Page 1 of 1
How to tell if someone is using a proxy
Posted: Wed May 26, 2004 8:56 pm
by SashaSlutsker
I am mainly concerned about all those anonymous proxies online. Anyone know how to tell if someone is using ANY proxy at all?
Posted: Thu May 27, 2004 12:52 am
by maqmus
getenv("HTTP_X_FORWARDED_FOR")
Posted: Thu May 27, 2004 1:09 am
by Buddha443556
If it's an anonymous proxy then it doesn't give away the fact that it's a proxy. Having said that ... I can think of a couple of ways.
1. Create and maintain a list of IP addresses associated with anonymous proxies. May not be very accurate.
2. Test addresses suspected of being anonymous proxies. May not be very accurate and may appear to be an attack on said address.
3. Use a client-side language like Javascript to report the IP address of the user. May simply not work or be accurate.
4. Keep a record of IP addresses associated with a user and look for suspecious things like large number of different domains. May not be very accurate either but at least you have a list of IP addresses you can ban for that user. Of course proxies usually come into play after you ban an IP address.
Those are just some thoughts. Maybe they'll help you come up with something for your situation. Why are you worried about anonymous proxies anyway?
Posted: Thu May 27, 2004 3:01 pm
by SashaSlutsker
Creating a list would be hard since there are so many and I think they change. The problem comes with people getting gigantic increases in soldiers (in a game) when they use proxies.
Posted: Thu May 27, 2004 3:03 pm
by feyd
sounds more like an issue with the game design then..
Posted: Thu May 27, 2004 3:07 pm
by SashaSlutsker
Not really. See, the users give a link to their friends and each other in order to boost their soldiers. However, some users use proxies to get an extra 10-20 clicks a day.
Posted: Thu May 27, 2004 3:12 pm
by dull1554
like said above id just use javascript to gather the clients "real" IP address then use php to gather the clients IP address and compare them, if they are the same fine but if they are different they are using a proxy
Posted: Thu May 27, 2004 3:13 pm
by feyd
sounds even more like a game design issue now... instead of using the remote address, require that they login.. then it's attached to their login.. sure, people could have multiple accounts if they really wanted..
see, the other side of the coin is: people behind NATs won't be able to help each other because their remote address will be the same.
Posted: Thu May 27, 2004 3:16 pm
by SashaSlutsker
Yes, but one reason for this system is to help the game grow. One person would click another's link and then join the game because they want to know more about it or something.
Anyway, I don't really know about Javascript, but I'll look online and try that.
Posted: Thu May 27, 2004 3:46 pm
by feyd
AFAIK, there is no way to find someone's IP address with Javascript.
here's information on what (some) proxies send as headers in the environment variables...
Posted: Thu May 27, 2004 8:14 pm
by Buddha443556
feyd wrote:AFAIK, there is no way to find someone's IP address with Javascript.
Yeah it's more of a Java thing and browser dependent. Could just use Java. Like I said, "May simply not work or be accurate."
Code: Select all
<script>
if (navigator.appName=='Netscape' && navigator.javaEnabled()) {
hn = java.net.InetAddress.getLocalHost().getHostName();
ha = java.net.InetAddress.getLocalHost().getHostAddress();
document.write('HostName: '+ hn + '<br>' + 'HostAddress: '+ ha );
}
</script>
Posted: Fri May 28, 2004 10:59 am
by dave420
You can't do it. There are simply too many ways of hiding your IP address. It's easy to route your traffic via a third party, via SSH, for example. Anonymous proxies are going to be an issue, too, especially as they're everywhere these days. Even if you make a page that captures the person's IP address client-side, it still has to get that to the server somehow. It would be easy enough for that to be intercepted by the client, or denied by a firewall or something.
Basically, there's no foolproof (or even slightly usable) way of doing this.
Posted: Fri May 28, 2004 11:15 am
by d3ad1ysp0rk
Also, I play/make games like what you're talking about, and your best bet is to put a time in the "hits" table next to each hit:
Code: Select all
userid | ip | time
4 | 64.234.82.309 | 14:02:53
19 | 206.37.278.37 | 14:03:15
Then, you can check the time in between hits, and if it's less than say, 15 seconds, you can know they're using a proxy clicker or something of that nature (also, make sure its like 10 hits, not just 2, because that could be coincidence).
I wouldnt worry about annon. proxies, its way too tedious just to get a few more hits.