Need script that blocks proxies

  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

I need a script that blocks all proxies that come into the site meaning if someone uses a proxy they can't get into the site. Does anyone know how to make this? I own a game and people get clicks by getting people to click their secret link. Well they are using proxies and making the proxies seem as if they are clicking the link over and over so they get clicks fast and easy. Well is their a script out there that blocks proxies...please reply soon
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Frostbyt3
  • Graduate
  • Graduate
  • User avatar
  • Posts: 221
  • Loc: Corpus Christi, TX

Post 3+ Months Ago

Do what outwar and tekwar does, make it so it forwards to random code generated session id's and stuff.

I for one, do not know how to do this. :(

but you can click my link while you're at it :)
http://www.outwar.com/page.php?x=1181440
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

I don't know of a way to block proxies, per se.. but why don't you add some code to the script that processes each click that will do some validity checking?

1: Add a "Has_Clicked = true" sort of cookie when a person clicks a link
2: Use a Session variable (if you can) to add a Has_Clicked value to on the server for that session.

Then require cookies to be enabled for the click to work (the scripts sets a cookie, tries to read it, and if it can't it blocks the click from working, for example). Obvioulsy, they can delete the cookie and continue, but with the session variable, they'd have to close their browser AND delete the cookie, and they couldn't use a script to mass click, because it wouldn't be able to accept cookies...

Proxies allow users to mask their IP addresses, there are many lists of Open Proxies out there. You could go download one and blacklist all the IPs on it as well, though that would be a pretty heavy handed approach.

Since Proxies are simply IP address... I'm not really sure how easy it would be to determine where an incomming request is being passed through a proxy... in theory, without using cookies or something else that can uniquely identify an individual user, it's not...

.c
  • Managedlinks
  • Proficient
  • Proficient
  • Managedlinks
  • Posts: 294

Post 3+ Months Ago

You can't block proxies as such. and if you could you would lose 90% of your customers as most ISP's use proxies for efficiency.

What you are trying to do is an anti fraud measure. the best way to do this is to block IP's

How you do it is very dependant on the result you want.

The basic idea is this. you monitor the incoming http requests. if you see an unusual number of requests coming from a particular ip address or block of ip's you block those ip's

AS I said how this is done is very dependant on what server you are on and why you want it done.

You may block those ip's permanently, or just for an hour. you may give them a different page....


A little more information about what you are trying to achieve and perhaps a URL may help
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

We have tried blocking them now they are finally getting around the system. Our goal is to block proxiers who proxy their link being as such: http://www.thunderarena.com/page.php?id=1 . We need any proxy ips or w/e to be able not to click that link. We are trying to find a good code to do so. We will pay money if a code you submit works so please help. Reply here or contact me on aim at owxratedx
  • Managedlinks
  • Proficient
  • Proficient
  • Managedlinks
  • Posts: 294

Post 3+ Months Ago

I have PM'ed you
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Ok this kid has been bothering us for a while now. Well hes getting very annoying. Have you ever heard of http://www.outwar.com anyways our game is http://www.thunderarena.com. We are looking for a script that will block all proxies that people use to enter the site. It will block those proxies from entering our site and will not show up on any anti virus program or w/e as a hacking attempt. It needs to just block proxies from entering our site. We have blocked the kids ip plenty of times but he keeps using a proxy and we are fed up. Im willing to pay money up to 100.00 or more through paypal. Depends on how good the script is, If it works you get money. I mean it must be good I want to block him from our site from good and stop proxying. He keeps getting on peoples accounts too and if anyone has any way on how to fix that please let me know. This kid got our scripts 2 months ago rite when we started and took all of our stuff and the 3000 members that where Registered. But now he is getting on everyones accounts and wasting peoples points that they pay for. Yes they pay for points to upgrade their account in the game and to post in shoutbox on homepage. Please help me with this it would greatly be appreciated and im willing to pay if you really help. You must know really what you are talking about. Either reply here with your aim name or contact me on TaSupportTa.We have over 7,000 players and it's very annoying when this kid comes into peoples accounts and he messes with their points. We figure the best way is to block proxies that way he can't enter the site anymore.We have tried blocking main ports 8080 and things but then firewalls go off as hacking attempts so we had to take that off. Please help. Thanks alot and have a good day.

