Is there any php code that can detect vpn/proxy

[tungaqhd]

Hello, i am finding a php code that can detect vpn or proxy ( i know a php code is not enough, so if you know other way, please suggest me). Thank you.

[1714917229]

1714917229

[1714917229]

1714917229

[1714917229]

1714917229

[bitminpro67]

Hello i have already developed a code like that and tested with many vpn and proxy he detected them all if you want it pm me.

[tungaqhd]

Hello i have already developed a code like that and tested with many vpn and proxy he detected them all if you want it pm me.

Before pm i just want to ask is it free or not. If need to buy, i will consider later because i just start my website
Thanks

[DuddlyDoRight]

There are a couple headers you can use to detect HTTP and SOCKS 4/5 proxies(the non-"elite" ones). VPN subsets, VPS, and stealth proxies require scraping and building IP blacklists and optionally detecting region changes using a region-subnet cached DB..

It's about 20 lines of PHP including the PDO DB code..

[tungaqhd]

There are a couple headers you can use to detect HTTP and SOCKS 4/5 proxies(the non-"elite" ones). VPN subsets, VPS, and stealth proxies require scraping and building IP blacklists and optionally detecting region changes using a region-subnet cached DB..

It's about 20 lines of PHP including the PDO DB code..

I tried this code

Code:

 <?php
 $proxy_headers = array(
        'HTTP_VIA',
        'HTTP_X_FORWARDED_FOR',
        'HTTP_FORWARDED_FOR',
        'HTTP_X_FORWARDED',
        'HTTP_FORWARDED',
        'HTTP_CLIENT_IP',
        'HTTP_FORWARDED_FOR_IP',
        'VIA',
        'X_FORWARDED_FOR',
        'FORWARDED_FOR',
        'X_FORWARDED',
        'FORWARDED',
        'CLIENT_IP',
        'FORWARDED_FOR_IP',
        'HTTP_PROXY_CONNECTION'
    );
    foreach($proxy_headers as $x){
        if (isset($_SERVER[$x])) { die("You are using a proxy!");}
    }
// M
?> 

But it said my real ip as proxy

[DuddlyDoRight]

Remove what matches. Without blacklisting IPs you're only going to stop 35%-74% or so anyway.

[krishnapramod]

There are a couple headers you can use to detect HTTP and SOCKS 4/5 proxies(the non-"elite" ones). VPN subsets, VPS, and stealth proxies require scraping and building IP blacklists and optionally detecting region changes using a region-subnet cached DB..

It's about 20 lines of PHP including the PDO DB code..

I tried this code

Code:

 <?php
 $proxy_headers = array(
        'HTTP_VIA',
        'HTTP_X_FORWARDED_FOR',
        'HTTP_FORWARDED_FOR',
        'HTTP_X_FORWARDED',
        'HTTP_FORWARDED',
        'HTTP_CLIENT_IP',
        'HTTP_FORWARDED_FOR_IP',
        'VIA',
        'X_FORWARDED_FOR',
        'FORWARDED_FOR',
        'X_FORWARDED',
        'FORWARDED',
        'CLIENT_IP',
        'FORWARDED_FOR_IP',
        'HTTP_PROXY_CONNECTION'
    );
    foreach($proxy_headers as $x){
        if (isset($_SERVER[$x])) { die("You are using a proxy!");}
    }
// M
?> 

But it said my real ip as proxy

The above code is really effective, but sometime blocks non-proxy users also (but about 90% accurate)

There are paid options like getip intel, very good service

https://getipintel.net/

https://github.com/blackdotsh/getIPIntel

If you are using FaucetBox script, then nastyhosts is there, in my opinion they are one of the best because when my faucet got drained in just a few minutes I used it. I had to use it manually, but blocked 99% of proxy or bad ip's through htaccess.

