Page 1 of 1

Proxy Checker

Posted: Mon Dec 11, 2006 1:38 pm
by nickman013
Hello,

I was wondering if there was any way to check if a IP is a proxy server?

Thanks.!!!

Posted: Mon Dec 11, 2006 1:48 pm
by potato
if you want to check the script, http://www.phpbuddy.com/sample/proxydetector.php

Code: Select all

<?php 

// use this script to detect whether a user is using a 

//proxy server to connect to your website.



echo "Proxy Detector

";

if(isset($HTTP_X_FORWARDED_FOR))
{
if ($HTTP_X_FORWARDED_FOR)
{
// proxy detected...
?>

Proxy Detected...


Your Actual IP Address:
<?= $HTTP_X_FORWARDED_FOR ?>


Your Proxy Server:
<?= $HTTP_VIA ?>

You Proxy I.P address: <?= $REMOTE_ADDR ?>


<?
}
}
else
{
// no proxy detected
?>

No Proxy Detected


Your Actual IP Address:
<?= $REMOTE_ADDR ?>


<?
}
?>

Posted: Mon Dec 11, 2006 1:51 pm
by nickman013
thanks alot!!!!!!!

Posted: Mon Dec 11, 2006 1:59 pm
by nickman013
hmm.. doesnt seem to work though??

I tried it out...

Posted: Mon Dec 11, 2006 2:36 pm
by John Cartwright
Those variables are deprecated , have a look at Reserved Variables.

To my knowledge, it is impossible to check whether or not the user is accessing behind a proxy or not. Considering a proxy relays the requests, like a normal user, there is little differentiations between a legit user and a proxy. The only way that comes to mind is compiling a list of known proxies and checking against that. :? I would be interested to hear others opinion on this.

Posted: Mon Dec 11, 2006 3:15 pm
by feyd
The headers sent by the proxy that signal it being a proxy are optional, so there's no 100% way of determining if a request is from a proxy or not... but you can at least compile a list of conforming and compliant proxies.

Posted: Mon Dec 11, 2006 7:58 pm
by nickman013
Hmmm... I see..

The reason why I need to know this is becuase I have a voting system I made w/ help of somepeople on here.. And people go through a proxy to vote more than once... But, I just delete their vote.... But some people are voting more than once with the same IP address. I dont know how becuase my code prevents it... Any one know how to make this better...

The codes are

moty_main.php

Code: Select all

<?
$ip = $_SERVER[REMOTE_ADDR]; 
include "/home/muot/public_html/ipban/check.php";
//this is just a checker for a ip banner i have.
?>
<body bgcolor=black>
<script LANGUAGE="JavaScript">
<!--
// Nannette Thacker http://www.shiningstar.net
function confirmSubmit()
{
var agree=confirm("Are you sure you want to vote for this person? You cannot vote again, or change your vote if you do.");
if (agree)
	return true ;
else
	return false ;
}
// -->
</script>
<style type=text/css>
body {
color:white;
}
#formfont { 
  color:white; 
} 
input,textarea { 
  background-color:black; 
  color:white; 
}
</style>
<?php 
$host = "localhost";//Hostname 
$usr = "muot_report";//DB Usr 
$psw = "passwordd";//DB Password 
$dbname = "muot_report";//DB Name 
$tbl_name = "moty_ip";//Table Name 
$ip_field = "IP";//Field For IP 
$visitor_ip = $_SERVER[REMOTE_ADDR];//Visitor's IP Address 

$conn = mysql_connect($host, $usr, $psw) or die(mysql_error()); 
mysql_select_db($dbname, $conn) or die(mysql_error());
$sql = "SELECT $ip_field FROM $tbl_name WHERE $ip_field = '$visitor_ip'"; 
$res = mysql_query($sql, $conn) or die(mysql_error()); 
$num_rows = mysql_num_rows($res); 
if($num_rows > 0)
 { 
?>
<font size=6 color=red><b><center>Thanks for voting.</font><br></center>
<br><font size=4 color=white>The next voting round for the Muot Of The Year, will be on December 23rd.<br>Until then check out <a href=http://www.sickrat.com target=_blank><b><font size=5 color=white>SICKRAT.COM</font></a> for the new CJ vs.  Joe fight.<br></font>
</center>
<?
  } 
else 
  { 
?>
<html>
<body bgcolor=black>
<?php
$ip = @$REMOTE_ADDR;
$usr = "muot_report";
$pwd = "passsword"; 
$db = "muot_report"; 
$host = "localhost"; 

# connect to database 
$cid = mysql_connect($host,$usr,$pwd); 
if (!$cid) { echo("ERROR: " . mysql_error() . "\n"); } 

$output = '<HTML>'; 

# setup SQL statement 
$SQL = " SELECT * FROM `report` WHERE previous = 1 AND moty = 1"; 
$SQL = $SQL . 

# execute SQL statement 
$retid = mysql_db_query($db, $SQL, $cid) or die(mysql_error()); 

# display results 
$output .= "<table align=center bgcolor=black border=1 bordercolor=white cellpadding=20 width=450>\n\n"; 
$howmany = mysql_num_rows($retid); 
$rowmax = 4; 
for($x = 0; $row = mysql_fetch_array($retid); $x++) 
{ 
if($x % $rowmax == 0) 
$output .= "<tr>\n"; 
$prevpic = $row["Number"]; 
$prevname = $row["prevname"]; 


$output .= "<td align=center><a href=/prev.php?id=$prevpic target=_blank><img src =\"/prevpics/$prevpic.jpg\" width=100 height=100><br><font color=white>$prevname</font></a><br>
<form action=/moty_vote.php method=post>
<input type=hidden name=choice value=$prevpic>
<input type=submit value=Vote! onClick=\"return confirmSubmit()\"></form>
</td>"; 
if($x % $rowmax == $rowmax - 1) 
$output .= "\r</tr>\n\n"; 
} 


$output .= "</table>\n\n"; 

$output .= "</DT></P>"; 

$output .= '</BODY> 
</HTML>'; 

echo $output; 
?><?
  } 
?>

moty_vote.php

Code: Select all

<?
$ip = @$REMOTE_ADDR;
$choice = $_POST['choice'];
$username2= "muot_report";  
$password2= "passwordd";  
$database2= "muot_report";  
$connection2 = mysql_connect('localhost',$username2,$password2);  
mysql_select_db($database2); 

$sql4 = "SELECT * FROM `report` WHERE `Number` =".$choice;
$result4 = mysql_query($sql4) or die(mysql_error());
while($row4 = mysql_fetch_array($result4)) { 
$choice2 = $row4['votes']+1;
}
mysql_query('UPDATE report set `votes` = '.$choice2.' WHERE `Number` ='.$choice);
$query = "INSERT INTO moty_ip VALUES ('','$ip','$choice')";
$result = mysql_query($query) or die(mysql_error());
?>
<META HTTP-EQUIV="Refresh" CONTENT="0; URL=/moty_thankyou.php">

Need more info??
its probly written horrible and the worst way but it works for me...
I just cant figure out why people can vote more than one time with one IP address...
any one got any good idea how to improve this...and not allow someone to vote more than 1 time..

thanks alot!!!

Posted: Mon Dec 11, 2006 11:03 pm
by feyd
I see nothing that prevents a previous voter from voting again. I do see several security holes however.

Posted: Tue Dec 12, 2006 6:36 am
by nickman013
It adds the voters IP into a row on a table.. and then checks to see if it exists before loading the voting page... It works but I am getting multiple votes on certain IP addresses.

Posted: Tue Dec 12, 2006 6:37 am
by nickman013
Hmm, I think I should add that 'check for the voters ip' on the vote process page?

Posted: Tue Dec 12, 2006 7:58 am
by feyd
That is probably a pretty good idea, however be aware that many users can be behind a single IP so your check may be serving false positives.

Posted: Tue Dec 12, 2006 8:35 am
by nickman013
Yeah I was thinking of that, like if they are at a school or somthing like that.

Would cookies be better?
The only reason why I didnt use cookies was because people can just delete them and re-vote.

Posted: Tue Dec 12, 2006 12:28 pm
by John Cartwright
nickman013 wrote:Yeah I was thinking of that, like if they are at a school or somthing like that.

Would cookies be better?
The only reason why I didnt use cookies was because people can just delete them and re-vote.
As you can tell there is no foolproof way to handle single votes only, unless your user based is forced to make an account first.

Posted: Tue Dec 12, 2006 1:37 pm
by nickman013
Yea I see.. Ill just manually delete votes if they voted more than 1 time.

Thanks Alot!!