block proxies?

jasondavis

Is there a simple way for me to redirect users who access my site using a proxy site? Example I can redirect users using proxy site to access my site to a warning page instead of my signup page?

NogDog

I cannot imagine any method other than a database of IP addresses which you believe are proxies. But I do not know if any reliable databases of that sort exist, nor can I imagine why you would want to go through the trouble since many users access the internet via proxies for perfectly good reasons (and in many cases have no choice, such as only having internet access from their work PC via a proxy server.)

jasondavis

I was talking more about people that use sites like http://www.loginfreedom.com/ to access myspace and stuff, maybe thats the same thing or can these sites be blocked? I think I saw onetime before something to block proxy sites like that for vbulletin

NogDog

As I suggested, I suspect the only way would be via IP address.

Jack_McSlay

here's a suggestion: most people on the internet use a ISP that uses DHCP, therefore does not have a fixed IP address. So you should make a script that stores on you database IP addresses and how many times each one is used each day, for the past 15 days or so.
Then look up on the results, and if one IP is being used constantly for several days, it's a proxy suspect. Google for that IP and if you find it on a free proxy list, block it

bradgrafelman

Jack_McSlay wrote:
most people on the internet use a ISP that uses DHCP, therefore does not have a fixed IP address.

I can't think of any ISP right now that doesn't use DHCP to hand out IP addresses.

Jack_McSlay wrote:
if one IP is being used constantly for several days, it's a proxy suspect.

Quite incorrect - if you're a cable or DSL user, it's not unlikely that you'd have the same IP for several months (or until you shut your modem off and leave it off for some time, or happen to buy a new ethernet card for some reason).

Just because a DHCP release may expire after a set amount of time (usually a couple of days) doesn't mean that your ISP won't simply hand you the same IP again when your computer goes to renew the lease (hence why it's called "renewing", not "canceling and obtaining a new lease").

Not to mention the fact that not all proxies are bad - many users couldn't even access the internet without (e.g. where I am right now - a college campus). Surely you're not trying to eliminate all users on college/school campuses, corporations, etc. from viewing your site... are you?

Jack_McSlay

bradgrafelman wrote:
I can't think of any ISP right now that doesn't use DHCP to hand out IP addresses.

I didn't say there are, I said most people connect through ISPs and not dedicated machines with a fixed IP

bradgrafelman wrote:
Quite incorrect - if you're a cable or DSL user, it's not unlikely that you'd have the same IP for several months (or until you shut your modem off and leave it off for some time, or happen to buy a new ethernet card for some reason).

Just because a DHCP release may expire after a set amount of time (usually a couple of days) doesn't mean that your ISP won't simply hand you the same IP again when your computer goes to renew the lease (hence why it's called "renewing", not "canceling and obtaining a new lease").

Not to mention the fact that not all proxies are bad - many users couldn't even access the internet without (e.g. where I am right now - a college campus). Surely you're not trying to eliminate all users on college/school campuses, corporations, etc. from viewing your site... are you?

that's why I said suspect. regardless of the fact one PC may stay with the same IP address for a long time, a configured proxy on the browser may stay for even longer, specially considering that more than one person may use the same proxy server at the same time.
besides if you log IPs and find out an specific IP range comes from an ISP it would be dead easy to put it in a "trusted IP range" list, and leave out of future logs.

and I don't see the big need to ban proxies either, other than having a site where anyone can post comments without logging in and there's problematic users who keep returning through them

Horizon88

Your suggestion, Jack, would only account for a very, very small fraction of proxies. What if I use Tor, which gives me a new IP address on every single request? What if I use foxyproxy in firefox with an automatic proxy url that gives me a new proxy on every request? You'll wind up blocking a lot of legitimate users for no reason, and you won't stop anyone that knows what they're doing with a proxy.

The standing question, though, is why you'd want to block proxy users in the first place, Jason?

callmeBob

Found this.. seems to work great.. totally different approach.. forget listing ip ranges etc..

if ($SERVER['HTTP_X_FORWARDED_FOR'] || $SERVER['HTTP_X_FORWARDED'] || $SERVER['HTTP_FORWARDED_FOR']

|| $SERVER['HTTP_CLIENT_IP'] || $SERVER['HTTP_VIA'] || in_array($SERVER['REMOTE_PORT'],
array(8080,80,6588,8000,3128,553,554)) || @fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 30)){

exit('PUT SOME NASTY MESSAGE HERE.');}

Hope this helps.

bradgrafelman

Except that you'd also cause your server to open a connection (or, rather, attempt to open a connection and hang until it succeeds or fails) every single time a page is loaded... meaning I hope you don't value your website being online/available very much.

Horizon88

It also only accounts for proxies that are configured to send that information, which most of them aren't, as it defeats the purpose of a proxy. :/

callmeBob

I spoke a bit soon.. once I put it up and tested it more thoroughly.. noticed the hanging.. it does seem to block the generic proxies that you find everywhere.. free anonymous.. the-cloak.. etc..

But.. not worth the hanging. IMHO.. (even though I am the one that suggested it ) 😛

I would love to see something that could prevent progs like hidemyip ... any clue on this?

I have to think there is a logical proactive solution that could work most of the time.. instead of creating.. or finding a database of IPs.... forever adding to it etc.

I even thought about allowing IP ranges of my "Clients" who are the only ones I want on the site.. but.. as I get more clients.. seems like it would quickly become a pain in the arse.

bradgrafelman

I still don't think you've ever answered the main question here:

Why do you care if someone's using a proxy or not?

Horizon88

It's virtually not doable, callmeBob. Is there any actual REASON you have for this? Chances are there's a better way to meet your needs than by blocking proxies. :/

jasondavis

I have a site similar to myspace, sometime I encounter some very offensive users and once I ban there IP they just use proxies