I had done it manually, just catch a bad IP, check it with http://v1.nastyhosts.com/IP

and then use ASN blocklist to block the whole bad IP range

https://www.enjen.net/asn-blocklist/index.php

https://bitcointalk.org/index.php?topic=1200700.msg16902102#msg16902102

So far my collection of bad IP's

http://pastebin.com/k9eMLy9d

Also check your analytics data and block spam referral traffic

Code:

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} example\.com [NC]

RewriteRule .* - [F]

Hope it is helpful

[tungaqhd]

Thank for all your help, my faucet have ptcwall and offers, so i want to prevent bad ip on accessing  earing page

[DuddlyDoRight]

• "90%"? No way.. The bottom feeder bot developers and users at sites like thebot [dot] net use copied lists that after downed and non-elite proxies are removed are least a couple dozen uniques. Some of them are actually capable of testing lists and using them in the horribly buggy .NET bots there.. You would have to use statistics and blacklists for these. Real threats will do full audits of lists using a python script or something and use a lot of random timers and full emulation of JS and such in their bots.
• Banning entire subnets is anti-commerce. You deal with DHCP with browser fingerprinting, penny deposits, or SMS with region logging.

[FaucetRank.com]

Thank for all your help, my faucet have ptcwall and offers, so i want to prevent bad ip on accessing  earing page

It is very necessary to learn about how to prevent bots/ Vps / Tor or proxy/ bad Ips because without this knowledge you can not run your faucet successfully. All above codes mentioned above are good way to prevent bots/vps/proxy/bad ips but you should also keep in mind sometimes these codes also ban real human users so you should create a code to white list real users Ip address if they get banned.  

[tungaqhd]

I see this code working very well, but their sever reject my sever ip while i am trying to curl their sever
https://github.com/blackdotsh/getIPIntel

[krishnapramod]

I see this code working very well, but their sever reject my sever ip while i am trying to curl their sever
https://github.com/blackdotsh/getIPIntel

Told you, the code is really effective, now for this there might be two scenarios, does not have much knowledge of coding, even do not know what PHP stands for

1. Might be your server IP is blacklisted

2. Or the hosting service you are using does not have curl enabled which is rare, most of the latest PHP version comes with curl.

Like I said, I am not into coding, just know the basics (not even the basics), just to make my faucet stand a bot attack. I guess gpintel have a limit on requests per minute (does not apply to paid users).

Earlier I saw a thread by felicita (yannik admin) to block bad IP's, have to pay, have not gone through the details.

Buddy just go through this section, and spend some time, PHP ain't child's play, start with getting the IP's and finding if they are good or bad (nasthosts or enjen or http://www.ip2location.com/free/visitor-blocker) and block the bad IP's in that ASN

[tungaqhd]

I see this code working very well, but their sever reject my sever ip while i am trying to curl their sever
https://github.com/blackdotsh/getIPIntel

Told you, the code is really effective, now for this there might be two scenarios, does not have much knowledge of coding, even do not know what PHP stands for

1. Might be your server IP is blacklisted

2. Or the hosting service you are using does not have curl enabled which is rare, most of the latest PHP version comes with curl.

Like I said, I am not into coding, just know the basics (not even the basics), just to make my faucet stand a bot attack. I guess gpintel have a limit on requests per minute (does not apply to paid users).

Earlier I saw a thread by felicita (yannik admin) to block bad IP's, have to pay, have not gone through the details.

Buddy just go through this section, and spend some time, PHP ain't child's play, start with getting the IP's and finding if they are good or bad (nasthosts or enjen or http://www.ip2location.com/free/visitor-blocker) and block the bad IP's in that ASN

Thank you, i am not a professional coder, they are teaching me pascal at high school  i will try more way to prevent bots like you said

[felicita]

I see this code working very well, but their sever reject my sever ip while i am trying to curl their sever
https://github.com/blackdotsh/getIPIntel

found this in the F:A:Q: of getipintel D:


How many queries can I make?
There's a rate limit 15 requests / minute to prevent abuse as well as a burst parameter set to ensure smoothing of traffic. If you hit any of these limits, the web server will return a 429 error. Please do not exceed 500 queries per day. The limits may change based on abuse and/or server load which will be posted on twitter and at least one week in advance. If you need guaranteed resources and/or more queries, please contact me. In most cases, the cost is significantly less than other paid services.

Code:

limit 15 requests / minute

have fun with a limit of 15/minute    500/day !!!!!



kind regards

[DuddlyDoRight]

Most services do have query limits.

It's not hard to code a simple bot that factors site-policy. Most sites have them and it stops nobody.

