blocking proxy hits
 

i'm trying to build a very simply a trading script in PHP
I'm looking to do some anti cheating features, how do I detect proxy hits?
is there anything 100% bullet proof?

i'm already ignoring hits I can't plant cookies on or can't get the IP address from

If proxy is not "high anonimity", you can analyze HTTP reqests and detect them if there are parameters like "Via:", etc. In case of "high anonimity" proxies you have no means to detect except if you have the full list of "high anonimity" proxies in the internet. :winkwink:

Http_via =
Http_x_forwarded_for =
Http_from =

is there really a full list of "high anonimity" proxies ? where can i get it?

lolol no I dont think so :1orglaugh :1orglaugh
better just go with:

Http_via =
Http_x_forwarded_for =
Http_from =

any other methods of cheating I should know about?

It's not easy to block proxy hits, but it is doable to some extent.

What you could theoretically do is, run a batch script that scans through your log of whatever type, extracts the IP address, and attempts to connect to it as if it was a proxy server (check all ports for an open HTTP/Socks proxy). This can be a slow process, which is why you should never do it on-the-fly and only in batch. Also, you shouldn't wait too long before you check an IP, as proxy servers tend to die fast and your `evidence` will be lost.

EDIT: Needless to say, when a proxy is found you can cancel that specific hit/sale or do whatever you want with your findings.

thanks for that idea
now are there any other methods of cheating/faking hits besides the usage of proxy?

There are plenty :2 cents: :2 cents:

care to list a few?

Why do you ignore hits that block cookies? I wouldn't do that. If someone wants to fake hits, it's very easy for them to accept cookies (cURL+PHP can easily do that). You're just losing real hits using this approach.

It really depends on what you're trying to accomplish. Where do you block hits (what is the type of service that you have)?

Cheaters customize their behvaior based on what the need is, so I can't give a general answer. If they try to cheat pay-per-click systems, then in addition to getting unique IPs by using proxies, they will also try to trick users into hitting your pages.

These days it's not so easy to detect SOCKS proxies as it used to be. Back in the day you knew it's a SOCKS if port 1080 was open. Now you'll see all kinds of different ports - 44444, 323232, 34000, etc.

come to think of it: MSNTV is a proxy, AOL is a proxy, Earthlink is a proxy...Most cable modems are proxies....

But you can still ignore those. They are mostly used by an actual legit user, as they are not public.

If you tell me what you're trying to do, I'll have more specific ideas for you. Hit me up if you don't want to post it here.

I tested the following:
while (list($key, $val) = each($_SERVER)) {
echo "$key => $val<br>";
}

accessing the page myself I got:
HTTP_VIA => 1.1 PTK-CACHE-218B (NetCache NetApp/5.6.1D21)
HTTP_X_FORWARDED_FOR => 86.179.229.242



so did I miss something?

A lot of proxies dont expose them as being proxies, what you can do however is attempt to connect to the remote host on the common ports that proxies run on.

So you could possible do something like this provided you are running PHP: