proxies
Moderator: General Moderators
proxies
is it possible to determine if a user is using a proxy.. and if so, not allow them access to register?
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
so if someone registers say 20 accounts (which has happened lately.. even though I require a different email for each account, different usernames, and i have tokenized the register form to prevent fake forms from being processed) the only thing i can do is delete them and ban their ip?
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Sounds good... just extra work on my part i was hoping to avoid by checking for proxies. I was not aware of compliancy and ISPs using proxies, so it looks like I will not be able to do that.
Perhaps i can set up a few scripts to check for duplicate accounts with the same IP addresses, and then check their validity. Some may be valid (IE: brother & sister registering from the same computer).. but a script would make it much easier.
Thanks feyd.
Perhaps i can set up a few scripts to check for duplicate accounts with the same IP addresses, and then check their validity. Some may be valid (IE: brother & sister registering from the same computer).. but a script would make it much easier.
Thanks feyd.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland
Re: proxies
Bit of a trick answer: No, and let me tell you how.scottayy wrote:is it possible to determine if a user is using a proxy.. and if so, not allow them access to register?
There are users. Some use compliant proxies - which you can detect using getenv("HTTP_X_FORWARDED_FOR").
Some use non-compliant proxies, which you might be able to detect based on their browser signatures (see http://phpsniff.sourceforge.net ).
Finally, some use open proxies, which are bad. You can thankfully detect those to some degree using the Blitzed Open Proxy Blacklist : http://wiki.blitzed.org/BOPM
However, none of that is reliable, and plenty of proxies don't meet any of those categories. As a result, no, you cannot detect a "proxy user". The above categories are the closest you can come.
This too is also fraught with inaccuracies. I've done a number of posts on why IP != user. Not at all, not close, not reliably, NO. Shared IP's on national ISPs are not uncommon. Whole 50,000+ user environments can come from one IP (Large Businesses in the US often use a single cluster for web proxying).scottayy wrote:Perhaps i can set up a few scripts to check for duplicate accounts with the same IP addresses, and then check their validity. Some may be valid (IE: brother & sister registering from the same computer).. but a script would make it much easier.
The list goes on. IPs are not at all, in any way, reliably related to users.
so then how do I stop people from registering 1839182 accounts in a row? this has happened to me A LOT in the past few days and I am getting sick of deleting.
the only thing i can think of is an approval process... which i don't really want to do.
but meh =/
the only thing i can think of is an approval process... which i don't really want to do.
but meh =/
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Remove the incentives to being a user. Don't show their urls in the membership list, don't allow them to post without moderation for the first (3, 8, dozen?) posts, etc.scottayy wrote:the only thing i can think of is an approval process... which i don't really want to do.
If automation is gaining them something, they will keep doing it.