Need script that blocks proxies

Nope PHP only handles the server port, so no revisions to the reg ex

hmm I hope yall help me and get this....damn it will help so much...lol I hate proxiers and people that use proxies to enter sites...

Don't worry. What I was thinking about adding (if carnix hasn't beat me to it) is a list of good proxies ie proxies you don't mind.

So effectively the proxies you allow will come in and the proxies you don't allow will be ejected.

Carnix: I noticed that the HTTP_X_FORWARDED_FOR is the IP sent from client requesting the page via proxy and that anonymouse proxies claim to not send it. Suppose then we should do a check to see if that variable is set and if it is not empty.

WHAT ABOUT DNS lookups - or am I getting carried away?

well, DNS lookups will only give you the proxy's information.

If you didn't see it already, check this page:
http://www.freeproxy.ru/en/free_proxy/f ... nymity.htm

Seems to me that, with the exception of so-called "High Anonymity Proxies (Elite proxies)" all proxies, even the anon ones have SOME value in that header, even if it's fake. That it's fake isn't important, only that it isn't empty (or not determined... not sure what the result would be in that case... not an IP anyway).

The majority of free open proxies out there are not acutally supposed to be open proxies. They are usually misconfigured private proxies, or other systems that have some server that can act as a proxy. When we installed Interwoven TeamSite a couple years ago here, it turns out that, by default, the internal proxy server it uses was open through Apache... Took me a month to figure out what all that damn traffic was and shut down the hole. I found that system's IP address on several free open proxy listing sites, and to this day, I think it must still be listed in a few, because there are still some folks trying to connect to it. I bet someone wrote and distributed some sort of script and hardcoded that IP as the proxy to use...

Anyway, that header is something you should certainly include. Although, it wouldn't be definitive, for sure.

.c

I had a look at that site. Alot of them cross reference the same proxies.

Any comments on the code?
I have cleaned it up alot more. Add new features and once this end is happy I am going to work on the user interface, add the ability to decided to write to file or DB and error logging. Config file is pretty cool as well. Gives a not so PHP savy individual the chance to configure it through one page not scrapping through all the code

Man can't wait until yall get this done it's going to be sweet thank you so much!

The only problem I am picking up at the moment is that you are going to have to maintain the list quiet closely. Legit users might get blocked.

The way I am going to set up the validation is check that the FORWARD_BY variable is set. If it is not set then reject otherwise check the DB for the ip address. If it appears then reject else (just thought of this now.) check the DB for the Forwarded By Address and match it against the DB or a list of user banned (hmmm going to have to re look at the sequence here. Anyways, the batch black list updating tool is done. Start on the white list updating tool today.

Nice thanks keep up the good work let me know when it's done.

HA HAHAHAHHAHAHAHAHAHHHAHA

At last my greatest work is completed!!!!

Well almost - the engine is done, now just for the front end! (damn graphics nonsense)


Anyways it is really simple to use.
a> Set the config
b> on the top of every page instantiate the class and call the function...

That simple! If it fails it will redirect and do all the other fancy things - mailing etc (if it is set in the config)

Very close to release - I can taste it!

Carnix - the empty FORWARDED FOR variable - does it return an empty string? How would I check to see if it set or not (am using if !isset at the moment)

nice nice cant wait.

Why not just ad a verification script that ppl have to write a random verification code from a image thing that will stop the amateour its VERY simple a proxy clicker ONLY CLICKS it cannot write and even if some can they cant read an image afterall they arent human, will you trie this and tell me if it work.



I bet this will work dont ask me to script one cuz im still learning my html so asking me would be worthless but hey i do have a heck of an idea that will stop proxy clickers!!!

What if the person manually re assigned their ip address through one of the hundreds of free proxies so you can't track the IP address?

Fire90, are you talking about blocking people using proxies, or blocking automated bots?

In addition the whole image thing really would not work. I have clicked on xfrozenxsoulsx link, so he got a hit from that. Thats fine by me. But i wold never have bothered to type in the code from an image, just to give him a hit - why waste those 30 seconds of my time for nothing?

Just to let you know that I haven't given up the project. I am busy with the user interface and got stuck on a freaking div layer because I didn't spell position right and was to tired to even try debug it.

Will be continuing on it this week.

So far all you will have to do is include the file (filter file). Anyone that enters with a listed proxy will get jacked and told that they are not allowed to use the proxy that is listed.

Already been suggested:


Anyway, this sort of breaks the simplicity of the game itself. I think using RD's proxy prevention engine (or whatever he calls it), is the way to go at first. Perhaps, as an add-on, a human user validator could be added as additional security as well.

.c