...

View Full Version : How to detect proxies



Kurisvo
08-01-2012, 04:01 PM
I need to detect users using proxies on a few pages. I don't want to block them, just deactivate a few functions that shouldn't be used by people with proxies.... The main method I've found it checking the headers, but I can't get that to work. All the online proxies I try don't trip it.

Is there a better way to check for proxies?

ECoode
08-01-2012, 09:47 PM
Hey, I did some research at google and found out that this code will not work on anonymous proxies but try this:



$proxy_headers = array(
'HTTP_VIA',
'HTTP_X_FORWARDED_FOR',
'HTTP_FORWARDED_FOR',
'HTTP_X_FORWARDED',
'HTTP_FORWARDED',
'HTTP_CLIENT_IP',
'HTTP_FORWARDED_FOR_IP',
'VIA',
'X_FORWARDED_FOR',
'FORWARDED_FOR',
'X_FORWARDED',
'FORWARDED',
'CLIENT_IP',
'FORWARDED_FOR_IP',
'HTTP_PROXY_CONNECTION'
);
foreach($proxy_headers as $x){
if (isset($_SERVER[$x])) die("You are using a proxy!");
}

Kurisvo
08-02-2012, 03:42 AM
Yeah, that's what I'm trying but it's not catching a single thing.

AndrewGSW
08-02-2012, 05:31 AM
Yeah, that's what I'm trying but it's not catching a single thing.

Use print_r($_SERVER); and check what it outputs for the proxies. From the browser, use View/ Source and it will be easier to read.

MarkR
08-02-2012, 02:56 PM
You won't be able to detect proxies that don't forward any of those headers. The only way to be certain is maintain a blacklist, there is probably some kicking about for the popular proxies.

Grabbing one of those lists and combining it with the publically available list of Tor exit nodes and keeping an eye out for forwarding headers should help you catch a good portion of proxy users.

Kurisvo
08-02-2012, 02:59 PM
Without proxy:


Array
(
[UNIQUE_ID] => UBp2-dQB0AEADvlg8zYAAAAw
[HTTP_HOST] => mysite.com
[HTTP_CONNECTION] => keep-alive
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[HTTP_ACCEPT_ENCODING] => gzip,deflate,sdch
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8
[HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.3
[HTTP_COOKIE] => phpbb3_59uew_u=2; phpbb3_59uew_k=3f6996ed3d3272b6; phpbb3_59uew_sid=94e0170f90955155cbf55bd285860d8e; PHPSESSID=a8d4ee2bc970fa94550f5bdc1d01e8f0; __utma=112287937.628397355.1343870588.1343907668.1343911177.4; __utmb=112287937.3.10.1343911177; __utmc=112287937; __utmz=112287937.1343870588.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); style_cookie=null
[PATH] => /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin
[SERVER_SIGNATURE] =>
[SERVER_SOFTWARE] => Apache
[SERVER_NAME] => mysite.php
[SERVER_ADDR] => my.site.ip
[SERVER_PORT] => 80
[REMOTE_ADDR] => 76.181.38.253
[DOCUMENT_ROOT] => /home/thelasts/public_html
[SERVER_ADMIN] => webmaster@mysite.com
[SCRIPT_FILENAME] => /home/thelasts/public_html/proxy.php
[REMOTE_PORT] => 57372
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /proxy.php
[SCRIPT_NAME] => /proxy.php
[PHP_SELF] => /proxy.php
[REQUEST_TIME] => 1343911677
[argv] => Array
(
)

[argc] => 0
)


With proxy:



Array (
[UNIQUE_ID] => UBp3UNQB0AEADwFYvDYAAABI
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11
[HTTP_HOST] => mysite.com
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.3
[PATH] => /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin
[SERVER_SIGNATURE] =>
[SERVER_SOFTWARE] => Apache
[SERVER_NAME] => mysite.com
[SERVER_ADDR] => my.site.ip
[SERVER_PORT] => 80
[REMOTE_ADDR] => 204.45.31.26
[DOCUMENT_ROOT] => /home/thelasts/public_html
[SERVER_ADMIN] => webmaster@mysite.com
[SCRIPT_FILENAME] => /home/thelasts/public_html/proxy.php
[REMOTE_PORT] => 52157
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /proxy.php
[SCRIPT_NAME] => /proxy.php
[PHP_SELF] => /proxy.php
[REQUEST_TIME] => 1343911760
[argv] => Array ( )
[argc] => 0 )


I really need to find a way to detect proxies because my users can cheat the system by using them.....

I'm using this site to test: http://proxyultra.com

leslie.jones
08-02-2012, 09:26 PM
I don't see any proxy headers in (2), but I do see that:

204.45.31.26 Listed in dnsbl.tornevall.org (or a tor proxy)

So a blocklist looking up against dnsbl.tornevall.org will do the job - but if there are no headers, and it's not a blocklist there is little you can do. Some geo-checks on the originating country may help as a last resort.

I tend to use something like this myself, but it can probably be improved considerably:


function dnsProxyBlocklist($ip=null) {
if (!$ip) return;
//reverse ip octets
list($oct1, $oct2, $oct3, $oct4) = explode("\.", $ip);
$lookup = "$oct4.$oct3.$oct2.$oct1";
$blocklists = array(
'dnsbl.tornevall.org',
'tor.dan.me.uk',
'torexit.dan.me.uk',
'http.dnsbl.sorbs.net',
'socks.dnsbl.sorbs.net',
'misc.dnsbl.sorbs.net',
'b.barracudacentral.org'
);
foreach($blocklists as $i){
$result = dns_get_record("$lookup.$i");
if ($result) {
foreach ($result as $value) {
if (is_array($value)) {
if ($value['type']=="A") {
return "$i: [".$value['ip']."]\n";
}
}
}
}
}
return false;
}

Kurisvo
08-03-2012, 02:38 AM
I got an error with that one. :c

I did find one thing that worked though:



if ( $_SERVER['HTTP_X_FORWARDED_FOR']
|| $_SERVER['HTTP_X_FORWARDED']
|| $_SERVER['HTTP_FORWARDED_FOR']
|| $_SERVER['HTTP_CLIENT_IP']
|| $_SERVER['HTTP_VIA']
|| in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))
|| @fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 1))
{
die("Proxy detected");
}else{
die("You are not using a proxie");
}

chrislim2888
08-03-2012, 10:27 AM
You need to get a 3rd party proxy detection service (who maintain an update list of proxy out in the market). For example, https://www.fraudlabs.com/ip2proxy.aspx

MarkR
08-03-2012, 01:16 PM
I got an error with that one. :c

I did find one thing that worked though:



if ( $_SERVER['HTTP_X_FORWARDED_FOR']
|| $_SERVER['HTTP_X_FORWARDED']
|| $_SERVER['HTTP_FORWARDED_FOR']
|| $_SERVER['HTTP_CLIENT_IP']
|| $_SERVER['HTTP_VIA']
|| in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))
|| @fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 1))
{
die("Proxy detected");
}else{
die("You are not using a proxie");
}


if you are going to test for proxies that way you probably want to at least cache a list of proxies you get positive hits back from pinging port 80 and make that comparison first. Creating a connection can be slow at the best of times, never mind with a server which is probably under high load on port 80.

Kurisvo
08-03-2012, 04:02 PM
That's actually a really really good idea! Thanks for the idea :D



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum