Auto Ban of Proxy Surfers?

rr1024

Hello all thanks for reading my post I was wonding if anyone knows the best was to ban Proxy surfing from a website.

I first thought of something like this
1.

$IP = ( getenv('HTTP_CLIENT_IP') ? getenv('HTTP_CLIENT_IP') : getenv('REMOTE_ADDR') );

If false then the user is hiding their IP right? but then echo'd HTTP_CLIENT_IP and it seem to be empty for some reason or another?

Then I thought maybe something like this may work
2.

        

    IF ( getenv("HTTP_CLIENT_IP") && strcasecmp( getenv("HTTP_CLIENT_IP"), "unknown" ) )
         $IP = getenv("HTTP_CLIENT_IP");
    ELSEIF ( getenv("HTTP_X_FORWARDED_FOR") && strcasecmp( getenv("HTTP_X_FORWARDED_FOR"), "unknown" ) )
         $IP = getenv("HTTP_X_FORWARDED_FOR");
    ELSEIF ( getenv("REMOTE_ADDR") && strcasecmp( getenv("REMOTE_ADDR"), "unknown" ) )
         $IP = getenv("REMOTE_ADDR");
    ELSEIF ( isset( $_SERVER['REMOTE_ADDR'] ) && $_SERVER['REMOTE_ADDR'] && strcasecmp( $_SERVER['REMOTE_ADDR'], "unknown" ) )
         $IP = $_SERVER['REMOTE_ADDR'];
    ELSE
         $IP = FALSE;

I'm trying to figure out a way to stop hackers using proxy servers on my site, I figure if they hide the IP address via proxy then that is probably best.

I had hoped something as simple as this would work
3.


IF (getenv('HTTP_CLIENT_IP') != getenv('REMOTE_ADDR')  )
     $IP = FALSE;
ELSE $IP = getenv('REMOTE_ADDR');

But HTTP_CLIENT_IP is always empty??

So does anyone have an easy way to detect a vistor's IP and if the real IP is being hidden via proxy?

I want to stay away from maintaining a list of IP proxy servers because that requires a huge amount of time to maintain.

any suggestions or help would be great..thank

sneakyimp

I am not an expert, but my very limited experience suggests that a proxy is in use with HTTP_X_FORWARDED_FOR is defined.

MarkR

I'm not sure why you want to auto-ban proxy users:

Many major ISPs use transparent proxies (UK ISPs known to use transparent proxies: NTL, BT Broadband) - this means that the users can't bypass them
Many companies insist that their users use a corporate proxy server

Blocking proxy users immediately absolutely prevents all of them from accessing your site.

Mark

rr1024

Well the major reason is hacking, the way I see it if someone uses a proxy then they have something to hide. I can ban a hacker because he just get's a new IP via open proxy.

So if they are using a proxy I plan to display a message stating you must not use a proxy to view this site.

Besides my site is adult so anyone browsing at work shouldn't be...lol 🙂

Weedpacket

Then you need to find out what proxies are for and how they're used. Banning proxies would pretty much ban everyone.

Besides, I DO have something to hide: what would you need my own IP for unless you were planning to do something to my computer?

rr1024

I guess that is exactly the point those with something to hide I would rather ban from browsing the site.....

FYI IP banning and email address banning are very common methods, it efectivity maybe in question but never the less if they are hiding their IP then on my site they'll be banned until they remove the proxy....

rr1024

Also FYI this forum collects your IP address along with almost all forums these days and they do a combination email and IP ban when you do something against the rules.

Far as I'm concerned banning people using proxys will make those who use my site much safer because the hackers trying to steel peoples passwords, email addresses or just trying to deface the site, will not be able to attempt to do what they do with total anyomosely

sneakyimp

You're missing weedpacket's point, which is that a HUGE number of users are behind proxies and can't do anything about it. I think AOL and some other providers in the US use proxies. Why? to project their users, of course.

Weedpacket

rr1024 wrote:
Also FYI this forum collects your IP address along with almost all forums these days and they do a combination email and IP ban when you do something against the rules.

Yes, I have heard something along those lines ... but then this site allows access to proxy-users (without having its security breached).

will not be able to attempt to do what they do with total anyomosely

Right; they won't crack someone else's machine from behind a proxy, and then attack from the compromised box (without the proxy). No way will they think of that.

Not that it matters; there's nothing about a proxy's IP address that is inherently different from the IP of any other machine on the network. Whether it says it's a proxy or not is entirely its own business.

MarkR

Yes. Not all proxies identify themselves as such, and a large proportion of home users have proxies run by their ISPs, which they cannot bypass.

These are "transparent proxies", which many ISPs provide as mandatory.

If you're worries about people sharing accounts, I'm afraid traffic analysis is your only real hope.

You could potentially detect "open" proxies on standard port numbers (as some IRC servers do when you connect), but that's complicated and will take several seconds (So you should do it at most once per session).

Mark

rr1024

It seems like it should be easier than all this...sigh... :rolleyes:

If someone has any noval idea's I'd sure like to know...

On the transparent proxy from and ISP is all well and fine when a user is given a consistent IP address because when they are banned via IP then they are banned it's when the user goes from his ISP IP to a "free or paid" proxy server to hide that IP he's give by the ISP that is the problem....

I'm all for anomimity believe me runing a site for adults I believe in it totally but not at the expence of letting people on to a site I own to do it harm. It like being a Bar owner and being forced to allow people with loaded weapons in to drink...LOL 😃

MarkR wrote:
Yes. Not all proxies identify themselves as such, and a large proportion of home users have proxies run by their ISPs, which they cannot bypass.

These are "transparent proxies", which many ISPs provide as mandatory.

If you're worries about people sharing accounts, I'm afraid traffic analysis is your only real hope.

You could potentially detect "open" proxies on standard port numbers (as some IRC servers do when you connect), but that's complicated and will take several seconds (So you should do it at most once per session).

Mark

sneakyimp

the problem is that you could have hundreds of potential users behind a single IP -- at a university, for instance.

the trick is to make your software secure. i'm not sure what sort of php project you have, but you should avoid using registered global vars. (i.e., instead of using $var, use $GET['var'] or $POST['var'] explicitly instead).

you should also screen any database queries for potential sql injection.

If you are screening users based on IP or email alone, you could be in trouble. Those are easily mimicked.

Weedpacket

rr1024 wrote:
It like being a Bar owner and being forced to allow people with loaded weapons in to drink...

It's more like being a bar owner and insisting that all patrons pay by credit card, because people who pay with cash would be harder to identify if they start a fight.

If someone has any noval idea's I'd sure like to know...

Why be novel? "Novel" approaches to security are nowhere near as trustworthy as long-established and thoroughly-tested protocols.