GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Whats the best way to block proxy servers? (https://gfy.com/showthread.php?t=1088694)

mikesouth 11-09-2012 11:46 AM
Whats the best way to block proxy servers?
 
I have strongbox, but im regularly getting barraged with brute force attacks via proxies like tor.

Is there a way to deny access reliably?

I looked at blackbox proxy block

http://www.shroomery.org/ythan/proxyblock.php

but i have no idea how to integrate that into .htaccess or whatever

or if theres even a better way.

I use a wordpress front end to the site

I have a wordpress plugin that is supposed to deny access from selected countries but it doesnt seem to work

anyone can help, I'd be most appreciative.

mikesouth 11-09-2012 12:02 PM
how would i merge this:

RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]

into this....without breaking anything (IDKS about htaccess)

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
Options -Indexes

Va2k 11-09-2012 12:07 PM
Couldn't you do just

RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
Options -Indexes

PSD 11-09-2012 12:18 PM
Following was modified from some page which I can't remember at the moment for blocking requests from tor nodes, hope it helps.

Put the following in a file called getcache.php and add a cron job to run it every 15 minutes or so. It retrieves a list of IP addresses that people use for tor and puts them in the directory defined by $CacheDir.

Code:
<?php
// Retrieves the tor exit nodes from specified servers.

// Configuration
$SourceFiles[0] = "https://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[1] = "https://torstatus.all.de/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[2] = "https://torstatus.kgprog.com/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[3] = "https://kradense.whsites.net/tns/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[4] = "http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[5] = "http://torstatus.all.de/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[6] = "http://torstatus.kgprog.com/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[7] = "http://tns.hermetix.org/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[8] = "http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[9] = "http://tns.hermetix.org/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[10] = "http://kradense.whsites.net/tns/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[11] = "http://tor.recox.org/ip_list_exit.php/Tor_ip_list_EXIT.csv";

// These are set to the main Tor Network Status servers, but you can change them to whatever you want,
// as long as the format is one IP per line, and they are ordered

$CacheDir = "/var/www/torcache"; // Directory that the ip files are written to
// Make sure you set full write access to this directory

$sites = count($SourceFiles); // Count how many sources there are to choose from, so you don't have to
$f = false; // File handler false by default
$s = false; // Success false by default

for($i=0; $i<$sites; $i++) // For loop to make sure we get one ip list
{
$f=file($SourceFiles[$i]); // Attempt to open the file
if ($f != false) // If file was successfully opened
{
$s = true; // Set success to true
break; // Get out of the for loop
}
}

if ($s == false) die("No cache file could be retrieved."); // Die if we didn't get a file

$len = count($f); // Number of IPs retrieved
$last = 0; // Var used for changing files in the tor cache
$f2 = false; // Resource indicator for writing the file

for($j=0;$j<$len;$j++) // While we still have IPs to go through
{
$foctet = explode(".",$f[$j],2); // Get just the first octet from the IP
if ($last == 0) // This happens only the first time
{
$f2 = fopen($CacheDir . "/" . $foctet[0], "w"); // Open a new file
} else
if ($foctet[0] != $last) // If our first octet has changed
{
fclose($f2); // Close our other file
$f2 = fopen($CacheDir . "/" . $foctet[0], "w"); // Open a new one
}
fwrite($f2, $f[$j]); // Write our IP to the file
$last = $foctet[0]; // Set the last octet to this octet, so we can compare next time
}

fclose($f2); // Close the last file
//That should do the trick.

?>
Then add a file called torcheck.php containing following which checks the list of tor IPs the previous script obtained and returns a 0 or a 1 to tell whether the request is from tor ...

Code:
<?php
// Compares Remote IP Address to a tor router list

// Configuration
$tornode=0;
$CacheDir = "/var/www/torcache"; // Directory that the ip files are contained

$foctet = explode(".", $_SERVER['REMOTE_ADDR'], 2); // Get first octet of IP address
$f=@file($CacheDir . "/" . $foctet[0]); // Open cache file, suppressing error messages

$len = count($f); // Count the amount of IPs in the cache file
$isrouter = false; // Default, as this value only changes if it is a router
if ($f != false) {
$ip = ip2long($_SERVER['REMOTE_ADDR']); // Our IP address as an integer
for ($i=0;$i<$len;$i++) // While there are still IP addresses to read
{
if ($ip == ip2long(rtrim($f[$i]))) // If the remote IP and an IP from the list match
{
$isrouter = true; // Our visitor is a tor node
break; // Continue
}
}
}

if ($isrouter) // If visitor is a tor node
{ // Put any code you want here
$tornode=1;
exit(); // Exit
}
else // If visitor is not a tor node
{ // Put any code you want here
// Do Nothing
$tornode=0;
}
//echo("Your IP address is " . $_SERVER['REMOTE_ADDR']); // Optional; removal is recommended
// That should just about do it.
?>
Then add the following to any or all pages you want to protect from tor request.

Code:
include('/path/to/torcheck.php');

$ipaddress = $_SERVER['REMOTE_ADDR'];

if($tornode == 1){

// tor client, do something

// uncomment to exit
// exit();

// uncomment to redirect
// header("Location:http://www.somewhere.com/");
// exit();

// uncomment to send email

// $adminemail = '[email protected]';
// $errormessage =
// 'Issue: Tor request'  . "\n" .
// 'Users IP Address: ' . $_SERVER['REMOTE_ADDR'] . "\n" .
// 'User Agent: ' . $_SERVER['HTTP_USER_AGENT'] . "\n" .
// 'Referring URL: ' . $_SERVER['HTTP_REFERER'] . "\n" .
// 'URL Clicked: ' . 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "\n" .
// 'IP Info: ' . 'http://www.ip-adress.com/ip_tracer/' . $_SERVER['REMOTE_ADDR'];

// mail($adminemail, "Tor Request", $errormessage, "From: $adminemail");

// uncomment to add to iptables if you use that

// $homeip = 'your ip address you access server with';
// $serverip = 'any server ip you don't want blocked';
// if(!ereg("($homeip|$serverip)",$_SERVER['REMOTE_ADDR'])){
// exec("sudo /sbin/iptables -I INPUT -p tcp -m tcp -s $ipaddress --dport 80 -j DROP");
// }

}

Va2k 11-09-2012 12:21 PM
WOW That's hot... have you tried it?

PSD 11-09-2012 12:24 PM
yes, seems to work, found the original ...

http://villavu.com/forum/showthread.php?t=30392

mikesouth 11-09-2012 12:46 PM
Thats pretty brilliant but why not a simple script to just pass the IP to blackbox proxy and handle the return code...let them do all the proxy collection info stuff

Im not all that with scripting I havent coded in years

blackbox works like so

When you want to check if someone is using a proxy, simply request:
http://www.shroomery.org/ythan/proxy...p?ip=127.0.0.1

The response is a single character and will contain one of three values: Y if it's a proxy, N if it isn't, or X if there's an error.

PSD 11-09-2012 01:00 PM
Don't know anything about that blackbox service. Doing it locally though would be faster since you don't have to make requests over the Internet like you do with that one. You can update the list as often as you want with the cron job, don't know how often the list that blackbox program uses updates. While I assume it gets the list of ips from the same sources, I don't know. Also don't know what other ips are in the list that are getting blocked, where as with this script you know they are only tor ips.

mikesouth 11-09-2012 01:03 PM
good point thanks much to both of you :thumbsup

PSD 11-09-2012 01:21 PM
your welcome, btw, I just tried about 10 tor IPs on the URL you provided and about 50% were detected. Maybe you could try using both.

Also while I only use the third bit of code I posted in one file, if anyone tries the code and wants to protect more than one file, you should put the third bit of code in a file named say includetorcheck.php and include it in the top of other pages you want to protect with include('/path/to/includetorcheck.php');

PSD 11-09-2012 01:56 PM
For that blackbox service you could test something like the following.

Code:
<?php

$proxycheckurl = 'http://www.shroomery.org/ythan/proxycheck.php?ip=' . $_SERVER['REMOTE_ADDR'];
$proxy = @file_get_contents("$proxycheckurl");

if($proxy == 'Y'){
// proxy, do something like exit or redirect
// exit();
// header("Location:http://www.somewhere.com/");
// exit();
}elseif($proxy == 'N'){
// does not look like proxy, do nothing
}else{
// error, do nothing
}

?>

mikesouth 11-09-2012 02:10 PM
FWIW i used this code as a quick fix and strongbox went from blocking 3 attempts per sec down to 2 in an hour so this is catching a good many attempts

RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]

PSD 11-09-2012 02:41 PM
Good to hear, if you continue to get 3 or more attempts per second, you may want to consider temporarily blocking the IPs from future access attempts to reduce web server load instead of just dropping the connection each time. Bit more involved but following page contains info on how to implement it with the Rewrite you are using.

http://www.rlaprise.net/testing-solu...-and-iptables/

CamDoughCat 11-09-2012 04:24 PM
Another option I find which works very well is ZBblock - works great for wordpress sites.


All times are GMT -7. The time now is 08:45 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123