Need script that blocks proxies

  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

I need a script that blocks all proxies that come into the site meaning if someone uses a proxy they can't get into the site. Does anyone know how to make this? I own a game and people get clicks by getting people to click their secret link. Well they are using proxies and making the proxies seem as if they are clicking the link over and over so they get clicks fast and easy. Well is their a script out there that blocks proxies...please reply soon
  • Frostbyt3
  • Graduate
  • Graduate
  • User avatar
  • Posts: 221
  • Loc: Corpus Christi, TX

Post 3+ Months Ago

Do what outwar and tekwar does, make it so it forwards to random code generated session id's and stuff.

I for one, do not know how to do this. :(

but you can click my link while you're at it :)
http://www.outwar.com/page.php?x=1181440
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

I don't know of a way to block proxies, per se.. but why don't you add some code to the script that processes each click that will do some validity checking?

1: Add a "Has_Clicked = true" sort of cookie when a person clicks a link
2: Use a Session variable (if you can) to add a Has_Clicked value to on the server for that session.

Then require cookies to be enabled for the click to work (the scripts sets a cookie, tries to read it, and if it can't it blocks the click from working, for example). Obvioulsy, they can delete the cookie and continue, but with the session variable, they'd have to close their browser AND delete the cookie, and they couldn't use a script to mass click, because it wouldn't be able to accept cookies...

Proxies allow users to mask their IP addresses, there are many lists of Open Proxies out there. You could go download one and blacklist all the IPs on it as well, though that would be a pretty heavy handed approach.

Since Proxies are simply IP address... I'm not really sure how easy it would be to determine where an incomming request is being passed through a proxy... in theory, without using cookies or something else that can uniquely identify an individual user, it's not...

.c
  • Managedlinks
  • Proficient
  • Proficient
  • Managedlinks
  • Posts: 294

Post 3+ Months Ago

You can't block proxies as such. and if you could you would lose 90% of your customers as most ISP's use proxies for efficiency.

What you are trying to do is an anti fraud measure. the best way to do this is to block IP's

How you do it is very dependant on the result you want.

The basic idea is this. you monitor the incoming http requests. if you see an unusual number of requests coming from a particular ip address or block of ip's you block those ip's

AS I said how this is done is very dependant on what server you are on and why you want it done.

You may block those ip's permanently, or just for an hour. you may give them a different page....


A little more information about what you are trying to achieve and perhaps a URL may help
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

We have tried blocking them now they are finally getting around the system. Our goal is to block proxiers who proxy their link being as such: http://www.thunderarena.com/page.php?id=1 . We need any proxy ips or w/e to be able not to click that link. We are trying to find a good code to do so. We will pay money if a code you submit works so please help. Reply here or contact me on aim at owxratedx
  • Managedlinks
  • Proficient
  • Proficient
  • Managedlinks
  • Posts: 294

Post 3+ Months Ago

I have PM'ed you
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Ok this kid has been bothering us for a while now. Well hes getting very annoying. Have you ever heard of http://www.outwar.com anyways our game is http://www.thunderarena.com. We are looking for a script that will block all proxies that people use to enter the site. It will block those proxies from entering our site and will not show up on any anti virus program or w/e as a hacking attempt. It needs to just block proxies from entering our site. We have blocked the kids ip plenty of times but he keeps using a proxy and we are fed up. Im willing to pay money up to 100.00 or more through paypal. Depends on how good the script is, If it works you get money. I mean it must be good I want to block him from our site from good and stop proxying. He keeps getting on peoples accounts too and if anyone has any way on how to fix that please let me know. This kid got our scripts 2 months ago rite when we started and took all of our stuff and the 3000 members that where Registered. But now he is getting on everyones accounts and wasting peoples points that they pay for. Yes they pay for points to upgrade their account in the game and to post in shoutbox on homepage. Please help me with this it would greatly be appreciated and im willing to pay if you really help. You must know really what you are talking about. Either reply here with your aim name or contact me on TaSupportTa.We have over 7,000 players and it's very annoying when this kid comes into peoples accounts and he messes with their points. We figure the best way is to block proxies that way he can't enter the site anymore.We have tried blocking main ports 8080 and things but then firewalls go off as hacking attempts so we had to take that off. Please help. Thanks alot and have a good day.

Regards,
Ta staff.
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

That post I made a while back there they didnt really help me much. I need the script that all I have to do is insert it into the site. Then i will have to all the things to hook it up but I really need the script if anyone can make one.
  • UNFLUX
  • Genius
  • Genius
  • User avatar
  • Posts: 6367
  • Loc: twitter.com/unflux

Post 3+ Months Ago

no need to start a new thread on the same topic. merged with your original one. Please continue
discussions here. Thanks.
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

I need to block web users hiding behind an anonymous or open proxy servers from entering my website.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Why don't you just set up some sort of server validation, that way if someone does get irritating then just remove them from the list of users allowed access to the server.

