Ok, here's the thing. I own a gaming site that is written mostly in php/hmlt/javascript. I am having a hell of a time fighting people using ip masking and fake ip software. I ban an ip from either the forums or the game site, and within hours they are back, same person, using a new ip. I deal with them all day every day in my forums. Others are doing it on the game site. I can't even block ip ranges, because the ranges are almost ever even close.
So, I am wondering what there may be out there in php html or javascript that can help with this. I have searched everything I can, I must not be wording the searches right, because I am not coming up with anything either here or google.
Is there someway of seeing past the ip software and seeing an actual ip address? What do we have available to fight this problem?
Thank you for reading, and thank you in advance for any one who responds.
fighting against fake ip addresses?
Moderator: General Moderators
-
goonslifedotcom
- Forum Newbie
- Posts: 2
- Joined: Sun Jun 21, 2009 12:53 pm
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: fighting against fake ip addresses?
If they are using non-anonymous proxies, you can get the real IP from $_SERVER['HTTP_X_FORWARDED_FOR']. On the contrary, if they are using anonymous proxies, you can't get their real IP. In this case, you could simply ban the proxy IP. There are several lists of proxies in the Internet that you could use, here's one I like: http://www.gearhack.com/Articles/FightSpam/
Basically what you want is to find lists of proxies that people use to get these "new IPs" and ban them.
Good luck.
Basically what you want is to find lists of proxies that people use to get these "new IPs" and ban them.
Good luck.
-
goonslifedotcom
- Forum Newbie
- Posts: 2
- Joined: Sun Jun 21, 2009 12:53 pm
Re: fighting against fake ip addresses?
Thank you. I will look into that.
Re: fighting against fake ip addresses?
You could create a random non-expiring cookie. Once banned you could look for the cookie from new ips and ban them again. It probably wouldn't take long for word to spread about the technique and it's very easy to detect/defeat. You could also record the user agent, if it is unique enough you could flag them as a possible banned user when they popup again.
The HTTP_X_FORWARDED_FOR can be spoofed too, so be careful of that.
You can also contact the proxy where the user is routing from and ask them to put your site on their banned list because of abuse. They often do this willingly.
The HTTP_X_FORWARDED_FOR can be spoofed too, so be careful of that.
You can also contact the proxy where the user is routing from and ask them to put your site on their banned list because of abuse. They often do this willingly.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: fighting against fake ip addresses?
That's a good note, I forgot to mention that. Using it directly could easily make your script exploitable. Basically you should first check the HTTP_X_FORWARDED_FOR, and if it equals to a banned IP -> disallow access. If it is not banned, then check the REMOTE_ADDR against the proxy list.Eric! wrote:The HTTP_X_FORWARDED_FOR can be spoofed too, so be careful of that.