[Tutorial] How to avoid visits by Proxies

[misterbit]

Hi, I think that owners of faucets that are one of the things that do not hurt are the use of proxies, as yesterday looking for and looking for found this site that helps us quite the truth.

http://getipintel.net/

It is insert this code at the top of the index.php of the template we are using.

Where $contactEmail="Your mail";

Then where <meta HTTP-EQUIV="Refresh" Content="0; URL=web.html"> web.html is a text file that is made with Notepad and we put inside for example (It appears you're a Proxy / VPN / bad IP, please contact [Your mail] for more information) and we got it to the main directory where you will find the config.php.

This is what makes redirect proxies to web.html visits

Sorry the code is incomplete, go to github
https://github.com/blackdotsh/getIPIntel

Code:

<?php
/*
* A PHP function that interacts with http://getIPIntel.net to look up an IP address
* returns TRUE if the IP returns a value greater than $banOnProability,
* FALSE otherwise, including errors
* HTTP error codes are NOT explicitly implemented here
* This should be used as a guide, be sure to edit and test it before using it in production

* MIT License
*/ 


//function requires curl
function checkProxy($ip){
		$contactEmail="Your mail";
		$timeout=3; //by default, wait no longer than 3 secs for a response
		$banOnProability=0.99; //if getIPIntel returns a value higher than this, function returns true, set to 0.99 by default
		
		//init and set cURL options
		$ch = curl_init();
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);

		//if you're using custom flags (like flags=m), change the URL below
		curl_setopt($ch, CURLOPT_URL, "http[Suspicious link removed]c($ch);
		
		curl_close($ch);
		
		
		if ($response > $banOnProability) {
				return true;
		} else {
			if ($response < 0 || strcmp($response, "") == 0 ) {
				//The server returned an error, you might want to do something
				//like write to a log file or email yourself
				//This could be true due to an invalid input or you've exceeded
				//the number of allowed queries. Figure out why this is happening
				//because you aren't protected by the system anymore
			}
				return false;
		}
}


$ip=$_SERVER['REMOTE_ADDR'];

if (checkProxy($ip)) {
	/* A proxy has been detected based on your criteria
	 * Do whatever you want to here
	 */
	echo '<META HTTP-EQUIV="Refresh" Content="0; URL=web.html">';    
    exit;
}

?>

I am new to this scene so they will be welcomed the recommendations and suggestions, sorry for my language, I am Spanish.

########################################

########################################

Another way to block proxies

Put this in your .htaccess, remove RewriteEngine on in the event that already is in the .htaccess

Code:

RewriteEngine on

RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ – [F]

Then in the index.php of the template on <!DOCTYPE html>

Code:

<?php if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
die("Here a message, for example prohibited use proxies");
?>

Source http://forum.youhosting.com/topic3516-block-proxy-server-customize-your-htaccess-and-php-code.html

########################################

Friends I am new and I don't know much php only try to help us all, sorry for my mistakes.

By the way I sell advertising space on my website I would be helpful https://bitcointalk.org/index.php?topic=1208325.msg12703029.

[misterbit]

Updated the tutorial.

[examplens]

Nice work sir, thanks for the idea of where to start with this faith. will be good to get more people involved in this project

[misterbit]

Yes thank you, and really works look for proxies online and you will see

Nice work sir, thanks for the idea of where to start with this faith. will be good to get more people involved in this project

[wuasax]

misterbit can help me to put that code in my web? disculpa mi ingles es malisimo pero me ayudarias a colocar ese codigo en mi pagina?

[misterbit]

Send me private message that the Forum is in English

misterbit can help me to put that code in my web? disculpa mi ingles es malisimo pero me ayudarias a colocar ese codigo en mi pagina?

[misterbit]

Thank you friend for taking the time to help us, I'm not at all an expert on codes or php, the problem is that we are suffering a continuous attack bots and I was just looking for a solution to the problem.

Hi there, I'd like to correct some misconceptions from OP's post. GetIPIntel.net don't specifically look for countries like Brazil, the machine learning algorithm does not care what the ISP name is, where it's registered, or the country origin because they can be changed with a simple SWIP request. The algorithm looks at more technical details about a particular IP & details that can't be changed easily.