Unless it is a shared hosting solution.

Surely the kid has to log on at some stage? just remove him from the valid users list.

Will look around and see if I can find anything for you

//EDIT went to look at your site and you have an extremely annoying JavaScript error on your pages - every single one, I don't know if it is an include file.
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Errors? I don't see any errors. That's wierd. We haven't had any players complain about it. If we did the loging in thing he would just make a new account. We will find something soon please keep looking for us.
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1855
  • Loc: Uk

Post 3+ Months Ago

yes javascript errors and your entire site is completely screwed in Firefox.

Anyway, I'm not sure how blocking proxies will solve the problem. The problem being a security hole in either the script or the server. Just because you can stop this kid using a proxy, does not mean he won't go and use someone else's computer to hack you. Or he could post your vulnerabilities on the internet somewhere, and you have hundreds of people exploiting it.

Or someone else could uncover the flaw. I really don't think that treating the symptoms will do you any good in the long run. Rather than searching for a script which people have said does not exist, I would advise you to find out HOW he is getting into the system, and block the means of entry for everyone, rather than just the one person.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

xfrozenxsoulsx wrote:
Errors? I don't see any errors. That's wierd. We haven't had any players complain about it. If we did the loging in thing he would just make a new account. We will find something soon please keep looking for us.


Set your browser to enable script debugging and notification on script errors, they aren't fatal but they are annoying
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

They must have been fixed (bravo!) because the site works fine for me (on Firefox).

Anyway,:

Quote:
The more people you get to click the link, the more money your character will generate.


You game is pretty might designed to be exploited in this way. You need to devise some new rules or ways to validate that the link was clicked by a human. As has been stated, the only way to block proxies is to start blocking IPs, or blocks of IPs, from access. This will have the unfortunatly effect of also blocking legit traffic as well.

I'd suggest doing something like the domain name registrars and many spam blocking validation systems have done. Use a non-machine-readable keywork to validate a human clicked the link. Basically it's a random set of graphics that display short (4 or 5 digit) passwords that a user has to type in. Go do a whois at Network Solutions (https://www.networksolutions.com/en_US/ ... ndex.jhtml) and you'll see what I mean. I haven't looked, but there's bound to be some sort of GPL version of that somewhere.

.c
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Ok he is not getting into the system. No one has been in our cpanel I don't know how hacking came into this post but he has not hacked us. He got our info a while back from an admin that worked for us because he got on my aim screen name, Got my pass from another game got on my aim screen name and talked to an admin and said i was at a friends house and needed intro to the cpanel so my admin gave him it. That's why we have no more admins only 2 of us working on the site and we are family. Anyways, There is alot of people that use proxies to do better in the game and they also use proxies to get into the site. How is he getting into the site? We have blocked his ip but he uses a proxy now.....That's the main question I know there are ways to block proxies so how? http://www.outwar.com blocks them try to enter there site with a proxy. Phpb forums or w/e they block proxys try to enter there site. Alot of sites block proxies but how?.....

Btw carnix that sounds like an ok Idea but remember we have a private domain so you can't do a who is on us and find out our info. There may be ways around the system who knows...lol
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1855
  • Loc: Uk

Post 3+ Months Ago

xfrozenxsoulsx wrote:
I don't know how hacking came into this post

In the last post you made:
xfrozenxsoulsx wrote:
He keeps getting on peoples accounts too
xfrozenxsoulsx wrote:
But now he is getting on everyones accounts and wasting peoples points that they pay for. Yes they pay for points
xfrozenxsoulsx wrote:
We have over 7,000 players and it's very annoying when this kid comes into peoples accounts and he messes with their points.


Three times you say he is getting into people's accounts? Is he authorised to do so? I doubt it. Lets see a definition of hacking:
google wrote:
<b>Hacking: </b> Unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system


The information system being the game and it's component scripts, not the server in this instance. The security measures being the ones for users to log into their acounts most likely.

Anyway, my point is that <b>it is not proxies</b> allowing him to gain access to other peoples accounts. If you block him by this method, I'm sure someone else will find out how to exploit the same security holes. Or he will find another way to gain access to the site. IMO blocking the proxies is treating the symptoms rather than the illness.

The proxy blocking may well prevent the link clicking, but I would consider this a minor issue in comparison to the account hijacking.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

The amount of comments here and the time spent trying to find a script to block proxies what I would have done (maybe because I am an extremist) is shut the site down and hacked it myself. Found all the holes, come up with a way to stop people from circumventing the security and released the site once it had been sorted out.

Close the site! Get a few people together that know what they are doing and hack it to pieces, find the holes, the security flaws and fix them. Don't pull a microsoft and try patching things up, it just leads to more problems.

As RTM said, prevention is better than cure

Seems like alot of work but I think the paying customers would appreciate it more if you shut it down and stopped the abuse on their accounts.

But as I said that is just me
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1855
  • Loc: Uk

Post 3+ Months Ago

Rabid Dog wrote:
what I would have done (maybe because I am an extremist) is shut the site down and hacked it myself. Found all the holes, come up with a way to stop people from circumventing the security and released the site once it had been sorted out.


Yes, I think you are very extreme for wanting to fix the problem. Oh yes indeed :roll:
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Just noticed that you guys store all user inf (password and name) on the client machine via cookies.

Assume this is the way you tell whether or not someone has clicked the link!

So now say I had to delete that cookie, would I be able to carry on clicking links?

What if I had to set my headers to echo that cookie with a different password or user name? would the errors it generates give me a little insight into your file structures?

Just wondering

RTM :- meant I was extreme for shutting the site down
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1855
  • Loc: Uk

Post 3+ Months Ago

lol, fair enough - missed that, I was just glad to see someone was on the same wavelength as me, I was starting to wonder if I had totally the wrong end of the stick.

However, I still wouldn't say it was extreme. I would call it an intrinsic part of the systems life cycle, another stage in the testing/evaluation process. I suppose the alternative would be to make a complete copy of the system on a separate server (pref. local) and attack that one while leaving the existing one in use. Post a message apologising for any disruption, the probelms are currently being addressed, thank you for your understanding in this matter. Or something.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Or you could just say 'We are currently trying to save you a fortune'
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

xfrozenxsoulsx wrote:
Btw carnix that sounds like an ok Idea but remember we have a private domain so you can't do a who is on us and find out our info. There may be ways around the system who knows...lol


I didn't mean to do a whois on you, it was just an example. Do it on any site...

Out of curiosity, have you sent an e-mail to the outwar site admins to ask how they do it? I think that would be your best first step. Ask them to explain in detail, then if you don't understand something, come back, post what they said, and we can probably help you from there.

.c
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Well outwar are millionaires and they make and have made a ton of money. They have a building with about 50 employees for there game and it's called rampid interactive.Asking them wouldn't work. They would atleast want 1,000.00 and they don't sell there scripts which is what they would have to do to give us the proxy blocking script. They would have to give/sell us that one script.Next shutting down the site? There is no option to do that, We aren't going to do that. The problem here, What I was wanting to know is how to block proxies. We are having people with proxying there secret link and them getting into the site using proxies when we block there ip. I know there are ways to block this because some sites block proxy ips and blocking proxy ports isnt an option because proxy sniffing is illegal.

This kid gets into peoples accounts because when he did go into our site in beta round when we first started working and we had around 2,000 members he got into the player database {Remember he got into the site by getting on my aim screen name etc...} and he took all of the screen names and players in the database and he uses the old players passwords. We had to do a password change when he did all of this and we had to put up password change for peoples accounts to where when they logged in they had to change password. Anyways, The scripts and passes are now encrypted in the site and we have no more admins anymore now it's just a family owned business and my brother works 24/7 on the php and he does an awsome Job. I don't know alot of php and I probably shouldn't be acting like I know what im talking about but I do know about all of this and I do know that we need a proxy blocker, A way to block proxies from entering the site. I know there are ways you can do it so you can't say there isn't. It's just a hard thing to find.

Anyways this kid isn't a big problem we are mainly wanting to block people proxying there secret link to get more clicks because it slows down the site.My brother is going to be working on a script tonite and I hope it works. If you want to learn how these kindof games work go play http://www.outwar.com or http://www.foxwar.com or http://www.neuage.net or games like that. Businesses.....Anyways thanks for trying to help everyone. :)
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

I am still wondering why you store sensitive information in a users cookie?

I would still e-mail the guys to find out because you never know, you might get lucky.

I'm willing to bet (especially if they are so big) tht they have written some form of cgi or equivelant piece of software that does the detection, I honestly don't believe that it can be don via scripting - only a slightly lower level, yeah, but via scripting - well I hope I am proved wrong.

Don't alot of ISP's use proxies?
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

Ah, I didn't realize it was a big company. You might just send an e-mail to their webmaster and ask. You might be surprised.

Anyway, I decided to actually do a little legwork for you, fancy that:


http://www.bigwebmaster.com/2325.html
http://www.andromeda.com/people/ddyer/public-proxy.html

I don't know who this poster was, but you might send them an e-mail or something asking how they did it (sorry for the long url...):
http://www.webmaster-talk.com/showthrea ... #post53708

This is a phpNUKE package. If you're site is on phpNuke already, you might be in luck. If not, you could always send an e-mail to the guy who built the module to ask how he did it (You catching a recurring theme in my posts? heh)
http://protector.warcenter.se/postt11.html

That was just after a couple Google searches without going past the first couple pages...

.c
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

Rabid Dog wrote:
Don't alot of ISP's use proxies?


AOL, may it's routers and switches rot in hell, makes extensive use of proxies. It make makes doing accurate unique visitor tracking pretty much impossible with a standard log analyzer. We use WebTrends Log Analyzer Advanced with the add-on SmartSource package that designed specifically to do just that. We found that once we started using that, our unique and returning visitor counts jumped a full third again from the AOL users being accurately differeniated...
.c
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Carnix that post was by me. When we did this we did block proxies for a while. We blocked the ports and then it would make peoples firewalls go off saying we where trying to hack someones computer. If they had a firewall it would scan for certain ports which we found is illegal and it just messed us up in the long run but it worked. We are going to try to do another proxy ip block soon, We will try something like http://www.tekwar.net does. They block proxies or im thinking we can do a anti-spamming system that may work who knows....eh we got to do something about the proxies that's all I know...lol

Thanks for all of yall's help I will email outwar and try to get ahold of them. They have over 1,000 support tickets in there site in the support rite now. I talked with an admin yesterday they said they have been so busy lately but Im hoping they reply to me soon. I have outwar's number I may just call and talk to torax the owner.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Okay so if an ISP is using a proxy surely by blocking proxies you will be cutting out a genuine client base?

I noticed that the BWM proxy script runs on the .NET framework(aspx).

Wonder if it could be ported to PHP.

If you wanted to write something like this carnix what would you use?
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

If it were me? I think I would go gather a bunch of URLs that list free open proxies. As many as I could find... Most of the time, those are listed as an IP address, but you can always use a command line to resolve them to an IP if not.

Then, I would write an HTML scraper script that would suck down those pages, and hunt line by line for IP addresses. These would ALL be logged to a database. The database is important to avoid duplicate entries, since the sites could be cross-listing.

*EDIT: Forgot to add: This update script would run on a cron (or AT) job at intervals. Maybe every night at midnight, maybe once a week... whatever seems appropriate based on the update frequency of those proxy list sites.

Then, I would have a global on entry script that compairs the IP address of the entering user to my database of open proxies (which are the bad ones... legit traffic comes from closed, commercial ISP proxy servers, if any). If this was the case, I'd bounce them to a page explaining that the use of open proxies are not allowed. If possible, try and figure out who they are, perhaps based on the user they're trying to access (log the incoming link). Send that person an e-mail reminding them that use of open proxies is not allowed, etc.

If you start banning people, your users will get the picture... just be careful because it's not ALWAYS the user's fault. That's the tricky part you'll have to figure out.

.c
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Okay so what langauge would you use?

Assuming you would go with a low level language?

I actually forgot that open proxies are listed. Silly me then of course you could block them if they came from the bad list - duh. (I think alot of us, well me at least, missed the plot because we where trying to figure out how to detect whether or not a proxy was being used instead of taking a step back and going, okay so what do all proxies have in common - ah an IP address, Spam, hmmmm sure they trace open proxies to stomp out spam, hey what, spam, proxy blocker - well I never)

Like the way you think! (you had to do this before hmmmm?)
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

I'd probably use PHP, or ASP if it was an IIS machine.

No, I haven't had to write a script for this specifically, but I have written a number of scripts like this to basically emulate an RSS feed when none exists. At my org, we use an ASP service provide for online donations, advocacy and e-mail marketing. When we create a campaign on their system, they list it, along with other active campaigns, on our "center homepage"

Since I have no intention of manually syncing the two systems, I wrote an ASP scraper that goes over to their system, grabs the HTML, finds the section where the advocacy campaigns are listed, harvests those titles and URLs, then rebuild the list on our site. I happened to have written this script in Perl since our deployment system is built on a custom Perl and Tomcat engine, but I've done similiar things to sync remote, databases using ASP as well (needed an HTTP solution, because the only ports open between the two was 80 and 443, so I used 443 to create a secure datasync using XML, not using the XMLHTTP object either, though I later rebuilt it using MS's builtin object).

I've never done anything like this in PHP, but it would certianly be possible.

.c
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Well I am most def gonna give it a bash!

Will let you know when it is done, sounds really interesting
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Would this help me? I really hope so because if it works I will even pay you to find me something/someway to block most proxies from being used on my site. Also need it to not be able to click the users link basically.Basically I need to block proxies all together atleast most of them. If you can find a program,script something to do this let me know I will pay.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Frozen when I get this right I will give it to you for free. The amount of stress and panic you have been subjected I would feel bad selling it to you.

Will PM you when it is done, in the mean time fix the javascript errors ;o)
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Thanks alot man. Will do, Btw ThunderArena is down for now lmao my brother tried to put up a firewall into the site to block proxies and it blocked everything...Anyways it will be back up soon we need this time to work on it anyways.

Thanks alot man reply when it's done.
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

RD, let me know if you need any help/advice, I'll be happy lend whatever assistance I can.

.c
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Will most def take you up on that c.

Actually right now. I was doing a search for db's that list open proxies. Came up with a huge amount. I was wondering if you had any uri's to throw into the mix?
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

I can't access most of them from work (silly gatewary restrictions). Pretty much any warez or other hackeresque sites are restricted. There really are tons of sites, though I think most of them cross link to a large degree. If you can find 10 large lists, you're probably ok. Those sites come and go though, so any application you write will need to be extensible enough to configure input sites. The basic format of the IP search is simple, just a line by line, or maybe even " " by " " (space by space.. word seperation) search, in case the site owner didn't understand the use of carriage returns (heh).

Start with a database that populates an array of URLs based on the number of URLs entered in the database (you can use a db admin tool or build a nice interface for that.. I usually build some admin tool interface for these sorts of things, since not everyone knows enough about mySQL to actually use a real administration tool). When the scraper runs, log the response codes, and if it's anything but success, you can either automatically remove that entry (marking it as invalid without actually deleting the record is probably better), or set up a function to send a results mail at the end of the process detailing the number of IPs found, which urls were valid and which we not... etc. Those details are up to you =]

.c
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

I have built a config file that allows you to enter the uri into an array. (Was worried about the stress on the DBMS with too many uri's)

Then I just grab the html files and with a handly little regex pattern (thanks to RTM) build an array containing the IP address inside the page.

Then I make the array unique (remove duplicate values) and insert the values from the array into the DB.

So far so good?
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Good sounds good so far. Tell me when it's done so we can test it on ta and see if most of the proxying stops...I so hope it works man if it works you are the best genius on the internet! ...lol we just need this bad ;)
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1855
  • Loc: Uk

Post 3+ Months Ago

Question for carnix and RD. Does the IP REGEX need to differentiate between ports. As I said, I'm not too good with the whole IP address thing. ATM if you feed it:

<b>01.02.03.04:80
01.02.03.04:8080</b>

it will see them <i>both</i> as <b>01.02.03.04</b>, and remove the duplicate entry. Is this acceptable or not? I can modify the regex if needed.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

No don't think it is. The remote client IP will not contain a port number, so the ip on port 80 or port 8080 will be denied.

Hmmmm wonder if php can tell the port the client is connected to a proxy on or the port of the incoming request.
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

Good question. It might, although most open proxies use 80 since it's generally open by default. 8080 is a more of a convention than a true default, these days anyway.

I can't actually open any of the better provisioned open proxy sites, so I can't really speak to this right now. I guess adding an optional (:[0-9]+) or something similar (heh, sorry, I can't spit out regexes from memory.. that's what I have O'Reilly for!), would do the trick. If it's not known whether a port will be listed or not, I guess the regex should be able to detect both.

.c
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Nope PHP only handles the server port, so no revisions to the reg ex
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

hmm I hope yall help me and get this....damn it will help so much...lol I hate proxiers and people that use proxies to enter sites... :(
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Don't worry. What I was thinking about adding (if carnix hasn't beat me to it) is a list of good proxies ie proxies you don't mind.

So effectively the proxies you allow will come in and the proxies you don't allow will be ejected.

Carnix: I noticed that the HTTP_X_FORWARDED_FOR is the IP sent from client requesting the page via proxy and that anonymouse proxies claim to not send it. Suppose then we should do a check to see if that variable is set and if it is not empty.

WHAT ABOUT DNS lookups - or am I getting carried away?
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

well, DNS lookups will only give you the proxy's information.

If you didn't see it already, check this page:
http://www.freeproxy.ru/en/free_proxy/f ... nymity.htm

Seems to me that, with the exception of so-called "High Anonymity Proxies (Elite proxies)" all proxies, even the anon ones have SOME value in that header, even if it's fake. That it's fake isn't important, only that it isn't empty (or not determined... not sure what the result would be in that case... not an IP anyway).

The majority of free open proxies out there are not acutally supposed to be open proxies. They are usually misconfigured private proxies, or other systems that have some server that can act as a proxy. When we installed Interwoven TeamSite a couple years ago here, it turns out that, by default, the internal proxy server it uses was open through Apache... Took me a month to figure out what all that damn traffic was and shut down the hole. I found that system's IP address on several free open proxy listing sites, and to this day, I think it must still be listed in a few, because there are still some folks trying to connect to it. I bet someone wrote and distributed some sort of script and hardcoded that IP as the proxy to use...

Anyway, that header is something you should certainly include. Although, it wouldn't be definitive, for sure.

.c
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

I had a look at that site. Alot of them cross reference the same proxies.

Any comments on the code?
I have cleaned it up alot more. Add new features and once this end is happy I am going to work on the user interface, add the ability to decided to write to file or DB and error logging. Config file is pretty cool as well. Gives a not so PHP savy individual the chance to configure it through one page not scrapping through all the code
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Man can't wait until yall get this done it's going to be sweet thank you so much!
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

The only problem I am picking up at the moment is that you are going to have to maintain the list quiet closely. Legit users might get blocked.

The way I am going to set up the validation is check that the FORWARD_BY variable is set. If it is not set then reject otherwise check the DB for the ip address. If it appears then reject else (just thought of this now.) check the DB for the Forwarded By Address and match it against the DB or a list of user banned (hmmm going to have to re look at the sequence here. Anyways, the batch black list updating tool is done. Start on the white list updating tool today.
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Nice thanks keep up the good work let me know when it's done.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

HA HAHAHAHHAHAHAHAHAHHHAHA

At last my greatest work is completed!!!!

Well almost - the engine is done, now just for the front end! (damn graphics nonsense)


Anyways it is really simple to use.
a> Set the config
b> on the top of every page instantiate the class and call the function...

That simple! If it fails it will redirect and do all the other fancy things - mailing etc (if it is set in the config)

Very close to release - I can taste it!

Carnix - the empty FORWARDED FOR variable - does it return an empty string? How would I check to see if it set or not (am using if !isset at the moment)
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

nice nice cant wait.
  • Fire90
  • Born
  • Born
  • Fire90
  • Posts: 1

Post 3+ Months Ago

Why not just ad a verification script that ppl have to write a random verification code from a image thing that will stop the amateour its VERY simple a proxy clicker ONLY CLICKS it cannot write and even if some can they cant read an image afterall they arent human, will you trie this and tell me if it work.



I bet this will work dont ask me to script one cuz im still learning my html so asking me would be worthless but hey i do have a heck of an idea that will stop proxy clickers!!!
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

What if the person manually re assigned their ip address through one of the hundreds of free proxies so you can't track the IP address?
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1855
  • Loc: Uk

Post 3+ Months Ago

Quote:
VERY simple a proxy clicker ONLY CLICKS it cannot write and even if some can they cant read an image afterall they arent human

Fire90, are you talking about blocking people using proxies, or blocking automated bots?

In addition the whole image thing really would not work. I have clicked on xfrozenxsoulsx link, so he got a hit from that. Thats fine by me. But i wold never have bothered to type in the code from an image, just to give him a hit - why waste those 30 seconds of my time for nothing?
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Just to let you know that I haven't given up the project. I am busy with the user interface and got stuck on a freaking div layer because I didn't spell position right and was to tired to even try debug it.

Will be continuing on it this week.

So far all you will have to do is include the file (filter file). Anyone that enters with a listed proxy will get jacked and told that they are not allowed to use the proxy that is listed.
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

Fire90 wrote:
Why not just ad a verification script that ppl have to write a random verification code from a image thing that will stop the amateour its VERY simple a proxy clicker ONLY CLICKS it cannot write and even if some can they cant read an image afterall they arent human, will you trie this and tell me if it work.



I bet this will work dont ask me to script one cuz im still learning my html so asking me would be worthless but hey i do have a heck of an idea that will stop proxy clickers!!!


Already been suggested:
Carnix wrote:
I'd suggest doing something like the domain name registrars and many spam blocking validation systems have done. Use a non-machine-readable keywork to validate a human clicked the link. Basically it's a random set of graphics that display short (4 or 5 digit) passwords that a user has to type in. Go do a whois at Network Solutions (https://www.networksolutions.com/en_US/ ... ndex.jhtml) and you'll see what I mean. I haven't looked, but there's bound to be some sort of GPL version of that somewhere.


Anyway, this sort of breaks the simplicity of the game itself. I think using RD's proxy prevention engine (or whatever he calls it), is the way to go at first. Perhaps, as an add-on, a human user validator could be added as additional security as well.

.c
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Carnix wrote:
(or whatever he calls it), is the way to go at first.
.c


It is called my super fly cheeselator!

Nah its a toss up between IPAM (IP Access Management) Or IPCN (IP Control Net)

It is working really nicely carnix. Will post it on my site for download to a selected few once it is done!
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

I like IPAN personally. It rolls off the tounge a little nicer.

Although...

http://ipan.org/

heh

.c
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Do you think we should have a poll to decide the name?
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

If you want. Although it's you're application, you should name it.

Maybe something out of the box like Crazy Proxy Booty Smacker (CPBS), or Script Kiddie Snufer (SKS), or Dumbass-Buster Stopper (D-B.S.)
heh
.c
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

I really need this proxy blocker so please keep up the great work guys. I think thunderarena.com has been attacked lately by proxiers hitting our site trying to get it taken down. Also people proxying our links. Anyways we are moving to a faster server that we bought today which has 1400 gb a month and let's just say it's very good atleast it better be we paid alot for it and now we are paying alot more monthly so this would really help us so continue the great work! We need this done in the next few days pleaseeee if you can...thanks again guys!

Dual Intel Xeon 2.4 GHz, 533 MHz FSB
1024 MB ECC RAM (upgrades up to 4GB available)
120 GB hard drive (upgrades up to dual 250 GB available)
1000 GB Bandwidth included (Non-Cogent)

Typical Applications:
Powers through high performance e-Commerce sites.
Incredible platform for high performance gaming.
Powerful enough to handle all of your reseller needs such as virtual hosting.
Ideal for processor intensive, high transaction applications such as SQL, web stats and file sharing


That's what it comes with.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

It has a name!!!

I have decided (in all my wisdom) to take a few ideas here and there and now it has a name

The official title for this app is (drum roll please)
"Script Kiddie Proxy Killer" or SKPK :wink:

Pretty cool huh (should see the logo)
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

coo when will it be done? lol :D
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Easy tiger, it is happening. Finishing off the admin area and debugging now
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Frozen: Have you ever worked with multi-dimensional arrays?
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

heh, if not, the next question is, have you ever beat your head against the wall until you can't feel it anymore? =]

I personally love multi-dimensional arrays, but they pose some real conceptual problems, since they create systems that otherwise don't exist in a human's perceptual environment... That makes them a little difficult to understand at first...

.c
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

I love multi dimensional arrays as well. Nice organised structures that allow for lots of looping and manipulation.

The reason I asked him is because the batch processing is set up in a multi dim array other wise he is gonna sit for hours waiting for it to process all the pages at once.
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

My brother will take care of that. Kill gostly is his aim contact him on anything dealing with php for thunderarena. Tell him your from ozzu and your the one making the php blocker....he will know who you are....anyways can't wait until it's done. If you have any questions and want to make sure he knows what all to do or w/e contact him.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Okay it has been released to QA for assesment. Once it gets the thumbs up I'll give you the link to download it.
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Ok thanks man. You talked to my bro lol which i was glad you did do that. Please have it done soon :) We are waiting and it's going to be sweet...thanks again can't wait!
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

It's been 2 days are ya almost done we really need it they are proxying bad now and we are getting slightly dos attacked..please reply soon.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Well I posted the uri to your brother and no one has gotten back to me.

The DoS attacker, gee did you guys really make someone mad? DoS attacks are not difficult, can acheive them with a simple ping.

Are you sure they are DoS or just an overload on the server? Have tried to trace the source?
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Ok it doesn't work sorry for taking so long getting back to you but I don't have your aim and don't get on ozzu anymore as much. Anyways, I saw the program and the site in which you have to login to the program or w/e looks really nice. You did a good job but he said something is wrong with it I forgot what so please fix it. Aim me on aim at owxratedx or aim him please. Thanks bro
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Where is he?
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

His aim is kill gostly or you can go on Thunder Arena and contact him that way. Send a support ticket on Thunder arena or just simply message him....squarepants is his name on thunderarena.....lol just message him in the game.....sign up then go under user menu then hit message center then hit send message then put squarepants as the rest and bla bla talk to him he should reply within 5 hours...thanks man
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

how about YOU tell "him" to contact RD if he really wants the system:

http://www.rabiddog.co.za/

(I gotz yer bad Dog. heh) :evilking:

.c
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

lol we do have the system it just doesn't work rite on ta that's why we need to talk to rd but he is always on when we are asleep like at 3am.... :(
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1259
  • Loc: ./

Post 3+ Months Ago

I just read through this entire thread for God only know what reason. But here are a couple comments.

1. Free scripts AND rearrange operating hours? What a guy RD!

2. Remote Port in PHP can be ascertained by $_SERVER[REMOTE_PORT] - that probably doesn't matter at this point, but I figured I'd let it be known.

3. I haven't really checked out the game, but why don't you have the users (or whoever's posting the links) register the links and what url they're putting them on? Perhaps make each link use a unique id, something like:
base64_encode(url.userid.createtime);
then have the clicker's IP added to that and block that link from that IP from being registered as a click for a certain number of second/minutes/days/forever

4. If you were having your users change their passwords after logging in after you were hacked, who's to say one of those 2000 users wasn't the hacker and just reset the password himself. I would have had a script generate a random password, update the db and send an email to each registered user. Then give them an option to change that after they logged in with the new password.

I think that's all I had to say... for now
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

Well I don't know what to do. Unfortunately our fantastic telecommunications infrastructure does not allow me to have the internet at home.

I am pretty sure the filter does work as I have tested it on a number of platforms and there is probably something in the help file you didn't read or something in the config file you didn't set correctly.

If I could get in touch with him I would but time zones are an issue and unless you have a job for me over there and transfer expense there is not much I can do.

Will try resolve the issue

This213 - it uses the $_SERVER[REMOTE_ADDR] and forwarded for variables - didn't see the point of using a port as it doesn't matter really does it? But thanks for that - always keen to learn new things.

Carnix - thanks for the support :wink:
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Thanks for the replies guys. Anyways, Rd is a good guy for doing this. We replied to your support ticket on Thunder Arena and we gave you a link http://www.thunderarena.com/blank.php and we are wondering why the mysql errors are coming up. That is when the filter is on...when it is off the site is like it is now fine...please let us know soon...thank's man for all you have done so far...you have been a good help and have managed to make this program really for us....Thanks again for putting the time and effort into this. Your a good guy.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

did you guys set up the config file?

all you have to do is include the file filter.php ie
PHP Code: [ Select ]
 
include_once("install directory/filter.php")
 
 
  1.  
  2. include_once("install directory/filter.php")
  3.  
  4.  


alot of those errors have nothing to do with the app I wrote.

Is there anyway you can give me access to the ftp server so I can see the config?

One other thing. Did you set up the extra tables in MySQL?

PM at uzzo if you can.
  • darksat
  • Proficient
  • Proficient
  • User avatar
  • Posts: 487
  • Loc: London (via the rest of the world)

Post 3+ Months Ago

This is a script in ASP that backtracks through a non secure proxy if you manage to port it to PHP let me know
--------------proxycheck-------------------------------

behindProxy = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
proxy = Request.ServerVariables("REMOTE_ADDR")

' If the user is NOT behind a proxy

if behindProxy = "" then
Response.Write "<p>Your IP address is: " & proxy & "</p>" & vbcrlf

' If the user is behind a proxy
else
Response.Write "<p>Your IP address is: " & behindProxy
Response.Write " and your proxy address is: " & proxy & "</p>" & vbcrlf
end If
----------------End Proxycheck------------------------------
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

That assumes all proxies actually use that header, which they all don't. In fact, except for the real professional ones that shouldn't be blocked, like AOL or Earthlink, for example, most won't pass that header.
.c
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

PHP Code: [ Select ]
 
$behindProxy = $_SERVER['HTTP_X_FORWARDED_FOR'];
 
$proxy = $_SERVER['REMOTE_ADDR'] ;
 
//If the user is NOT behind a proxy
 
if($behindProxy == ""){
 
   echo "Your IP address is: " . $proxy . "\n";
 
}else{
 
   echo "Your IP address is: " . $behindProxy . "\n";
 
   echo " and your proxy address is: " . $proxy . "\n";
 
}
 
 
  1.  
  2. $behindProxy = $_SERVER['HTTP_X_FORWARDED_FOR'];
  3.  
  4. $proxy = $_SERVER['REMOTE_ADDR'] ;
  5.  
  6. //If the user is NOT behind a proxy
  7.  
  8. if($behindProxy == ""){
  9.  
  10.    echo "Your IP address is: " . $proxy . "\n";
  11.  
  12. }else{
  13.  
  14.    echo "Your IP address is: " . $behindProxy . "\n";
  15.  
  16.    echo " and your proxy address is: " . $proxy . "\n";
  17.  
  18. }
  19.  
  20.  


there is your php port of the ASP script
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Ok I will get my bro to check it out. Thnx
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

That aint' for your frozen. Sorry - stilltrying to solve your problem
  • dEfEndEr
  • Newbie
  • Newbie
  • dEfEndEr
  • Posts: 14

Post 3+ Months Ago

Code: [ Select ]
echo "Checking for Proxy server........ Please wait.......\n";

$ip = (getenv('HTTP_X_FORWARDED_FOR')) ? getenv('HTTP_X_FORWARDED_FOR') : getenv('REMOTE_ADDR');
echo " Your IP addy is: " . $ip . "\n";
  1. echo "Checking for Proxy server........ Please wait.......\n";
  2. $ip = (getenv('HTTP_X_FORWARDED_FOR')) ? getenv('HTTP_X_FORWARDED_FOR') : getenv('REMOTE_ADDR');
  3. echo " Your IP addy is: " . $ip . "\n";


Seems to work a little better..


BTW, to the original poster.

I too have a spongebob on my site, I too am having problems with him (3 usernames, all cheating / trying to hack the system, via the same proxy)
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

PLEASE NOTE: The application below requires decent morals.
Be careful when pulling information from websites. If the sites are copyrighted rather find a free alternative. I am not responsible for your actions. (Anyways how would you feel if someone was skimming from your site?)

If you agree with the above you can download Script Kiddie Proxy Killer ver 1.1 (Thanks to Carnix for QA)
http://www.rabiddog.co.za/proxy/proxy_killer1-1.zip

This application assumes you have a knowledge of PHP. Read the help file for set up instructions and mail me from there if you need support. Do not hassle the guys at Ozzu for support as they have nothing to do with the app.

Thank you alll and Good Night!
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

preach it brother dog! can I get an amen?! :angel:


.c
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3243
  • Loc: South Africa

Post 3+ Months Ago

AMEN!
  • darksat
  • Proficient
  • Proficient
  • User avatar
  • Posts: 487
  • Loc: London (via the rest of the world)

Post 3+ Months Ago

Hey rabiddog and dEfEndEr
Nice work with the PHP conversion.
Saves me some effort.
Thanks

Post Information

  • Total Posts in this topic: 95 posts
  • Users browsing this forum: No registered users and 35 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2016. Ozzu® is a registered trademark of Unmelted, LLC.