Regards,
Ta staff.
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

That post I made a while back there they didnt really help me much. I need the script that all I have to do is insert it into the site. Then i will have to all the things to hook it up but I really need the script if anyone can make one.
  • UNFLUX
  • Genius
  • Genius
  • User avatar
  • Posts: 6376
  • Loc: twitter.com/unflux

Post 3+ Months Ago

no need to start a new thread on the same topic. merged with your original one. Please continue
discussions here. Thanks.
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

I need to block web users hiding behind an anonymous or open proxy servers from entering my website.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

Why don't you just set up some sort of server validation, that way if someone does get irritating then just remove them from the list of users allowed access to the server.

Unless it is a shared hosting solution.

Surely the kid has to log on at some stage? just remove him from the valid users list.

Will look around and see if I can find anything for you

//EDIT went to look at your site and you have an extremely annoying JavaScript error on your pages - every single one, I don't know if it is an include file.
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Errors? I don't see any errors. That's wierd. We haven't had any players complain about it. If we did the loging in thing he would just make a new account. We will find something soon please keep looking for us.
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1855
  • Loc: Uk

Post 3+ Months Ago

yes javascript errors and your entire site is completely screwed in Firefox.

Anyway, I'm not sure how blocking proxies will solve the problem. The problem being a security hole in either the script or the server. Just because you can stop this kid using a proxy, does not mean he won't go and use someone else's computer to hack you. Or he could post your vulnerabilities on the internet somewhere, and you have hundreds of people exploiting it.

Or someone else could uncover the flaw. I really don't think that treating the symptoms will do you any good in the long run. Rather than searching for a script which people have said does not exist, I would advise you to find out HOW he is getting into the system, and block the means of entry for everyone, rather than just the one person.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

xfrozenxsoulsx wrote:
Errors? I don't see any errors. That's wierd. We haven't had any players complain about it. If we did the loging in thing he would just make a new account. We will find something soon please keep looking for us.


Set your browser to enable script debugging and notification on script errors, they aren't fatal but they are annoying
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

They must have been fixed (bravo!) because the site works fine for me (on Firefox).

Anyway,:

Quote:
The more people you get to click the link, the more money your character will generate.


You game is pretty might designed to be exploited in this way. You need to devise some new rules or ways to validate that the link was clicked by a human. As has been stated, the only way to block proxies is to start blocking IPs, or blocks of IPs, from access. This will have the unfortunatly effect of also blocking legit traffic as well.

I'd suggest doing something like the domain name registrars and many spam blocking validation systems have done. Use a non-machine-readable keywork to validate a human clicked the link. Basically it's a random set of graphics that display short (4 or 5 digit) passwords that a user has to type in. Go do a whois at Network Solutions (https://www.networksolutions.com/en_US/ ... ndex.jhtml) and you'll see what I mean. I haven't looked, but there's bound to be some sort of GPL version of that somewhere.

.c
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Ok he is not getting into the system. No one has been in our cpanel I don't know how hacking came into this post but he has not hacked us. He got our info a while back from an admin that worked for us because he got on my aim screen name, Got my pass from another game got on my aim screen name and talked to an admin and said i was at a friends house and needed intro to the cpanel so my admin gave him it. That's why we have no more admins only 2 of us working on the site and we are family. Anyways, There is alot of people that use proxies to do better in the game and they also use proxies to get into the site. How is he getting into the site? We have blocked his ip but he uses a proxy now.....That's the main question I know there are ways to block proxies so how? http://www.outwar.com blocks them try to enter there site with a proxy. Phpb forums or w/e they block proxys try to enter there site. Alot of sites block proxies but how?.....

Btw carnix that sounds like an ok Idea but remember we have a private domain so you can't do a who is on us and find out our info. There may be ways around the system who knows...lol
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1855
  • Loc: Uk

Post 3+ Months Ago

xfrozenxsoulsx wrote:
I don't know how hacking came into this post

In the last post you made:
xfrozenxsoulsx wrote:
He keeps getting on peoples accounts too
xfrozenxsoulsx wrote:
But now he is getting on everyones accounts and wasting peoples points that they pay for. Yes they pay for points
xfrozenxsoulsx wrote:
We have over 7,000 players and it's very annoying when this kid comes into peoples accounts and he messes with their points.


Three times you say he is getting into people's accounts? Is he authorised to do so? I doubt it. Lets see a definition of hacking:
google wrote:
<b>Hacking: </b> Unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system


The information system being the game and it's component scripts, not the server in this instance. The security measures being the ones for users to log into their acounts most likely.

Anyway, my point is that <b>it is not proxies</b> allowing him to gain access to other peoples accounts. If you block him by this method, I'm sure someone else will find out how to exploit the same security holes. Or he will find another way to gain access to the site. IMO blocking the proxies is treating the symptoms rather than the illness.

The proxy blocking may well prevent the link clicking, but I would consider this a minor issue in comparison to the account hijacking.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

The amount of comments here and the time spent trying to find a script to block proxies what I would have done (maybe because I am an extremist) is shut the site down and hacked it myself. Found all the holes, come up with a way to stop people from circumventing the security and released the site once it had been sorted out.

Close the site! Get a few people together that know what they are doing and hack it to pieces, find the holes, the security flaws and fix them. Don't pull a microsoft and try patching things up, it just leads to more problems.

As RTM said, prevention is better than cure

Seems like alot of work but I think the paying customers would appreciate it more if you shut it down and stopped the abuse on their accounts.

But as I said that is just me
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1855
  • Loc: Uk

Post 3+ Months Ago

Rabid Dog wrote:
what I would have done (maybe because I am an extremist) is shut the site down and hacked it myself. Found all the holes, come up with a way to stop people from circumventing the security and released the site once it had been sorted out.


Yes, I think you are very extreme for wanting to fix the problem. Oh yes indeed :roll:
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

Just noticed that you guys store all user inf (password and name) on the client machine via cookies.

Assume this is the way you tell whether or not someone has clicked the link!

So now say I had to delete that cookie, would I be able to carry on clicking links?

What if I had to set my headers to echo that cookie with a different password or user name? would the errors it generates give me a little insight into your file structures?

Just wondering

RTM :- meant I was extreme for shutting the site down
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1855
  • Loc: Uk

Post 3+ Months Ago

lol, fair enough - missed that, I was just glad to see someone was on the same wavelength as me, I was starting to wonder if I had totally the wrong end of the stick.

However, I still wouldn't say it was extreme. I would call it an intrinsic part of the systems life cycle, another stage in the testing/evaluation process. I suppose the alternative would be to make a complete copy of the system on a separate server (pref. local) and attack that one while leaving the existing one in use. Post a message apologising for any disruption, the probelms are currently being addressed, thank you for your understanding in this matter. Or something.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

Or you could just say 'We are currently trying to save you a fortune'
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

xfrozenxsoulsx wrote:
Btw carnix that sounds like an ok Idea but remember we have a private domain so you can't do a who is on us and find out our info. There may be ways around the system who knows...lol


I didn't mean to do a whois on you, it was just an example. Do it on any site...

Out of curiosity, have you sent an e-mail to the outwar site admins to ask how they do it? I think that would be your best first step. Ask them to explain in detail, then if you don't understand something, come back, post what they said, and we can probably help you from there.

.c
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Well outwar are millionaires and they make and have made a ton of money. They have a building with about 50 employees for there game and it's called rampid interactive.Asking them wouldn't work. They would atleast want 1,000.00 and they don't sell there scripts which is what they would have to do to give us the proxy blocking script. They would have to give/sell us that one script.Next shutting down the site? There is no option to do that, We aren't going to do that. The problem here, What I was wanting to know is how to block proxies. We are having people with proxying there secret link and them getting into the site using proxies when we block there ip. I know there are ways to block this because some sites block proxy ips and blocking proxy ports isnt an option because proxy sniffing is illegal.

This kid gets into peoples accounts because when he did go into our site in beta round when we first started working and we had around 2,000 members he got into the player database {Remember he got into the site by getting on my aim screen name etc...} and he took all of the screen names and players in the database and he uses the old players passwords. We had to do a password change when he did all of this and we had to put up password change for peoples accounts to where when they logged in they had to change password. Anyways, The scripts and passes are now encrypted in the site and we have no more admins anymore now it's just a family owned business and my brother works 24/7 on the php and he does an awsome Job. I don't know alot of php and I probably shouldn't be acting like I know what im talking about but I do know about all of this and I do know that we need a proxy blocker, A way to block proxies from entering the site. I know there are ways you can do it so you can't say there isn't. It's just a hard thing to find.

Anyways this kid isn't a big problem we are mainly wanting to block people proxying there secret link to get more clicks because it slows down the site.My brother is going to be working on a script tonite and I hope it works. If you want to learn how these kindof games work go play http://www.outwar.com or http://www.foxwar.com or http://www.neuage.net or games like that. Businesses.....Anyways thanks for trying to help everyone. :)
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

I am still wondering why you store sensitive information in a users cookie?

I would still e-mail the guys to find out because you never know, you might get lucky.

I'm willing to bet (especially if they are so big) tht they have written some form of cgi or equivelant piece of software that does the detection, I honestly don't believe that it can be don via scripting - only a slightly lower level, yeah, but via scripting - well I hope I am proved wrong.

Don't alot of ISP's use proxies?
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

Ah, I didn't realize it was a big company. You might just send an e-mail to their webmaster and ask. You might be surprised.

Anyway, I decided to actually do a little legwork for you, fancy that:


http://www.bigwebmaster.com/2325.html
http://www.andromeda.com/people/ddyer/public-proxy.html

I don't know who this poster was, but you might send them an e-mail or something asking how they did it (sorry for the long url...):
http://www.webmaster-talk.com/showthrea ... #post53708

This is a phpNUKE package. If you're site is on phpNuke already, you might be in luck. If not, you could always send an e-mail to the guy who built the module to ask how he did it (You catching a recurring theme in my posts? heh)
http://protector.warcenter.se/postt11.html

That was just after a couple Google searches without going past the first couple pages...

.c
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

Rabid Dog wrote:
Don't alot of ISP's use proxies?


AOL, may it's routers and switches rot in hell, makes extensive use of proxies. It make makes doing accurate unique visitor tracking pretty much impossible with a standard log analyzer. We use WebTrends Log Analyzer Advanced with the add-on SmartSource package that designed specifically to do just that. We found that once we started using that, our unique and returning visitor counts jumped a full third again from the AOL users being accurately differeniated...
.c
  • xfrozenxsoulsx
  • Novice
  • Novice
  • xfrozenxsoulsx
  • Posts: 30

Post 3+ Months Ago

Carnix that post was by me. When we did this we did block proxies for a while. We blocked the ports and then it would make peoples firewalls go off saying we where trying to hack someones computer. If they had a firewall it would scan for certain ports which we found is illegal and it just messed us up in the long run but it worked. We are going to try to do another proxy ip block soon, We will try something like http://www.tekwar.net does. They block proxies or im thinking we can do a anti-spamming system that may work who knows....eh we got to do something about the proxies that's all I know...lol

Thanks for all of yall's help I will email outwar and try to get ahold of them. They have over 1,000 support tickets in there site in the support rite now. I talked with an admin yesterday they said they have been so busy lately but Im hoping they reply to me soon. I have outwar's number I may just call and talk to torax the owner.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

Okay so if an ISP is using a proxy surely by blocking proxies you will be cutting out a genuine client base?

I noticed that the BWM proxy script runs on the .NET framework(aspx).

Wonder if it could be ported to PHP.

If you wanted to write something like this carnix what would you use?
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

Post Information

  • Total Posts in this topic: 95 posts
  • Users browsing this forum: No registered users and 114 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.