I have a website that I need to make sure the users are all unique. A good way of checking is by ip address. Now, in my register.php file, it logs the ip when someone signs up as:

$ip = $_SERVER['REMOTE_ADDR'];

Now, when someone uses a proxy, it just gives me the IP of the Proxy. I have tried to substitute code in from what I have found online, but none seem to work. I can not remember all that I have tried, but one is:

function GetUserIP()
{

if (isset($_SERVER)) 
 {
   if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) 
    {
       $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
   } 
    elseif(isset($_SERVER["HTTP_CLIENT_IP"])) 
    {
       $ip = $_SERVER["HTTP_CLIENT_IP"];
   } else 
    {
       $ip = $_SERVER["REMOTE_ADDR"];
   }
} 
else 
 {
   if ( getenv( 'HTTP_X_FORWARDED_FOR' ) ) 
    {
       $ip = getenv( 'HTTP_X_FORWARDED_FOR' );
   } 
    elseif ( getenv( 'HTTP_CLIENT_IP' ) ) 
    {
       $ip = getenv( 'HTTP_CLIENT_IP' );
   } 
    else 
    {
       $ip = getenv( 'REMOTE_ADDR' );
   }
}
 return $ip;

}

$ip = GetUserIP();

This doesn't work, and it seems like it should. If anyone can help, it would be appreciated. I may offer a small reward.

Thanks

    When the client is using a proxy, the proxy may send the client's IP or a fake IP or no client IP information at all. So even if the server receives an address, it can't be trusted without knowing the specific proxy's habits. This page sums it up well.

      Try this one. Havent tested it though

      <?php
   function getIP() {
       $tmparr = array();
       $tmparr[] = $_SERVER['REMOTE_ADDR'];
       if  (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
           $tmparr +=  explode(',',$_SERVER['HTTP_X_FORWARDED_FOR']);
       }

   return end($tmparr);
   }

   echo getIP();
?>

        There really is no way you can do what you are trying to do. And keep in mind that the ip address can actually change. Trying to key on ip is pretty much a waste of time.

          Originally posted by Installer
          When the client is using a proxy, the proxy may send the client's IP or a fake IP or no client IP information at all. So even if the server receives an address, it can't be trusted without knowing the specific proxy's habits. This page sums it up well.

          Excellent site... didn't know java could do that.

            That code didn't work 😕 But, I found a site http://www.all-nettools.com/toolbox that has a tool that will let you see if your proxy is really hidden. I entered some proxies and they gave me my real ip. I WOULD LOVE TO FIND OUT HOW TO GET THIS.

            EDIT High anomnity proxies are not discovered

              A few sites offer the user the option to bind their user account to an ip address so if your IP don't match, you can't log in. Try doing that so that users with static ip's can do what you are trying to do.

              But like the others said, proxy's rarely give you the user's realy IP address, hence why people often use them, and if the user has a dynamic IP address, then it will be different every time they re-connect.

              IDEA
              What about doing a traceroute through PHP which will allow you to discover the user's host username? Alot of ISP's keep the username the same while the IP address changes. Or if it changes you could check the ISP domain (e,g, someip@ispdomain.com) or something along those lines?

                I guess I didn't explain really well what I wanted to do. I just want to be able to see all user's real ips. My site only allows one person per house hold, and I am afraid people will use proxies to cheat.

                Thanks

                  Best thing you can do is use a cookie on their computer, but as soon as they clear their cookies then you're screwed.

                  Alternatively use other information using PHP like the user's username on their computer. I can't remember what the function is but I created a site once where it got hold of the person's username in windows xp (so long as the browser let it).

                  If not you could always gather browser information etc. Plus a majority of common net users don't have any idea what a proxy is yet alone how to use it to cheat to get around your block lol. It's only users with a vague idea of what they are doing that can get around it.

                  Also, it's impossible to do this based on IP anyway - soon as you get a user with a dynamic IP you might as well not have bothered because all they need to do is reconnet to the net and they have a different IP.

                    Originally posted by techgearfree
                    I guess I didn't explain really well what I wanted to do. I just want to be able to see all user's real ips. My site only allows one person per house hold, and I am afraid people will use proxies to cheat.


                    Thanks

                    The use of proxies is not a cheat - it is how 1 billion people get to go online and share the limited available IP addresses. ISPs also use them to cut down on network traffic and load-balance their backbone infrastructure.

                      Best thing you can do is use a cookie on their computer, but as soon as they clear their cookies then you're screwed.

                      I plan to try to make a cookie system too (I better just make a new post for that when I am ready)

                      Now, on this site one person signs up, and referrs other people to get a prize kinda like that free ipod site. Now, I know that like if I reset my dsl modem right now I will have a different IP. The ip however is very similar. If I am just checking similarities between one account and the 5 people they referred, I can tell if the ip difference is like 33.55.333 and 33.55.357. This is just one of many ways I want to combat fraud.

                      Now, the best ip detector I have tried is that one on:

                      http://www.all-nettools.com/toolbox

                      I like how even if it doesn't tell you your ip, it says you are behind a proxy. If anyone could give me that script, I would reward you.

                      Thanks

                        And still the answer applies;

                        most people, ie 75% +, are going to be behind an ISP proxy or getting dynamic IP addr. Now yes you can find out what network they are on, ie Who is their ISP. So what? Does that mean that if one AOL user signs up, no other user on AOL can?? Think this through again.

                          The real click count fraudsters are more sophisticated than that anyway. They use a web-site aimed at a mass market that opens a hidden window on visitors machines that sends a hit to your site. Some of them will use a window that mass redirects to loads of sites to rack up clicks on loads of refere programs. Your IP tracking is going to see all diff IP anyway, so what is the point?

                          For a programmer in India or Indonesia, in an economy where $2000 per annum is a nice lifstyle, then this sort of thing is well worth the effort.

                          It is this kind of hidden pop-up that is driving users to FireFox and NT7 en mass, those that know that is.

                            I understand what you are saying, but when I am checking a account and his referrals for fraud, ip is just one thing I take into account. If one person has signed up 5 people, and one ip is similar, and all other info is different, I will let it fly. Now, If 1 ip is similar along with same browser, and I have found info on a cookie that the same comp. was used, I will deny that person.

                            It is really just to help me use my judgement. So, does anyone know what that program has in it's code?

                            Thanks

                              How do you plan on chceking for similarities? That won't work as anyone on the same ISP with dynamic IPs will have similar IP addresses. Plus I know for a fact that with my previous static IP address, my friend's IP address was identical all but the last digit because he signed up about 2 days after me to this ISP.

                              Plus an ISP will not miss out on free IP addresses. When one person connects and gets something like 86.53.87.56, the next person to log on to that ISP's system will be assigned 86.53.87.57

                              By your system if I signed up, then he tried to then your system would think it was me trying to sign up again.

                              Also, you said your modem will not get a new IP unless you restarted it. AOL, Freeserve and BT all use USB ADSL modems as their primary modems to users and these obtain a new IP every time a new 'dial up' session is initiated.

                                I would use other things to also detect fraud. It would not be base entirely upon IP. I understand that they can be a little different, how ever, if I could see through proxies that the IP came from 1 that it all the same, that would show me it was fake.

                                  NO IT WOULD NOT. You have been told repeatedly BY EVERYONE that you are pissing into the wind. If you don't want to listen because you don't like the answer, tough. It will be your site that suffers. Goodbye.

                                    I agree with the last post. Give up.

                                    Try using hashed registration codes which user's have to enter when they register - if the code is wrong or already used then deny registration.

                                    How you get the codes to these users is up to you, but it's far simpler to do it this way.

                                      Write a Reply...