0
Well here’s the thing, I’m making a site where I pay for every visit to the user that he gets.
However, is there any way to know if a given IP is a proxy or not, that is, is there any way to know if that user is using VPN or not? And if there is, how can I block the user from using proxy?
Thank you.
4
There is no way to defend yourself efficiently and VPN is impossible (as far as I understand), the only way would be to have a list of Ips that is provided by some service, however this is not quite a case of programming necessarily, I don’t know any kind of service that provides these lists, but the way is probably this.
However some proxies pass data on HTTP, which may help to check this, I did not find many details of headers, as not all are standardized, however this chat on wikipedia tries to give or get some guidance: https://en.wikipedia.org/wiki/Talk%3AX-Forwarded-For, follows some details:
The header "Via" which is used by gateways and proxies to indicate the intermediate protocols and recipients between the "user agent" and the server about the requests, and between the source server and the client in the responses, use in PHP:
HTTP_VIADetails about Forwarded: https://tools.ietf.org/html/rfc7239#Section-5.2, use in PHP:
HTTP_FORWARDED_FORHTTP_FORWARDEDHTTP_X_FORWARDED_FOR (was probably used before the HTTP_FORWARDED_FOR, when it was still experimental)HTTP_X_FORWARDED (was probably used before the HTTP_FORWARDED_FOR, when it was still experimental)The X-Cluster-Client-IP: which apparently is required by the Zeus web servers:
HTTP_X_CLUSTER_CLIENT_IPThe Client-IP: I couldn’t find any information, what it seems to me is that it was used before the Forwarded:, use in PHP:
HTTP_CLIENT_IPHTTP_X_CLIENT_IP (variation of HTTP_CLIENT_IP)In PHP it would look something like:
<?php
function isProxy()
{
$proxyTypes = array(
'HTTP_VIA',
'HTTP_FORWARDED_FOR',
'HTTP_FORWARDED',
'HTTP_X_FORWARDED_FOR',
'HTTP_X_FORWARDED',
'HTTP_X_CLUSTER_CLIENT_IP',
'HTTP_CLIENT_IP',
'HTTP_X_CLIENT_IP'
);
foreach ($proxyType as $proxyTypes) {
if (!empty($proxyType)) {
return true;
}
}
return false;
}
if (isProxy()) {
//Finaliza o script PHP e emite uma mensagem, pode customizar essa if como desejar
die('Você está usando proxy');
}
Web-proxies usually use frames, so it is possible to only check if your page is running inside a <iframe> or <frame>, add so in page footer:
<script>
function detectLoadInFrame()
{
//O try previne problemas de bloqueios de CORS
try {
if (window.self !== window.top) {
window.top.location = window.location;
}
} catch (e) {
}
}
</script>
</body>
</html>
But note that sometimes web-proxies block Javascript, this causes problems when making the detection, so the interesting thing would be to block some main HTML functionality, such as navbar, or a form, for example:
css style.:
.navbar {
display: none;
}
.navbar.show {
display: block;
}
Your html:
<html>
<head>
<link href="estilo.css" rel="stylesheet" type="text/css">
</head>
<body>
<nav class="navbar">
<a href="...">...</a>
</nav>
<form id="meuform">
<input type="text" disabled>
<select disabled></select>
</form>
<script>
function detectLoadInFrame()
{
//O try previne problemas de bloqueios de CORS
try {
if (window.self !== window.top) {
window.top.location = window.location;
} else {
//Exibe o navbar
document.querySelector(".navbar").className += " show";
//Habilita os campos
var fields = document.querySelectorAll("#meuform [disabled]");
for (var i = fields.length - 1; i >= 0; i--) {
fields[i].disabled = false;
}
}
} catch (e) {
}
}
</script>
</body>
</html>
This will be the most effective way to prevent a proxy or a vpn?
@Gonçalo I think did not understand at the beginning of the answer, I said: There is no way to defend yourself efficiently and VPN is impossible. In other words, it is only for proxy, it is only efficient if the proxy passes the data, otherwise it is also impossible, I am editing the answer for more details ;)
Dude, it’s impossible, 4chan can find out when someone is using VPN, now it’s really hard.
@Raphaelcaldas I don’t know how they do, but I suppose VPN services use gateway paths, which could be checked at the machine/equipment level, but at the level of web-directed programming language I don’t think it’s possible
@Gonçalo edited, including the introduction of the answer, I hope it helps, if I find any service of the type inform you.
Thanks, I’ll try it! If you can prevent proxys is better, in addition, I will do other systems in PHP, to create a "sequence" of time, and if the sequence is very similar, the user is blocked. Always prevents!
I tried with a hidemyass proxy and PHP did not work, did not show the proxy message...
@Gonçalo hidemyass is not Proxy is Webproxy, they are two different things, that’s why I added an example with webproxy where I wrote "Detecting if you’re using a web-proxy". Webproxies do not send headers and not all proxies will send headers as well. However these are the most efficient ways I’ve found (I’ve used both on some customers' website).
Tell me something, in the second case of Webproxy, the only alternative is Use JS? is that in case I am using a PHP file.
@Gonçalo Sim normal proxies that send headers the solution is PHP, already webproxies the solution is only with javascript, or combine both and will have a reasonable solution ;)
-1
As far as I know if the user does not send some headers vc have no way to detect, however if the user sends a X-FORWARDED-FOR ai Voce can try to filter. But Voce has to accept that some will pass.For many proxies are Anonimos.
Browser other questions tagged php
You are not signed in. Login or sign up in order to post.
This might help you: https://medium.com/@Valdikss/Detecting-vpn-and-its-Configuration-and-proxy-users-on-the-server-side-1bcc59742413#. rmi42s248
– MagicHat