Proxy detection PHP script

Hello! Everybody,

I am looking for a solution for my website to prevent users from doing registration or login from proxy servers or abusing the system.

Thou i have made a proxy script for header detection methods and even socket opening, but still its not very efficient many can still slip through it.

So i am looking for help if anybody can guide me on that or have a ready made script which i can modify according to my needs.

Thanks...

Regards,

Gonzo

 

Its impossible to detect some proxies. You have to accept that some will slip through.

 

amnezia

Ya, that's the issue

My site is getting too many fraud leads, so I wanted to block it at the source level only.

Gonzo

 

use https, i don't see any proxy can handle https.

 

cgi proxy can, even if the server it is installed on doesn't have ssl enabled you can override its security settings.

One thing you can do is open a socket on port 80 of the visiting address, domestic users rarely have web servers running at home and even less are accessible to the outside world, the chances are if the socket connects to port 80 then the user is coming through a proxy on a webserver somewhere......actual proxies are different, but then they arent used so much for abuse......

 

I would say the primary source of abuse is "actual proxies", im pretty sure more fraudsters use IP-based proxies rather than proxy websites. They can be alot quicker and less hassle, besides the fact its alot easier to catch people through bugs in the proxy scripts themselves.

 

Well, I blocked proxies from a hosting site with just opening sockets on port 80 and the rate of fraudulent orders has more or less dissappeared, but I suppose it depends what youre selling .....

 

Ya it seems to work this way, a mix bag of all combinations suggested by all those who had replied to this thread can almost eliminate the chances of people slipping in through proxies.

1. Header detection method
2. Socket opening at port 80
3. Implementing SSL
4. IP banning of known proxies

This will take care of almost everything, thou it will not be a 100% solution but good enough to filter.

Thanks everybody

Gonzo

 

Maybe take a look at MaxMind's minFraud system, I know they offer a very professional and high quality service with some of their other products.

 

but what about those servers running phproxy? is there any way to block them? we cant ofcourse use IP's...they are new all the time?

 

For example ....

http://krakjoe.com/no-proxies.php

http://www.scoobidoo.net/index.php?q=aHR0cDovL2tyYWtqb2UuY29tL25vLXByb3hpZXMucGhw&hl=2c8
http://www.proxapp.com/index.php?q=aHR0cDovL2tyYWtqb2UuY29tL25vLXByb3hpZXMucGhw&hl=3ed
http://www.freeproxyserver.net/inde...Wtqb2UuY29tL25vLXByb3hpZXMucGhw&hl=1111101001

They will all have the same result, any proxy that is hosted on a webserver that page will block with ONE LINE OF CODE.

<?
if( @fsockopen( $_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1 ) )
{
	die("I'm not letting you in");
}
else
{
?>
Hello normal user, thanks for not trying to use a proxy
<?
}
?>

PHP:

 

krakjoe

Your method of preventing is good but not complete...

Ok check this:-

http://anonym.to?http://krakjoe.com/no-proxies.php


Gonzo

 

^^ Where's your point? All this page does it redirect to Joe's page. There's no kind of Proxy involved. If you want to avoid this, all you can do is block the HTTP_REFERER, but don't even think of that, because there's no secure way of doing that. Because the referrer is sent by the browser (not all browsers send it), and it can be very easily faked.

But honestly, why do you want to block referrers as well?

 

that's not even a proxy site ..... and it's rubbish

 

krakjoe

Ya I agree, got it from the search result when I was testing your proxy link, its just a anonym redirector to hide the refferer.

Gonzo

 

krakjoe,

Nice one liner.

However, I get a false positive from your code if I don't use a proxy but I do turn IIS on (so port 80 is active). Granted it is a bit unusual for a home user to do that , but some do..
Looking at http://www.proxyserverprivacy.com/adv-free-proxy-detector.shtml I see that they don't have false positive in my case.
Do you know by any chance how they do that?

Thanks.