I looked at the .htaccess file and I can it appears a noticeable amount are not proxies. Some IP addresses aren't even route-able (via the public internet) as of this post. Here's a list of them:

Code:

202.150.91.18 : -3
200.226.137.11 : -3
200.226.137.13 : -3
202.150.91.26 : -3
80.88.11.131 : -3
202.150.91.18 : -3
200.226.137.13 : -3
200.226.137.12 : -3
81.199.24.18 : -3
200.226.137.11 : -3
198.165.96.66 : -3
196.200.3.45 : -3
192.76.71.88 : -3
200.226.137.10 : -3
216.52.22.133 : -3
200.226.137.9 : -3
6.98.130.235 : -3

If you traceroute any of these IPs, you'll see it'll be dropped by your ISP because there's no BGP sessions for these IP addresses. Note that as this post ages, it might change but as of now, they are not route-able.

Some of the IPs I've looked at your list aren't from Brazil. Some seems like residential ADSL+ lines. Some IPs return a value >= 0.99 but it's still in the list. So from what I gather, the .htaccess file is an old list of abusers you've encountered in the past and it was your attempt to block them. Thus, adding the .htaccess file does not necessarily complement proxy detection in a general sense.

I'd like to add that if you exceed the amount of queries per minute, your site will no longer be protected. People that exceed the query limit on a daily basis and failure to correct it could result in a ban where the system returns "-5" for all queries. I do try to send a courtesy email to the contact address but this is not guaranteed.

This is why I have a section that says

Code:

//The server returned an error, you might want to do something

You should definitely take action when this happens because the assumption that you are still protected is false. It's also bad for me too because people start to think the website isn't accurate or doesn't work, which is not true. If the error handling section is not filled out, it's bad for both me and the user.

Regards,
GetIPIntel

[misterbit]

I have decided to remove the ips of the htaccess since I found it on the net and am not sure that they are not real people as you say.
What do you think we should do to protect ourselves?
Thank you very much for your help.

Hi there, I'd like to correct some misconceptions from OP's post. GetIPIntel.net don't specifically look for countries like Brazil, the machine learning algorithm does not care what the ISP name is, where it's registered, or the country origin because they can be changed with a simple SWIP request. The algorithm looks at more technical details about a particular IP & details that can't be changed easily.

I looked at the .htaccess file and I can it appears a noticeable amount are not proxies. Some IP addresses aren't even route-able (via the public internet) as of this post. Here's a list of them:

Code:

202.150.91.18 : -3
200.226.137.11 : -3
200.226.137.13 : -3
202.150.91.26 : -3
80.88.11.131 : -3
202.150.91.18 : -3
200.226.137.13 : -3
200.226.137.12 : -3
81.199.24.18 : -3
200.226.137.11 : -3
198.165.96.66 : -3
196.200.3.45 : -3
192.76.71.88 : -3
200.226.137.10 : -3
216.52.22.133 : -3
200.226.137.9 : -3
6.98.130.235 : -3

If you traceroute any of these IPs, you'll see it'll be dropped by your ISP because there's no BGP sessions for these IP addresses. Note that as this post ages, it might change but as of now, they are not route-able.

Some of the IPs I've looked at your list aren't from Brazil. Some seems like residential ADSL+ lines. Some IPs return a value >= 0.99 but it's still in the list. So from what I gather, the .htaccess file is an old list of abusers you've encountered in the past and it was your attempt to block them. Thus, adding the .htaccess file does not necessarily complement proxy detection in a general sense.

I'd like to add that if you exceed the amount of queries per minute, your site will no longer be protected. People that exceed the query limit on a daily basis and failure to correct it could result in a ban where the system returns "-5" for all queries. I do try to send a courtesy email to the contact address but this is not guaranteed.

This is why I have a section that says

Code:

//The server returned an error, you might want to do something

You should definitely take action when this happens because the assumption that you are still protected is false. It's also bad for me too because people start to think the website isn't accurate or doesn't work, which is not true. If the error handling section is not filled out, it's bad for both me and the user.

Regards,
GetIPIntel

[misterbit]

Then in

Code:

if ($response < 0 || strcmp($response, "") == 0 ) {

What should we put?

Code:

//The server returned an error, you might want to do something

You should definitely take action when this happens because the assumption that you are still protected is false. It's also bad for me too because people start to think the website isn't accurate or doesn't work, which is not true. If the error handling section is not filled out, it's bad for both me and the user.

Regards,
GetIPIntel

[FaucetRank.com]

Now it's working for me  
instead echo '<META HTTP-EQUIV="Refresh" Content="0; URL=web.html">'; I used echo "<script> window.location.replace('web.html') </script>"; and it worked

[misterbit]

Great, was another way of doing it.
You must also take into account the recommendations of getipintel It seems that it does not support many queries

Now it's working for me  
instead echo '<META HTTP-EQUIV="Refresh" Content="0; URL=web.html">'; I used echo "<script> window.location.replace('web.html') </script>"; and it worked

[zeflex]

Hi,

Happy to find this kind of post. I did also some protections for my faucets. The same than yours but a little bit different as it's coded inside a php framework. Also I will suggest to cache ip datas for few days to avoid useless queries to their API, as they limit calls to 1000 requests per day. (tuto for beginners: http://www.xeweb.net/2010/01/15/simple-php-caching/)

BTW, I wanna know if you have some stats related to users who use bitcoins, per percentage. Maybe we can share our analytics stats (by country) to compare?

What do you think ?

[misterbit]

Hi,

Happy to find this kind of post. I did also some protections for my faucets. The same than yours but a little bit different as it's coded inside a php framework. Also I will suggest to cache ip datas for few days to avoid useless queries to their API, as they limit calls to 1000 requests per day. (tuto for beginners: http://www.xeweb.net/2010/01/15/simple-php-caching/)

BTW, I wanna know if you have some stats related to users who use bitcoins, per percentage. Maybe we can share our analytics stats (by country) to compare?

What do you think ?

Hello, so great that the cache the compare data as my site is too new

[misterbit]

Hi,

Happy to find this kind of post. I did also some protections for my faucets. The same than yours but a little bit different as it's coded inside a php framework. Also I will suggest to cache ip datas for few days to avoid useless queries to their API, as they limit calls to 1000 requests per day. (tuto for beginners: http://www.xeweb.net/2010/01/15/simple-php-caching/)

BTW, I wanna know if you have some stats related to users who use bitcoins, per percentage. Maybe we can share our analytics stats (by country) to compare?

What do you think ?

And your code would go before or after the code GetIPIntel?

[zeflex]

Both of them:

You check if the ip datas is in your local cache
- If yes
> process datas

- If no
> request datas from the api
> Save datas in your cache
> process datas

[misterbit]

Both of them:

You check if the ip datas is in your local cache
- If yes
> process datas

- If no
> request datas from the api
> Save datas in your cache
> process datas

OK, but finally not that cache system worked me, it gave me error.
I tried others but cacheaba the page and I do not know if it generated errors with visitors at the time of receiving the reward.

[zeflex]

My code is :

Code:

	private function _checkProxyVpn() {

		$ipAddress = $this->request->clientIp(false);

		$bannedIps = Cache::read('ip_banned', '8week') ? Cache::read('ip_banned', '8week') : array();
		if (isset($bannedIps[$ipAddress])) {
			return true;
		}

		if (Cache::read('ip_' . $ipAddress, '1week')) {
			return false;
		}

		if (Cache::read('getipintel_lock', '1h')) {
			return false;
		}

		$url = sprintf('http://check.getipintel.net/check.php?ip=%s&format=json&contact=xxx@gmx.com', $ipAddress);
		list($httpCode, $res) = self::curlIt($url);

		if ($httpCode === 200) {
			$res = json_decode($res);
			if ($res->status === 'success') {
				if ($res->result >= 0.9) {
					$bannedIps[$ipAddress] = $res->result;
					Cache::write('ip_banned', $bannedIps, '8week');

					return true;
				}
				Cache::write('ip_' . $ipAddress, $res, '1week');
			} else {
				$this->log($res);
			}
		} elseif ($httpCode === 429) {
			Cache::write('getipintel_lock', 1, '1h');
		} else {
			$this->log($res);
		}

		return false;
	}

It's not documented but it could help a little bit to understand the logic.

[pjsonowal]

Hi, I think that owners of faucets that are one of the things that do not hurt are the use of proxies, as yesterday looking for and looking for found this site that helps us quite the truth.

http://getipintel.net/

It is insert this code at the top of the index.php of the template we are using.

Where $contactEmail="Your mail";

Then where <meta HTTP-EQUIV="Refresh" Content="0; URL=web.html"> web.html is a text file that is made with Notepad and we put inside for example (It appears you're a Proxy / VPN / bad IP, please contact [Your mail] for more information) and we got it to the main directory where you will find the config.php.