"INSERT INTO blacklist(id,ip) VALUES(:id,:ip);"
"SELECT id FROM blacklist WHERE ip=:param1 LIMIT 1;"
"UPDATE users SET threshold=threshold+1 WHERE session=:sid LIMIT 1;"
"SELECT userid FROM users WHERE session=:sid AND threshold>:qlimit LIMIT 1;"

Those and about ten lines of PHP give you blacklisting and threshold. The only improvements would be account-type variable profiles.

How I deal with bots: RNG, JS>AJAX, and reCaptcha.. Let them use VPN or whatever.. They'll have to manually work every one or use a solving-service, and those solving services charge exponential rates to what faucets and BTC games pay(which correlates to my other post on these forums about only idiots using faucets and games).

[btcoinworld]

Most services do have query limits.

It's not hard to code a simple bot that factors site-policy. Most sites have them and it stops nobody.

"INSERT INTO blacklist(id,ip) VALUES(:id,:ip);"
"SELECT id FROM blacklist WHERE ip=:param1 LIMIT 1;"
"UPDATE users SET threshold=threshold+1 WHERE session=:sid LIMIT 1;"
"SELECT userid FROM users WHERE session=:sid AND threshold>:qlimit LIMIT 1;"

Those and about ten lines of PHP give you blacklisting and threshold. The only improvements would be account-type variable profiles.

How I deal with bots: RNG, JS>AJAX, and reCaptcha.. Let them use VPN or whatever.. They'll have to manually work every one or use a solving-service, and those solving services charge exponential rates to what faucets and BTC games pay.

Hi.

Can you provide, if possible, more details on how to do it?

[krishnapramod]

Most services do have query limits.

It's not hard to code a simple bot that factors site-policy. Most sites have them and it stops nobody.

"INSERT INTO blacklist(id,ip) VALUES(:id,:ip);"
"SELECT id FROM blacklist WHERE ip=:param1 LIMIT 1;"
"UPDATE users SET threshold=threshold+1 WHERE session=:sid LIMIT 1;"
"SELECT userid FROM users WHERE session=:sid AND threshold>:qlimit LIMIT 1;"

Those and about ten lines of PHP give you blacklisting and threshold. The only improvements would be account-type variable profiles.

How I deal with bots: RNG, JS>AJAX, and reCaptcha.. Let them use VPN or whatever.. They'll have to manually work every one or use a solving-service, and those solving services charge exponential rates to what faucets and BTC games pay(which correlates to my other post on these forums about only idiots using faucets and games).

This guy should be a pro with the language he is using, have not even heard about RNG. It would be really good of you to share further details about blocking bad IPs or bots, everyone ain't as good as you when it comes to coding, sharing is caring, a bit detailed explanation would not not harm anybody

[btcoinworld]

Most services do have query limits.

It's not hard to code a simple bot that factors site-policy. Most sites have them and it stops nobody.

"INSERT INTO blacklist(id,ip) VALUES(:id,:ip);"
"SELECT id FROM blacklist WHERE ip=:param1 LIMIT 1;"
"UPDATE users SET threshold=threshold+1 WHERE session=:sid LIMIT 1;"
"SELECT userid FROM users WHERE session=:sid AND threshold>:qlimit LIMIT 1;"

Those and about ten lines of PHP give you blacklisting and threshold. The only improvements would be account-type variable profiles.

How I deal with bots: RNG, JS>AJAX, and reCaptcha.. Let them use VPN or whatever.. They'll have to manually work every one or use a solving-service, and those solving services charge exponential rates to what faucets and BTC games pay(which correlates to my other post on these forums about only idiots using faucets and games).

This guy should be a pro with the language he is using, have not even heard about RNG. It would be really good of you to share further details about blocking bad IPs or bots, everyone ain't as good as you when it comes to coding, sharing is caring, a bit detailed explanation would not not harm anybody

Acccording to Wikepedia it is Random-number generator (RNG) hehe

But I agree with you, it would be really good to share some knowledge 

[Kazuldur]

You can use nastyhosts.com. It's like getipintel but with much higher limits.

Disclaimer: I've worked for company that's running NastyHosts.

[AdrianoCoins]

code showed for tungaqhd + nastyhosts.com = nice protection free