1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to track or detect if my website is surf using proxy server

Discussion in 'Security' started by VishalVasani, Mar 20, 2007.

  1. #1
    Hello,

    Any Idea related to tracking or detecting about any user surfing my website using some proxy website or other means...
     
    VishalVasani, Mar 20, 2007 IP
  2. helleborine

    helleborine Well-Known Member

    Messages:
    915
    Likes Received:
    70
    Best Answers:
    0
    Trophy Points:
    120
    #2
    Find the IP addresses of cgi-proxies, and search your logs. Just ping their domain name to get their IPs.

    Or, google the IP of every visitor! If the IP turns up on a site that lists open proxies, you have a hit!

    But if you do all this... you'll have to sacrifice your favorite hobby, because it's going to take up all your free time!

    ;)
     
    helleborine, Apr 12, 2007 IP
  3. stugs

    stugs Peon

    Messages:
    157
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    0
    #3
    There are a number of RBLs that track the IPs of proxy servers. If your users are required to login, you can do a check against the RBL at login to verify they are not behind a known proxy.

    Another option is if you can get a list of proxy addresses you can create a .htaccess file to block them. I have done this previously to block TOR nodes.
     
    stugs, Apr 12, 2007 IP
    JoyGoRound likes this.
  4. helleborine

    helleborine Well-Known Member

    Messages:
    915
    Likes Received:
    70
    Best Answers:
    0
    Trophy Points:
    120
    #4
    I did that once... over 80K open proxies denied access. No point banning just a thousand, right? That's barely just 1% of proxies listed at any one time!

    However, my pages loaded with all the speed and efficiency of ice-cold molasses.

    So I stopped trying to deny access to proxies.

    But you can deny CGI-proxies easily. You'll get rid of a lot of nuisance that way. Just find out their IPs.
     
    helleborine, Apr 13, 2007 IP
  5. KalvinB

    KalvinB Peon

    Messages:
    2,787
    Likes Received:
    78
    Best Answers:
    0
    Trophy Points:
    0
    #5
    I don't see the point in worrying about it. I don't care who accesses my sites how as long as they visit my sites.
     
    KalvinB, Apr 29, 2007 IP
  6. Zinho

    Zinho Peon

    Messages:
    284
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Hi,
    here is the story:
    You can never be 100% sure wether that ip is a proxy or not.
    If your visitor uses a proxy, and this proxy is not "high anonimty" the X_FORWARDED_FOR http header contains the real ip address.
    In that case REMOTE_ADDR and X_FORWARDED_BY contain the proxy ip.

    In case the proxy is a good one it doesn't forward the ip of the real client.

    This means that you can check for the presence of the frowarded_for header and save that in your log database or whatever you use.

    I have written something about this long tim ago:
    http://www.hackerscenter.com/Archive/view.asp?id=1020

    Hope this helps
     
    Zinho, May 1, 2007 IP
  7. darksat

    darksat Guest

    Messages:
    1,239
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    0
    #7
    darksat, May 13, 2007 IP