This is what makes redirect proxies to web.html visits

Sorry the code is incomplete, go to github
https://github.com/blackdotsh/getIPIntel

Code:

<?php
/*
* A PHP function that interacts with http://getIPIntel.net to look up an IP address
* returns TRUE if the IP returns a value greater than $banOnProability,
* FALSE otherwise, including errors
* HTTP error codes are NOT explicitly implemented here
* This should be used as a guide, be sure to edit and test it before using it in production

* MIT License
*/ 


//function requires curl
function checkProxy($ip){
		$contactEmail="Your mail";
		$timeout=3; //by default, wait no longer than 3 secs for a response
		$banOnProability=0.99; //if getIPIntel returns a value higher than this, function returns true, set to 0.99 by default
		
		//init and set cURL options
		$ch = curl_init();
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);

		//if you're using custom flags (like flags=m), change the URL below
		curl_setopt($ch, CURLOPT_URL, "http[Suspicious link removed]c($ch);
		
		curl_close($ch);
		
		
		if ($response > $banOnProability) {
				return true;
		} else {
			if ($response < 0 || strcmp($response, "") == 0 ) {
				//The server returned an error, you might want to do something
				//like write to a log file or email yourself
				//This could be true due to an invalid input or you've exceeded
				//the number of allowed queries. Figure out why this is happening
				//because you aren't protected by the system anymore
			}
				return false;
		}
}


$ip=$_SERVER['REMOTE_ADDR'];

if (checkProxy($ip)) {
	/* A proxy has been detected based on your criteria
	 * Do whatever you want to here
	 */
	echo '<META HTTP-EQUIV="Refresh" Content="0; URL=web.html">';    
    exit;
}

?>

I am new to this scene so they will be welcomed the recommendations and suggestions, sorry for my language, I am Spanish.

########################################

########################################

Another way to block proxies

Put this in your .htaccess, remove RewriteEngine on in the event that already is in the .htaccess

Code:

RewriteEngine on

RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]

hmmm.. thanx as i was just going to open a faucet myself.....THANX a LOTT :)
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ – [F]

Then in the index.php of the template on <!DOCTYPE html>

Code:

<?php if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
die("Here a message, for example prohibited use proxies");
?>

Source http://forum.youhosting.com/topic3516-block-proxy-server-customize-your-htaccess-and-php-code.html

########################################

Friends I am new and I don't know much php only try to help us all, sorry for my mistakes.

By the way I sell advertising space on my website I would be helpful https://bitcointalk.org/index.php?topic=1208325.msg12703029.

[misterbit]

My code is :

Code:

	private function _checkProxyVpn() {

		$ipAddress = $this->request->clientIp(false);

		$bannedIps = Cache::read('ip_banned', '8week') ? Cache::read('ip_banned', '8week') : array();
		if (isset($bannedIps[$ipAddress])) {
			return true;
		}

		if (Cache::read('ip_' . $ipAddress, '1week')) {
			return false;
		}

		if (Cache::read('getipintel_lock', '1h')) {
			return false;
		}

		$url = sprintf('http://check.getipintel.net/check.php?ip=%s&format=json&contact=xxx@gmx.com', $ipAddress);
		list($httpCode, $res) = self::curlIt($url);

		if ($httpCode === 200) {
			$res = json_decode($res);
			if ($res->status === 'success') {
				if ($res->result >= 0.9) {
					$bannedIps[$ipAddress] = $res->result;
					Cache::write('ip_banned', $bannedIps, '8week');

					return true;
				}
				Cache::write('ip_' . $ipAddress, $res, '1week');
			} else {
				$this->log($res);
			}
		} elseif ($httpCode === 429) {
			Cache::write('getipintel_lock', 1, '1h');
		} else {
			$this->log($res);
		}

		return false;
	}

It's not documented but it could help a little bit to understand the logic.

Thank you friend

[misterbit]

My code is :

Code:

	private function _checkProxyVpn() {

		$ipAddress = $this->request->clientIp(false);

		$bannedIps = Cache::read('ip_banned', '8week') ? Cache::read('ip_banned', '8week') : array();
		if (isset($bannedIps[$ipAddress])) {
			return true;
		}

		if (Cache::read('ip_' . $ipAddress, '1week')) {
			return false;
		}

		if (Cache::read('getipintel_lock', '1h')) {
			return false;
		}

		$url = sprintf('http://check.getipintel.net/check.php?ip=%s&format=json&contact=xxx@gmx.com', $ipAddress);
		list($httpCode, $res) = self::curlIt($url);

		if ($httpCode === 200) {
			$res = json_decode($res);
			if ($res->status === 'success') {
				if ($res->result >= 0.9) {
					$bannedIps[$ipAddress] = $res->result;
					Cache::write('ip_banned', $bannedIps, '8week');

					return true;
				}
				Cache::write('ip_' . $ipAddress, $res, '1week');
			} else {
				$this->log($res);
			}
		} elseif ($httpCode === 429) {
			Cache::write('getipintel_lock', 1, '1h');
		} else {
			$this->log($res);
		}

		return false;
	}

It's not documented but it could help a little bit to understand the logic.

PHP Parse error:  syntax error, unexpected 'private' (T_PRIVATE) in /index.php on line 2