Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar Mark Forums Read
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 11-09-2012, 11:46 AM   #1
mikesouth
Confirmed User
 
mikesouth's Avatar
 
Industry Role:
Join Date: Jun 2003
Location: My High Horse
Posts: 6,334
Whats the best way to block proxy servers?

I have strongbox, but im regularly getting barraged with brute force attacks via proxies like tor.

Is there a way to deny access reliably?

I looked at blackbox proxy block

http://www.shroomery.org/ythan/proxyblock.php

but i have no idea how to integrate that into .htaccess or whatever

or if theres even a better way.

I use a wordpress front end to the site

I have a wordpress plugin that is supposed to deny access from selected countries but it doesnt seem to work

anyone can help, I'd be most appreciative.
__________________
Mike South

It's No wonder I took up drugs and alcohol, it's the only way I could dumb myself down enough to cope with the morons in this biz.
mikesouth is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 11-09-2012, 12:02 PM   #2
mikesouth
Confirmed User
 
mikesouth's Avatar
 
Industry Role:
Join Date: Jun 2003
Location: My High Horse
Posts: 6,334
how would i merge this:

RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]

into this....without breaking anything (IDKS about htaccess)

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
Options -Indexes
__________________
Mike South

It's No wonder I took up drugs and alcohol, it's the only way I could dumb myself down enough to cope with the morons in this biz.
mikesouth is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 11-09-2012, 12:07 PM   #3
Va2k
I’m still alive barley.
 
Va2k's Avatar
 
Industry Role:
Join Date: Oct 2001
Location: Va
Posts: 10,060
Couldn't you do just

RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
Options -Indexes
__________________
Va2k is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 11-09-2012, 12:18 PM   #4
PSD
PornSiteDomains.com
 
PSD's Avatar
 
Industry Role:
Join Date: Oct 2002
Location: US
Posts: 1,265
Following was modified from some page which I can't remember at the moment for blocking requests from tor nodes, hope it helps.

Put the following in a file called getcache.php and add a cron job to run it every 15 minutes or so. It retrieves a list of IP addresses that people use for tor and puts them in the directory defined by $CacheDir.

Code:
<?php
// Retrieves the tor exit nodes from specified servers.

// Configuration
$SourceFiles[0] = "https://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[1] = "https://torstatus.all.de/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[2] = "https://torstatus.kgprog.com/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[3] = "https://kradense.whsites.net/tns/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[4] = "http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[5] = "http://torstatus.all.de/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[6] = "http://torstatus.kgprog.com/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[7] = "http://tns.hermetix.org/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[8] = "http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[9] = "http://tns.hermetix.org/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[10] = "http://kradense.whsites.net/tns/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[11] = "http://tor.recox.org/ip_list_exit.php/Tor_ip_list_EXIT.csv";

// These are set to the main Tor Network Status servers, but you can change them to whatever you want,
// as long as the format is one IP per line, and they are ordered

$CacheDir = "/var/www/torcache"; // Directory that the ip files are written to
// Make sure you set full write access to this directory

$sites = count($SourceFiles); // Count how many sources there are to choose from, so you don't have to
$f = false; // File handler false by default
$s = false; // Success false by default

for($i=0; $i<$sites; $i++) // For loop to make sure we get one ip list
{
$f=file($SourceFiles[$i]); // Attempt to open the file
if ($f != false) // If file was successfully opened
{
$s = true; // Set success to true
break; // Get out of the for loop
}
}

if ($s == false) die("No cache file could be retrieved."); // Die if we didn't get a file

$len = count($f); // Number of IPs retrieved
$last = 0; // Var used for changing files in the tor cache
$f2 = false; // Resource indicator for writing the file

for($j=0;$j<$len;$j++) // While we still have IPs to go through
{
$foctet = explode(".",$f[$j],2); // Get just the first octet from the IP
if ($last == 0) // This happens only the first time
{
$f2 = fopen($CacheDir . "/" . $foctet[0], "w"); // Open a new file
} else
if ($foctet[0] != $last) // If our first octet has changed
{
fclose($f2); // Close our other file
$f2 = fopen($CacheDir . "/" . $foctet[0], "w"); // Open a new one
}
fwrite($f2, $f[$j]); // Write our IP to the file
$last = $foctet[0]; // Set the last octet to this octet, so we can compare next time
}

fclose($f2); // Close the last file
//That should do the trick.

?>
Then add a file called torcheck.php containing following which checks the list of tor IPs the previous script obtained and returns a 0 or a 1 to tell whether the request is from tor ...

Code:
<?php
// Compares Remote IP Address to a tor router list

// Configuration
$tornode=0;
$CacheDir = "/var/www/torcache"; // Directory that the ip files are contained

$foctet = explode(".", $_SERVER['REMOTE_ADDR'], 2); // Get first octet of IP address
$f=@file($CacheDir . "/" . $foctet[0]); // Open cache file, suppressing error messages

$len = count($f); // Count the amount of IPs in the cache file
$isrouter = false; // Default, as this value only changes if it is a router
if ($f != false) {
$ip = ip2long($_SERVER['REMOTE_ADDR']); // Our IP address as an integer
for ($i=0;$i<$len;$i++) // While there are still IP addresses to read
{
if ($ip == ip2long(rtrim($f[$i]))) // If the remote IP and an IP from the list match
{
$isrouter = true; // Our visitor is a tor node
break; // Continue
}
}
}

if ($isrouter) // If visitor is a tor node
{ // Put any code you want here
$tornode=1;
exit(); // Exit
}
else // If visitor is not a tor node
{ // Put any code you want here
// Do Nothing
$tornode=0;
}
//echo("Your IP address is " . $_SERVER['REMOTE_ADDR']); // Optional; removal is recommended
// That should just about do it.
?>
Then add the following to any or all pages you want to protect from tor request.

Code:
include('/path/to/torcheck.php');

$ipaddress = $_SERVER['REMOTE_ADDR'];

if($tornode == 1){

// tor client, do something

// uncomment to exit
// exit();

// uncomment to redirect
// header("Location:http://www.somewhere.com/");
// exit();

// uncomment to send email

// $adminemail = '[email protected]';
// $errormessage =
// 'Issue: Tor request'  . "\n" .
// 'Users IP Address: ' . $_SERVER['REMOTE_ADDR'] . "\n" .
// 'User Agent: ' . $_SERVER['HTTP_USER_AGENT'] . "\n" .
// 'Referring URL: ' . $_SERVER['HTTP_REFERER'] . "\n" .
// 'URL Clicked: ' . 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "\n" .
// 'IP Info: ' . 'http://www.ip-adress.com/ip_tracer/' . $_SERVER['REMOTE_ADDR'];

// mail($adminemail, "Tor Request", $errormessage, "From: $adminemail");

// uncomment to add to iptables if you use that

// $homeip = 'your ip address you access server with';
// $serverip = 'any server ip you don't want blocked';
// if(!ereg("($homeip|$serverip)",$_SERVER['REMOTE_ADDR'])){
// exec("sudo /sbin/iptables -I INPUT -p tcp -m tcp -s $ipaddress --dport 80 -j DROP");
// }

}
__________________
PornSiteDomains.com

Last edited by PSD; 11-09-2012 at 12:29 PM..
PSD is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 11-09-2012, 12:21 PM   #5
Va2k
I’m still alive barley.
 
Va2k's Avatar
 
Industry Role:
Join Date: Oct 2001
Location: Va
Posts: 10,060
WOW That's hot... have you tried it?
__________________
Va2k is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 11-09-2012, 12:24 PM   #6
PSD
PornSiteDomains.com
 
PSD's Avatar
 
Industry Role:
Join Date: Oct 2002
Location: US
Posts: 1,265
yes, seems to work, found the original ...

http://villavu.com/forum/showthread.php?t=30392
__________________
PornSiteDomains.com
PSD is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 11-09-2012, 12:46 PM   #7
mikesouth
Confirmed User
 
mikesouth's Avatar
 
Industry Role:
Join Date: Jun 2003
Location: My High Horse
Posts: 6,334
Thats pretty brilliant but why not a simple script to just pass the IP to blackbox proxy and handle the return code...let them do all the proxy collection info stuff

Im not all that with scripting I havent coded in years

blackbox works like so

When you want to check if someone is using a proxy, simply request:
http://www.shroomery.org/ythan/proxy...p?ip=127.0.0.1

The response is a single character and will contain one of three values: Y if it's a proxy, N if it isn't, or X if there's an error.
__________________
Mike South

It's No wonder I took up drugs and alcohol, it's the only way I could dumb myself down enough to cope with the morons in this biz.
mikesouth is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 11-09-2012, 01:00 PM   #8
PSD
PornSiteDomains.com
 
PSD's Avatar
 
Industry Role:
Join Date: Oct 2002
Location: US
Posts: 1,265
Don't know anything about that blackbox service. Doing it locally though would be faster since you don't have to make requests over the Internet like you do with that one. You can update the list as often as you want with the cron job, don't know how often the list that blackbox program uses updates. While I assume it gets the list of ips from the same sources, I don't know. Also don't know what other ips are in the list that are getting blocked, where as with this script you know they are only tor ips.
__________________
PornSiteDomains.com
PSD is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 11-09-2012, 01:03 PM   #9
mikesouth
Confirmed User
 
mikesouth's Avatar
 
Industry Role:
Join Date: Jun 2003
Location: My High Horse
Posts: 6,334
good point thanks much to both of you
__________________
Mike South

It's No wonder I took up drugs and alcohol, it's the only way I could dumb myself down enough to cope with the morons in this biz.
mikesouth is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 11-09-2012, 01:21 PM   #10
PSD
PornSiteDomains.com
 
PSD's Avatar
 
Industry Role:
Join Date: Oct 2002
Location: US
Posts: 1,265
your welcome, btw, I just tried about 10 tor IPs on the URL you provided and about 50% were detected. Maybe you could try using both.

Also while I only use the third bit of code I posted in one file, if anyone tries the code and wants to protect more than one file, you should put the third bit of code in a file named say includetorcheck.php and include it in the top of other pages you want to protect with include('/path/to/includetorcheck.php');
__________________
PornSiteDomains.com

Last edited by PSD; 11-09-2012 at 01:22 PM..
PSD is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 11-09-2012, 01:56 PM   #11
PSD
PornSiteDomains.com
 
PSD's Avatar
 
Industry Role:
Join Date: Oct 2002
Location: US
Posts: 1,265
For that blackbox service you could test something like the following.

Code:
<?php

$proxycheckurl = 'http://www.shroomery.org/ythan/proxycheck.php?ip=' . $_SERVER['REMOTE_ADDR'];
$proxy = @file_get_contents("$proxycheckurl");

if($proxy == 'Y'){
// proxy, do something like exit or redirect
// exit();
// header("Location:http://www.somewhere.com/");
// exit();
}elseif($proxy == 'N'){
// does not look like proxy, do nothing
}else{
// error, do nothing
}

?>
__________________
PornSiteDomains.com
PSD is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 11-09-2012, 02:10 PM   #12
mikesouth
Confirmed User
 
mikesouth's Avatar
 
Industry Role:
Join Date: Jun 2003
Location: My High Horse
Posts: 6,334
FWIW i used this code as a quick fix and strongbox went from blocking 3 attempts per sec down to 2 in an hour so this is catching a good many attempts

RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]
__________________
Mike South

It's No wonder I took up drugs and alcohol, it's the only way I could dumb myself down enough to cope with the morons in this biz.
mikesouth is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 11-09-2012, 02:41 PM   #13
PSD
PornSiteDomains.com
 
PSD's Avatar
 
Industry Role:
Join Date: Oct 2002
Location: US
Posts: 1,265
Good to hear, if you continue to get 3 or more attempts per second, you may want to consider temporarily blocking the IPs from future access attempts to reduce web server load instead of just dropping the connection each time. Bit more involved but following page contains info on how to implement it with the Rewrite you are using.

http://www.rlaprise.net/testing-solu...-and-iptables/
__________________
PornSiteDomains.com

Last edited by PSD; 11-09-2012 at 02:44 PM..
PSD is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 11-09-2012, 04:24 PM   #14
CamDoughCat
Confirmed User
 
CamDoughCat's Avatar
 
Join Date: Apr 2009
Location: The Jungle.
Posts: 341
Another option I find which works very well is ZBblock - works great for wordpress sites.
__________________

Catherine Ventura - Affiliate Sales
email: cat[at]camdough[dot]com
The Net's #1 Asian Cam Network
CamDoughCat is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks
Thread Tools



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.