Zester

i'm trying to build a very simply a trading script in PHP
I'm looking to do some anti cheating features, how do I detect proxy hits?
is there anything 100% bullet proof?

i'm already ignoring hits I can't plant cookies on or can't get the IP address from

__________________
* Mainstream ? $65 per sale
* new male contraception

Trent Edison

If proxy is not "high anonimity", you can analyze HTTP reqests and detect them if there are parameters like "Via:", etc. In case of "high anonimity" proxies you have no means to detect except if you have the full list of "high anonimity" proxies in the internet.

__________________

Rorschach

Http_via =
Http_x_forwarded_for =
Http_from =

Zester

is there really a full list of "high anonimity" proxies ? where can i get it?

__________________
* Mainstream ? $65 per sale
* new male contraception

chupachups

lolol no I dont think so
better just go with:

Http_via =
Http_x_forwarded_for =
Http_from =

__________________

Zester

any other methods of cheating I should know about?

__________________
* Mainstream ? $65 per sale
* new male contraception

azguy

It's not easy to block proxy hits, but it is doable to some extent.

What you could theoretically do is, run a batch script that scans through your log of whatever type, extracts the IP address, and attempts to connect to it as if it was a proxy server (check all ports for an open HTTP/Socks proxy). This can be a slow process, which is why you should never do it on-the-fly and only in batch. Also, you shouldn't wait too long before you check an IP, as proxy servers tend to die fast and your `evidence` will be lost.

EDIT: Needless to say, when a proxy is found you can cancel that specific hit/sale or do whatever you want with your findings.

Zester

thanks for that idea
now are there any other methods of cheating/faking hits besides the usage of proxy?

__________________
* Mainstream ? $65 per sale
* new male contraception

azguy

There are plenty

Zester

care to list a few?

__________________
* Mainstream ? $65 per sale
* new male contraception

azguy

Why do you ignore hits that block cookies? I wouldn't do that. If someone wants to fake hits, it's very easy for them to accept cookies (cURL+PHP can easily do that). You're just losing real hits using this approach.

azguy

It really depends on what you're trying to accomplish. Where do you block hits (what is the type of service that you have)?

Cheaters customize their behvaior based on what the need is, so I can't give a general answer. If they try to cheat pay-per-click systems, then in addition to getting unique IPs by using proxies, they will also try to trick users into hitting your pages.

azguy

These days it's not so easy to detect SOCKS proxies as it used to be. Back in the day you knew it's a SOCKS if port 1080 was open. Now you'll see all kinds of different ports - 44444, 323232, 34000, etc.

Zester

come to think of it: MSNTV is a proxy, AOL is a proxy, Earthlink is a proxy...Most cable modems are proxies....

__________________
* Mainstream ? $65 per sale
* new male contraception

azguy

But you can still ignore those. They are mostly used by an actual legit user, as they are not public.

azguy

If you tell me what you're trying to do, I'll have more specific ideas for you. Hit me up if you don't want to post it here.

Zester

I tested the following:
while (list($key, $val) = each($_SERVER)) {
echo "$key => $val<br>";
}

accessing the page myself I got:
HTTP_VIA => 1.1 PTK-CACHE-218B (NetCache NetApp/5.6.1D21)
HTTP_X_FORWARDED_FOR => 86.179.229.242



so did I miss something?

__________________
* Mainstream ? $65 per sale
* new male contraception

pstation

A lot of proxies dont expose them as being proxies, what you can do however is attempt to connect to the remote host on the common ports that proxies run on.

So you could possible do something like this provided you are running PHP: