you will want to be hacked by some good guru/hardcore hacker, a php script which won't let a connection with a proxy won't help you a lot, in fact I doubt it will help.. anyway, here is my script I wrote some years ago to determine the right ip address of the user:
CODE function getStats() { global $s; // $s &= $_SERVER; /* Get Info about User */ $stats['proxy'] = ''; $stats['info'] = $s['HTTP_USER_AGENT']; $stats['page'] = $s['REQUEST_URI']; $stats['method'] = $s['REQUEST_METHOD']; /* Check Server Name */ if (!isset($s['SERVER_NAME'])) { if (isset($s['HOSTNAME'])) { $stats['server'] = $s['HOSTNAME']; } elseif (isset($s['HTTP_HOST'])) { $stats['server'] = $s['HTTP_HOST']; } elseif (isset($s['SERVER_ADDR'])) { $stats = $s['SERVER_ADDR']; } else { $stats['server'] = 'localhost'; } } else { $stats['server'] = $s['SERVER_NAME']; } /* Check http Proxy and IP Address */ if (isset($s['HTTP_X_FORWARDED_FOR'])) { if (isset($s['HTTP_CLIENT_IP'])) { $stats['proxy'] = $s['HTTP_CLIENT_IP']; } else { $stats['proxy'] = $s['REMOTE_ADDR']; } $stats['ip'] = $s['HTTP_X_FORWARDED_FOR']; } elseif (isset($s['HTTP_CLIENT_IP'])) { $stats['ip'] = $s['HTTP_CLIENT_IP']; } else { $stats['ip'] = $s['REMOTE_ADDR']; } # Return the Array return $stats; } and the usage of this is something like $stats = getStats(); and you'll get an array, to see what it has you can just do a print_r($stats); and thats all, this script was written years ago, maybe some headers appeared or something better, so a google search or a search in the manual might also help to improve it.
|
|
|
|
 |
Similar Topics
|
Lo-Fi Version | Time is now: 29th August 2008 - 03:21 AM |