security in PHP

video

I want to write a script PHP which refuse all proxy anonyme! anyone can help me!
(to avoid people go to my site by proxy anonyme)

trooper

Thats a server issue not so much a php issue

You set up the security on the server that you are running

goto http://www.apache.org (if your using that) and take a look around there

HTH

video

anyway you can do it with a script PHP!🙂
so I want to do it by this way!

trooper

YOu want to prevent people getting to a script if they are being served by a proxy ?

Can you confirm that i am reading this right?

video

Originally posted by video
anyway you can do it with a script PHP!🙂
so I want to do it by this way!

yes!

trooper

Why ?

Mg2

Sounds like a good idea to me...could you possible create a huge list of commonly used ip's and ban them? or is there a way to tell if somebody is using a proxy?

video

Originally posted by trooper
Why ?

GM

for many reasons
first: security
2/control visitors
3/ get more info about vistors

designguy79

You can check the value of $_SERVER["remote_addr"]

At least, that is where I would start. Then maybe check it against an array of IP's you want to block. Here is a quick example (may have bugs 😃 )

$blocked_ips = array();
$blocked_ips[] = "192.168.0.1";
$blocked_ips[] = "192.168.0.2";
$blocked_ips[] = "192.168.0.3";
// etc, you will want to find out what IP's you want to really block
// by looking at $_SERVER["remote_addr"]

if(in_array($_SERVER["remote_addr"],$blocked_ips)) {
  header("HTTP/1.0 403 Access Denied");
  header("Status: 403 Access Denied");
  echo "Sorry, you don't have access";
  exit();
}

Have fun...

video

your ideas are good , but it don't works verygood.it just work for block IP
I have thought of about
$SERVER['X_FORWARDED_FOR'] et $SERVER['X_FORWARDED_FOR']
if these variable exist it means the vistor have used proxy. But I am not satifait with my solution so I ask people here, if there are the another better solutions.

Deposeni

How about going from proxy list sites, and adding all those IPs to your ban script? 😃

It'd work with 70% of the visitors... but it would be hard to add... If you find an answer to this problem, I wouldn't mind knowing how to do it.

RedDragon

first get the ip of the user,
reading out the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR and the REMOTE_ADDR vars using getenv, there are good examples for that on php.net/getenv

then you can compare it to lists of public proxies...

some proxies hide their ip adress then one of the values above will contain the word 'unknown'

trooper

Hmm am still wondering why you want to ban users that use proxy server

The vast majority of users will be using a proxy server to get to a site (whether it be their ISPs or their own).

If you do manage to prevent proxy servers from accessing the site then you'll be reducing the number of people who can access the site.

Just a thought

HTH
GM

Deposeni

Originally posted by trooper
Hmm am still wondering why you want to ban users that use proxy server

The vast majority of users will be using a proxy server to get to a site (whether it be their ISPs or their own).

If you do manage to prevent proxy servers from accessing the site then you'll be reducing the number of people who can access the site.

Just a thought

HTH
GM

Its just a guess - but maybe he's creating a referral script.... A person can get their referall ID, and then just turn on a random proxy + visit the referral site a bunch of times, and then rank up their referrals...

A perfect use for this would be a web-based game where you are rewarded for telling your friends (I.e. racewarkingdoms.com gives you 100,000,000 gold per person you get to visit your link)

trooper

Video

can you explain what it is you are trying to do ?

video

I want to control totaly all vistor come to my site, the first, because there is some page of site I can give us access with their real IP, if they use proxy the connection will be cut right away!
the other way I want to make a recherch of this methode to prevent visitor use proxy to attack a site.

trooper

Ok so you want user demographics - to do that you simply need to access the $_SERVER array and pull items out of it

This one page that you want people to access to why not simply protect it with a password.

The point is that proxies are an important and integral part of the web - to prevent someone from access pages because they are using on (some people don't even know they are using one) is going to cause problems

Yeah you could ban certain users based upon their IP address. Lets say that you have 2 users 1 that you want to access the page and the other that you don't want to access the page

Your proposed action would mean that you would either have to allow both users access or deny both users.

You could use the users IP address ($_SERVER['REMOTE_ADDR']) but be aware that people who connect to the internet using a modem will often have a "dynamic IP" -> so they will not have the same IP as the last time they visited.

Your best bet is to use "authentication my knowledge" option (that is a username ans password approach).

I think that you may be making this a little more complicated than it needs to be

Only my opinions - what does everyone else think?

Originally posted by video
I want to control totaly all vistor come to my site, the first, because there is some page of site I can give us access with their real IP, if they use proxy the connection will be cut right away!
the other way I want to make a recherch of this methode to prevent visitor use proxy to attack a site.

video

I know it is a little complicated what I have thought.
the problem I allow the people use "dynamic IP" come to my page but not a proxies come from a provider of proxy( there is alway the differente betweent them)
The way :authentication is another soultion in here, the page is accessable for all people(with real iP).
The other solution I think of is make accessalble for all people mail if the use proxy, I want that my scritp(or system) will analyse this proxy then looking for their real IP?(where they come from) Have you any ideas to help me about that.

philvia

get their IP...

upload this file...

then add this to all the pages you don't want them to access...

if (($kos) && ($isp) && (eregi("$isp", $email)<=0))
{
echo "$heada
I DON'T LIKE YOU! GET OUT!
	}
	exit;

if (($kos) && ($isp) && (eregi("$isp", $email)<=0)) { 
    switch ($randomx) { 
        case 1: 
            echo "<img src=\"http://www.domain.com/1.jpg\" />"; 
            break; 
        case 2: 
            echo "<img src=\"http://www.domain.com/2.jpg\" />"; 
            break; 
        case 3: 
            echo "<img src=\"http://www.domain.com/3.jpg\" />"; 
            break; 
        case 4: 
            echo "<img src=\"http://www.domain.com/4.jpg\" />"; 
            break; 
        case 5: 
            echo "<img src=\"http://www.domain.com/5.jpg\" />"; 
    } 
    exit;

That wont block proxies though.

[mod edit]I changed the image names from what you originally had. What you originally had is definately not allowed here, and not only that, but the links actually exist and people may actually view these images. It's extremely offensive and we don't want it posted here. Please don't do that again.[/mod edit]

designguy79

Originally posted by video
...I want that my scritp (or system) will analyse this proxy then looking for their real IP? (where they come from)...

It is completely impossible to get their real IP address from behind the proxy. The whole intent of having a proxy is for security, anonyminity (sp?), and in alot of cases, filtering and restricting access that is outgoing. Unless you can hack into the proxy itself... :-)

I believe that you are "missing" a concept somewhere, or not explaining what you really need done. And I don't think you English is helping, either. 😃

Don't give up, just try researching proxies more, and if needed, post a better explanation here.