How to detect proxy hits in PHP?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • DarkPeter
    Confirmed User
    • Sep 2005
    • 183

    #1

    How to detect proxy hits in PHP?

    I thought that if visitors goes by proxy i see just proxy IP in $HTTP_REFERER and i count all hits from same proxy as one in worst case. But recently i read that it is not so easy and i can get cheated much more this way. Do you know how exactly proxy cheats work and how to detect 100% these hits in PHP?
    http://www.adult-webmasters.info/
  • DarkPeter
    Confirmed User
    • Sep 2005
    • 183

    #2
    $REMOTE_ADDR not $HTTP_REFERER, sorry :-( Thinking on 2 things at once and being man :-)
    http://www.adult-webmasters.info/

    Comment

    • pfunix
      Registered User
      • Jun 2006
      • 5

      #3
      Things to look at mostly on your weblogs are

      HTTP_VIA
      PROXY_CONNECTION
      X_FORWARDED_FOR


      As far a Im aware of my .2cents there are 3 types of proxies here's the list.

      Transparent proxy - this proxy shows your real ip address with the precense of X_FORWARDED_FOR option on your logs. this type of proxy will tells you both the IP of the proxy and the client IP behind the request

      Anonymous proxy - they have a missing X_FORWARDED_FOR option on your logs so it only displays the IP of the proxy and you will also see more presence of "connection type CLOSE" on your logs

      High-Anonymity Proxy - This type of proxy does not send any of the usual proxy variables to your logs..

      hopefully you get the picture.

      not allowed to put a url osix.net/modules/article/?id=765
      Last edited by pfunix; 02-16-2007, 05:13 AM.

      Comment

      • schneemann
        Confirmed User
        • Oct 2006
        • 749

        #4
        PHP Code:
        /** 
        * @name         getip
        * @desc         Function to get the user's IP address
        * @param               none (optained via superglobals)
        * @return         string      the IP address
        */
        function getip() {
            if(isset($_SERVER)) {
                if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
                    $realip = $_SERVER['HTTP_X_FORWARDED_FOR'];
                 } 
                elseif(isset($_SERVER['HTTP_CLIENT_IP'])) {
                      $realip = $_SERVER['HTTP_CLIENT_IP'];
                 } 
                else {
                     $realip = $_SERVER['REMOTE_ADDR'];
                 }
            
            } 
            else {
                if( getenv( 'HTTP_X_FORWARDED_FOR' ) ) {
                    $realip = getenv( 'HTTP_X_FORWARDED_FOR' );
                } 
                elseif( getenv( 'HTTP_CLIENT_IP' ) ) {
                    $realip = getenv( 'HTTP_CLIENT_IP' );
                } 
                else {
                    $realip = getenv( 'REMOTE_ADDR' );
                }
            }
        return $realip;
        } 
        
        Sorry about the fucked up highlighting. Cut and paste the code above
        Deranged World

        Comment

        • DarkPeter
          Confirmed User
          • Sep 2005
          • 183

          #5
          Originally posted by schneemann
          PHP Code:
          /** 
          * @name         getip
          * @desc         Function to get the user's IP address
          * @param               none (optained via superglobals)
          * @return         string      the IP address
          */
          function getip() {
              if(isset($_SERVER)) {
                  if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
                      $realip = $_SERVER['HTTP_X_FORWARDED_FOR'];
                   } 
                  elseif(isset($_SERVER['HTTP_CLIENT_IP'])) {
                        $realip = $_SERVER['HTTP_CLIENT_IP'];
                   } 
                  else {
                       $realip = $_SERVER['REMOTE_ADDR'];
                   }
              
              } 
              else {
                  if( getenv( 'HTTP_X_FORWARDED_FOR' ) ) {
                      $realip = getenv( 'HTTP_X_FORWARDED_FOR' );
                  } 
                  elseif( getenv( 'HTTP_CLIENT_IP' ) ) {
                      $realip = getenv( 'HTTP_CLIENT_IP' );
                  } 
                  else {
                      $realip = getenv( 'REMOTE_ADDR' );
                  }
              }
          return $realip;
          } 
          
          Sorry about the fucked up highlighting. Cut and paste the code above

          Can't be this abused by the cheater that way he builds up his own fake proxy and sends you simulated automated hits with different false HTTP_X_FORWARED_FOR? Looks more safe if i just count hits with different REMOTE_ADDR and set random cookie which is bound to this REMOTE_ADDR to me. Or am i missing something?
          http://www.adult-webmasters.info/

          Comment

          Working...