Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    New Coder
    Join Date
    Apr 2011
    Posts
    59
    Thanks
    8
    Thanked 0 Times in 0 Posts

    How to detect proxies

    I need to detect users using proxies on a few pages. I don't want to block them, just deactivate a few functions that shouldn't be used by people with proxies.... The main method I've found it checking the headers, but I can't get that to work. All the online proxies I try don't trip it.

    Is there a better way to check for proxies?

  • #2
    New Coder
    Join Date
    Aug 2012
    Location
    Finland
    Posts
    23
    Thanks
    2
    Thanked 5 Times in 5 Posts
    Hey, I did some research at google and found out that this code will not work on anonymous proxies but try this:

    PHP Code:
     $proxy_headers = array(
            
    'HTTP_VIA',
            
    'HTTP_X_FORWARDED_FOR',
            
    'HTTP_FORWARDED_FOR',
            
    'HTTP_X_FORWARDED',
            
    'HTTP_FORWARDED',
            
    'HTTP_CLIENT_IP',
            
    'HTTP_FORWARDED_FOR_IP',
            
    'VIA',
            
    'X_FORWARDED_FOR',
            
    'FORWARDED_FOR',
            
    'X_FORWARDED',
            
    'FORWARDED',
            
    'CLIENT_IP',
            
    'FORWARDED_FOR_IP',
            
    'HTTP_PROXY_CONNECTION'
        
    );
        foreach(
    $proxy_headers as $x){
            if (isset(
    $_SERVER[$x])) die("You are using a proxy!");
        } 

  • #3
    New Coder
    Join Date
    Apr 2011
    Posts
    59
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Yeah, that's what I'm trying but it's not catching a single thing.

  • #4
    Senior Coder
    Join Date
    Apr 2011
    Location
    London, England
    Posts
    2,120
    Thanks
    15
    Thanked 354 Times in 353 Posts
    Quote Originally Posted by Kurisvo View Post
    Yeah, that's what I'm trying but it's not catching a single thing.
    Use print_r($_SERVER); and check what it outputs for the proxies. From the browser, use View/ Source and it will be easier to read.
    "I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
    Validate your HTML and CSS

  • #5
    New Coder
    Join Date
    Sep 2011
    Posts
    80
    Thanks
    0
    Thanked 13 Times in 12 Posts
    You won't be able to detect proxies that don't forward any of those headers. The only way to be certain is maintain a blacklist, there is probably some kicking about for the popular proxies.

    Grabbing one of those lists and combining it with the publically available list of Tor exit nodes and keeping an eye out for forwarding headers should help you catch a good portion of proxy users.

  • #6
    New Coder
    Join Date
    Apr 2011
    Posts
    59
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Without proxy:
    Code:
    Array
    (
        [UNIQUE_ID] => UBp2-dQB0AEADvlg8zYAAAAw
        [HTTP_HOST] => mysite.com
        [HTTP_CONNECTION] => keep-alive
        [HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11
        [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        [HTTP_ACCEPT_ENCODING] => gzip,deflate,sdch
        [HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8
        [HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.3
        [HTTP_COOKIE] => phpbb3_59uew_u=2; phpbb3_59uew_k=3f6996ed3d3272b6; phpbb3_59uew_sid=94e0170f90955155cbf55bd285860d8e; PHPSESSID=a8d4ee2bc970fa94550f5bdc1d01e8f0; __utma=112287937.628397355.1343870588.1343907668.1343911177.4; __utmb=112287937.3.10.1343911177; __utmc=112287937; __utmz=112287937.1343870588.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); style_cookie=null
        [PATH] => /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin
        [SERVER_SIGNATURE] => 
        [SERVER_SOFTWARE] => Apache
        [SERVER_NAME] => mysite.php
        [SERVER_ADDR] => my.site.ip
        [SERVER_PORT] => 80
        [REMOTE_ADDR] => 76.181.38.253
        [DOCUMENT_ROOT] => /home/thelasts/public_html
        [SERVER_ADMIN] => webmaster@mysite.com
        [SCRIPT_FILENAME] => /home/thelasts/public_html/proxy.php
        [REMOTE_PORT] => 57372
        [GATEWAY_INTERFACE] => CGI/1.1
        [SERVER_PROTOCOL] => HTTP/1.1
        [REQUEST_METHOD] => GET
        [QUERY_STRING] => 
        [REQUEST_URI] => /proxy.php
        [SCRIPT_NAME] => /proxy.php
        [PHP_SELF] => /proxy.php
        [REQUEST_TIME] => 1343911677
        [argv] => Array
            (
            )
    
        [argc] => 0
    )
    With proxy:

    Code:
    Array (
    [UNIQUE_ID] => UBp3UNQB0AEADwFYvDYAAABI
    [HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11
    [HTTP_HOST] => mysite.com
    [HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8
    [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    [HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.3
    [PATH] => /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin
    [SERVER_SIGNATURE] =>
    [SERVER_SOFTWARE] => Apache
    [SERVER_NAME] => mysite.com
    [SERVER_ADDR] => my.site.ip
    [SERVER_PORT] => 80
    [REMOTE_ADDR] => 204.45.31.26
    [DOCUMENT_ROOT] => /home/thelasts/public_html
    [SERVER_ADMIN] => webmaster@mysite.com
    [SCRIPT_FILENAME] => /home/thelasts/public_html/proxy.php
    [REMOTE_PORT] => 52157
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_PROTOCOL] => HTTP/1.1
    [REQUEST_METHOD] => GET
    [QUERY_STRING] =>
    [REQUEST_URI] => /proxy.php
    [SCRIPT_NAME] => /proxy.php
    [PHP_SELF] => /proxy.php
    [REQUEST_TIME] => 1343911760
    [argv] => Array ( )
    [argc] => 0 )
    I really need to find a way to detect proxies because my users can cheat the system by using them.....

    I'm using this site to test: http://proxyultra.com

  • #7
    New Coder
    Join Date
    Nov 2011
    Posts
    88
    Thanks
    4
    Thanked 26 Times in 26 Posts
    I don't see any proxy headers in (2), but I do see that:

    204.45.31.26 Listed in dnsbl.tornevall.org (or a tor proxy)

    So a blocklist looking up against dnsbl.tornevall.org will do the job - but if there are no headers, and it's not a blocklist there is little you can do. Some geo-checks on the originating country may help as a last resort.

    I tend to use something like this myself, but it can probably be improved considerably:

    PHP Code:
        function dnsProxyBlocklist($ip=null) {
            if (!
    $ip) return;
            
    //reverse ip octets
            
    list($oct1$oct2$oct3$oct4) = explode("\."$ip);
            
    $lookup "$oct4.$oct3.$oct2.$oct1";
            
    $blocklists = array(
            
    'dnsbl.tornevall.org',
            
    'tor.dan.me.uk',
            
    'torexit.dan.me.uk',
            
    'http.dnsbl.sorbs.net',
            
    'socks.dnsbl.sorbs.net',
            
    'misc.dnsbl.sorbs.net',
            
    'b.barracudacentral.org'
            
    );
            foreach(
    $blocklists as $i){
                
    $result dns_get_record("$lookup.$i");
                if (
    $result) {
                    foreach (
    $result as $value) {
                        if (
    is_array($value)) {
                            if (
    $value['type']=="A") {
                                return 
    "$i: [".$value['ip']."]\n";
                            }
                        }
                    }
                }
            }
        return 
    false;
        } 

  • #8
    New Coder
    Join Date
    Apr 2011
    Posts
    59
    Thanks
    8
    Thanked 0 Times in 0 Posts
    I got an error with that one. :c

    I did find one thing that worked though:

    PHP Code:
    if ( $_SERVER['HTTP_X_FORWARDED_FOR']
    || 
    $_SERVER['HTTP_X_FORWARDED']
    || 
    $_SERVER['HTTP_FORWARDED_FOR']
    || 
    $_SERVER['HTTP_CLIENT_IP']
    || 
    $_SERVER['HTTP_VIA']
    || 
    in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))
    || @
    fsockopen($_SERVER['REMOTE_ADDR'], 80$errno$errstr1))
    {
         die(
    "Proxy detected");
    }else{
        die(
    "You are not using a proxie");


  • #9
    New to the CF scene
    Join Date
    Mar 2012
    Posts
    9
    Thanks
    0
    Thanked 1 Time in 1 Post
    You need to get a 3rd party proxy detection service (who maintain an update list of proxy out in the market). For example, https://www.fraudlabs.com/ip2proxy.aspx

  • #10
    New Coder
    Join Date
    Sep 2011
    Posts
    80
    Thanks
    0
    Thanked 13 Times in 12 Posts
    Quote Originally Posted by Kurisvo View Post
    I got an error with that one. :c

    I did find one thing that worked though:

    PHP Code:
    if ( $_SERVER['HTTP_X_FORWARDED_FOR']
    || 
    $_SERVER['HTTP_X_FORWARDED']
    || 
    $_SERVER['HTTP_FORWARDED_FOR']
    || 
    $_SERVER['HTTP_CLIENT_IP']
    || 
    $_SERVER['HTTP_VIA']
    || 
    in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))
    || @
    fsockopen($_SERVER['REMOTE_ADDR'], 80$errno$errstr1))
    {
         die(
    "Proxy detected");
    }else{
        die(
    "You are not using a proxie");

    if you are going to test for proxies that way you probably want to at least cache a list of proxies you get positive hits back from pinging port 80 and make that comparison first. Creating a connection can be slow at the best of times, never mind with a server which is probably under high load on port 80.

  • #11
    New Coder
    Join Date
    Apr 2011
    Posts
    59
    Thanks
    8
    Thanked 0 Times in 0 Posts
    That's actually a really really good idea! Thanks for the idea


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •