proxies

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

proxies

Post by s.dot »

is it possible to determine if a user is using a proxy.. and if so, not allow them access to register?
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Not reliably (only compliant proxies) .. and it's not a good idea: a lot of ISPs employ proxies.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

so if someone registers say 20 accounts (which has happened lately.. even though I require a different email for each account, different usernames, and i have tokenized the register form to prevent fake forms from being processed) the only thing i can do is delete them and ban their ip?
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

People and bots that do that often run through non-compliant proxies, so you'd have to do that anyways.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Sounds good... just extra work on my part i was hoping to avoid by checking for proxies. I was not aware of compliancy and ISPs using proxies, so it looks like I will not be able to do that.

Perhaps i can set up a few scripts to check for duplicate accounts with the same IP addresses, and then check their validity. Some may be valid (IE: brother & sister registering from the same computer).. but a script would make it much easier.

Thanks feyd.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Bear in mind IPs can be common across unrelated users on the same ISP...
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Re: proxies

Post by Roja »

scottayy wrote:is it possible to determine if a user is using a proxy.. and if so, not allow them access to register?
Bit of a trick answer: No, and let me tell you how. :)

There are users. Some use compliant proxies - which you can detect using getenv("HTTP_X_FORWARDED_FOR").

Some use non-compliant proxies, which you might be able to detect based on their browser signatures (see http://phpsniff.sourceforge.net ).

Finally, some use open proxies, which are bad. You can thankfully detect those to some degree using the Blitzed Open Proxy Blacklist : http://wiki.blitzed.org/BOPM

However, none of that is reliable, and plenty of proxies don't meet any of those categories. As a result, no, you cannot detect a "proxy user". The above categories are the closest you can come.
scottayy wrote:Perhaps i can set up a few scripts to check for duplicate accounts with the same IP addresses, and then check their validity. Some may be valid (IE: brother & sister registering from the same computer).. but a script would make it much easier.
This too is also fraught with inaccuracies. I've done a number of posts on why IP != user. Not at all, not close, not reliably, NO. Shared IP's on national ISPs are not uncommon. Whole 50,000+ user environments can come from one IP (Large Businesses in the US often use a single cluster for web proxying).

The list goes on. IPs are not at all, in any way, reliably related to users.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

so then how do I stop people from registering 1839182 accounts in a row? this has happened to me A LOT in the past few days and I am getting sick of deleting.

the only thing i can think of is an approval process... which i don't really want to do.
but meh =/
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

scottayy wrote:the only thing i can think of is an approval process... which i don't really want to do.
Remove the incentives to being a user. Don't show their urls in the membership list, don't allow them to post without moderation for the first (3, 8, dozen?) posts, etc.

If automation is gaining them something, they will keep doing it.
Post Reply