blocking proxy hits

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Zester
    Confirmed User
    • Jul 2003
    • 5344

    #1

    blocking proxy hits

    i'm trying to build a very simply a trading script in PHP
    I'm looking to do some anti cheating features, how do I detect proxy hits?
    is there anything 100% bullet proof?

    i'm already ignoring hits I can't plant cookies on or can't get the IP address from
    * Mainstream ? $65 per sale
    * new male contraception
  • Trent Edison
    Too lazy to set a custom title
    • Jun 2003
    • 6132

    #2
    If proxy is not "high anonimity", you can analyze HTTP reqests and detect them if there are parameters like "Via:", etc. In case of "high anonimity" proxies you have no means to detect except if you have the full list of "high anonimity" proxies in the internet.

    Comment

    • Rorschach
      So Fucking Banned
      • Aug 2002
      • 5579

      #3
      Http_via =
      Http_x_forwarded_for =
      Http_from =

      Comment

      • Zester
        Confirmed User
        • Jul 2003
        • 5344

        #4
        Originally posted by Trent Edison
        If proxy is not "high anonimity", you can analyze HTTP reqests and detect them if there are parameters like "Via:", etc. In case of "high anonimity" proxies you have no means to detect except if you have the full list of "high anonimity" proxies in the internet.
        is there really a full list of "high anonimity" proxies ? where can i get it?
        * Mainstream ? $65 per sale
        * new male contraception

        Comment

        • chupachups
          Confirmed User
          • Dec 2002
          • 6576

          #5
          Originally posted by Zester
          is there really a full list of "high anonimity" proxies ? where can i get it?

          lolol no I dont think so
          better just go with:

          Http_via =
          Http_x_forwarded_for =
          Http_from =

          Comment

          • Zester
            Confirmed User
            • Jul 2003
            • 5344

            #6
            any other methods of cheating I should know about?
            * Mainstream ? $65 per sale
            * new male contraception

            Comment

            • azguy
              Confirmed User
              • Nov 2004
              • 5167

              #7
              Originally posted by Zester
              any other methods of cheating I should know about?
              It's not easy to block proxy hits, but it is doable to some extent.

              What you could theoretically do is, run a batch script that scans through your log of whatever type, extracts the IP address, and attempts to connect to it as if it was a proxy server (check all ports for an open HTTP/Socks proxy). This can be a slow process, which is why you should never do it on-the-fly and only in batch. Also, you shouldn't wait too long before you check an IP, as proxy servers tend to die fast and your `evidence` will be lost.

              EDIT: Needless to say, when a proxy is found you can cancel that specific hit/sale or do whatever you want with your findings.

              Comment

              • Zester
                Confirmed User
                • Jul 2003
                • 5344

                #8
                Originally posted by azguy
                It's not easy to block proxy hits, but it is doable to some extent.

                What you could theoretically do is, run a batch script that scans through your log of whatever type, extracts the IP address, and attempts to connect to it as if it was a proxy server (check all ports for an open HTTP/Socks proxy). This can be a slow process, which is why you should never do it on-the-fly and only in batch. Also, you shouldn't wait too long before you check an IP, as proxy servers tend to die fast and your `evidence` will be lost.

                EDIT: Needless to say, when a proxy is found you can cancel that specific hit/sale or do whatever you want with your findings.

                thanks for that idea
                now are there any other methods of cheating/faking hits besides the usage of proxy?
                * Mainstream ? $65 per sale
                * new male contraception

                Comment

                • azguy
                  Confirmed User
                  • Nov 2004
                  • 5167

                  #9
                  Originally posted by Zester
                  thanks for that idea
                  now are there any other methods of cheating/faking hits besides the usage of proxy?
                  There are plenty

                  Comment

                  • Zester
                    Confirmed User
                    • Jul 2003
                    • 5344

                    #10
                    Originally posted by azguy
                    There are plenty
                    care to list a few?
                    * Mainstream ? $65 per sale
                    * new male contraception

                    Comment

                    • azguy
                      Confirmed User
                      • Nov 2004
                      • 5167

                      #11
                      Originally posted by Zester
                      i'm trying to build a very simply a trading script in PHP
                      I'm looking to do some anti cheating features, how do I detect proxy hits?
                      is there anything 100% bullet proof?

                      i'm already ignoring hits I can't plant cookies on or can't get the IP address from
                      Why do you ignore hits that block cookies? I wouldn't do that. If someone wants to fake hits, it's very easy for them to accept cookies (cURL+PHP can easily do that). You're just losing real hits using this approach.

                      Comment

                      • azguy
                        Confirmed User
                        • Nov 2004
                        • 5167

                        #12
                        Originally posted by Zester
                        care to list a few?
                        It really depends on what you're trying to accomplish. Where do you block hits (what is the type of service that you have)?

                        Cheaters customize their behvaior based on what the need is, so I can't give a general answer. If they try to cheat pay-per-click systems, then in addition to getting unique IPs by using proxies, they will also try to trick users into hitting your pages.

                        Comment

                        • azguy
                          Confirmed User
                          • Nov 2004
                          • 5167

                          #13
                          These days it's not so easy to detect SOCKS proxies as it used to be. Back in the day you knew it's a SOCKS if port 1080 was open. Now you'll see all kinds of different ports - 44444, 323232, 34000, etc.

                          Comment

                          • Zester
                            Confirmed User
                            • Jul 2003
                            • 5344

                            #14
                            come to think of it: MSNTV is a proxy, AOL is a proxy, Earthlink is a proxy...Most cable modems are proxies....
                            * Mainstream ? $65 per sale
                            * new male contraception

                            Comment

                            • azguy
                              Confirmed User
                              • Nov 2004
                              • 5167

                              #15
                              Originally posted by Zester
                              come to think of it: MSNTV is a proxy, AOL is a proxy, Earthlink is a proxy...Most cable modems are proxies....
                              But you can still ignore those. They are mostly used by an actual legit user, as they are not public.

                              Comment

                              • azguy
                                Confirmed User
                                • Nov 2004
                                • 5167

                                #16
                                If you tell me what you're trying to do, I'll have more specific ideas for you. Hit me up if you don't want to post it here.

                                Comment

                                • Zester
                                  Confirmed User
                                  • Jul 2003
                                  • 5344

                                  #17
                                  Originally posted by Rorschach
                                  Http_via =
                                  Http_x_forwarded_for =
                                  Http_from =
                                  I tested the following:
                                  while (list($key, $val) = each($_SERVER)) {
                                  echo "$key => $val<br>";
                                  }

                                  accessing the page myself I got:
                                  HTTP_VIA => 1.1 PTK-CACHE-218B (NetCache NetApp/5.6.1D21)
                                  HTTP_X_FORWARDED_FOR => 86.179.229.242



                                  so did I miss something?
                                  * Mainstream ? $65 per sale
                                  * new male contraception

                                  Comment

                                  • pstation
                                    Confirmed User
                                    • Jul 2003
                                    • 1135

                                    #18
                                    A lot of proxies dont expose them as being proxies, what you can do however is attempt to connect to the remote host on the common ports that proxies run on.

                                    So you could possible do something like this provided you are running PHP:
                                    PHP Code:
                                    <?
                                    if(fsockopen($_SERVER['REMOTE_ADDR'],8080,$ERRNO,$ERRSTR,0.5) hahahaha= FALSE)
                                    {
                                        print "omg proxy server!!!11!";
                                    }
                                    ?>

                                    Comment

                                    Working...