Hey guys, I want to block all proxies from accessing my server. What is the best way to achieve this? And how do I do it??
I've never tried to do this but I expect you will need a two-pronged (maybe three-pronged) approach. The first prong is to detect anybody who tells you that they are behind a proxy. They will send HTTP headers that indicate that they are behind a proxy. Some headers that indicate a proxy are VIA, FORWARDED, X-FORWARDED-FOR and CLIENT-IP. There are more but I haven't found a definitive list yet. You might want to write a script that keeps track of all the different unique headers you see on your site and look through that list for any that look like they indicate a proxy. The second prong is to keep track of known proxies' IP addresses and block those IP addresses. You can either keep track of the ones you identified with the first prong or go searching for proxies yourself and find out the IP address that each one uses. The third prong would be a more sophisticated way of detecting proxies that don't announce themselves. This involves looking for usage patterns that indicate a proxy server such as multiple users with different browsers, different cookies and different time zones accessing your site through the same IP address. You can also try using JavaScript or an embedded image to cause the client to request something from your webserver on a different port. If the IP address on the different port is different from the one that requested the initial page then the client is likely using a proxy server. It might be worth noting that many of your users may be using a proxy server and may not even know about it. Many ISPs put transparent caching proxy servers in front of all their users to help cut down on bandwidth usage. Many Universities put proxy servers in place to keep track of student's usage amounts. Many businesses use proxies to enforce acceptable usage policies.
I found this in php to block proxy But it seems a lot of user been blocked, even though they are not using proxy.
Just on a curious note, why do you want to block all visitors using proxies from visiting your website ?
I don't like when users that I ban come back even when I ban their IP's. If you can't identify yourself than I really don't need you on my site. Long story, short, I have a hacker who is literally stalking me.
I agree, new proxies spring up all the time, plus there are different ways of using new ip addresses.
This will be a very difficult goal to achieve. Identifying someone who does not want to be identified is never easy. The proxy blocking techniques that I mentioned will probably work for a while but if he is persistent enough and clever enough he will find a way around that kind of blocking. The good news is that after he changes his proxy behaviour to only using stealth proxies you will probably be able to allow normal proxies again so you won't be blocking too many of your normal legitimate users. Of course, the best thing you can do is to try to identify the behaviour you want to block rather than some other behaviour exhibited by the same person. i.e Block his hacking attempts (and any IP address that makes hacking attempts) rather than blocking anybody who uses a proxy server. This should be more accurately targeted and will have the added advantage of blocking any other hackers who happen to come along.
That won't work I have already tested "$_SERVER['HTTP_X_FORWARDED_FOR'] " It is not working in all the cases..
it only works for legitimate users that use transparent proxies. Users that want to hide will use anonymous proxies which obviously don't send the originating IP and do not announce them selves. Transparent proxies always tell the web server they are proxies and the HTTP_X_FORWARDED_FOR field contains the real ip of the user behind the proxy. These users sometimes don't even know they are using a proxy (90% of them) and the proxy was in place by their ISP or company to speed up browsing by caching data or to controll the sites visited to block malware, phishing sites or porn. Schools and universities use them to block online games, chat sites like meebo, warez sites, ... Some antivirus software will also create transparent proxies for the same reasons. Blocking proxies that announce them selves is 99% of the times blocking legitimate users. Those you ban and come back use anonymous proxies. You have no way of detecting anonymous proxies without having a list with all of them (which is not possible).
I have a short post on this subject here: http://www.abeontech.com/security/51/blocking-proxies-tutorial-_simple-ddos-protection Hope it helps
Depending on your reasoning for blocking all proxies, this may be a good choice, while it won't catch all proxies, it will catch ones deemed malicious, along with other malicious spiders, etc. httpbl documentation is available here at http://www.projecthoneypot.org/httpbl_api , You can get mod_httpbl to protect apache here http://www.projecthoneypot.org/httpbl_download.php or the wordpress plugin here http://wordpress.org/extend/plugins/httpbl/
I agree with ZDrol.. but instead of using just httpBL, i recommend BadBehavior, which also incorporates httpBL. Combine that with blocking via IPs of known proxies (lists are available online), and maybe MOD_SECURITY, you can block a lot .. but as stated, i don't think you can block 100% ..
Because there are so many types of proxies, standard methods can become cumbersome and overcomplicated. There are also several types of proxies(web based, HTTP, SOCKS, VPN, Tor) each of which presents unique challenges to detect and block. If you need to manage all of this in one place your best bet is BlockScript. Sometimes problematic users will access your site with a proxy. A forum troll looking to cause problems, a fraudster looking to steal from you, and spammers are just some examples.
A simple way is to check for common ports for proxies. Using socket functions built into php, you can check if ports 8080, 8000, 3128, etc are running. Many IRCDs have this feature built in to prevent ban evaders. You can also check for port 80, which is what you would find open on a web-based proxy. This method has the least false alarms from what I have seen.
It is possible to block the proxy visitors. I will not disclose the details on how it works - as I operate the successful proxy services (http://proxylist.co). The high-end sites can detect users who are using proxies. Please visit http://analyzemy.net (my site) to play with the proxy tester features there - you'll understand.
If its a single person, just talk to them...... If he/she/it is a "hacker" as you mentioned it doesn't matter what you do there will be a work round for it. Find out the intention of this person, they are people yes... you do realize this. Don't be silly and use im to talk to them or an email you use, leave a note asking them to contact you on a separate email you have created. Peoples biggest downfall when it comes to website security is they underestimate the technology of hackers/crackers and put silly little one liners in their sites and think that it will do.