Is there any php code that can detect vpn/proxy

DuddlyDoRight

sr. member

Activity: 318

Merit: 260

Quote from: Kazuldur on December 30, 2016, 04:15:03 PM

Quote from: ImHash on December 30, 2016, 04:12:28 PM

If the whole internet connection is passing through the proxy/vpn/tunnel then not a chance, also tor uses a protocol that you can't tell if it's a tor relay or not.

Actually testing if connection is from Tor is trivial, as Tor advertises list of all exit nodes.

Detecting proxies/vpns/tunnels is of course impossible to do 100% accurately, but you can try to build blacklists of known services (and that's what nastyhosts does), greatly reducing problem.

You beat me to it.. Just add exit nodes to blacklist DB tables.. TOR defeated

SMS with SMS verification on region-change is also proven to beat TOR with no blacklisting or proxy-detection at all..

Kazuldur

legendary

Activity: 971

Merit: 1000

Quote from: ImHash on December 30, 2016, 04:12:28 PM

If the whole internet connection is passing through the proxy/vpn/tunnel then not a chance, also tor uses a protocol that you can't tell if it's a tor relay or not.

Actually testing if connection is from Tor is trivial, as Tor advertises list of all exit nodes.

Detecting proxies/vpns/tunnels is of course impossible to do 100% accurately, but you can try to build blacklists of known services (and that's what nastyhosts does), greatly reducing problem.

ImHash

hero member

Activity: 924

Merit: 506

If the whole internet connection is passing through the proxy/vpn/tunnel then not a chance, also tor uses a protocol that you can't tell if it's a tor relay or not.

AdrianoCoins

newbie

Activity: 39

Merit: 0

code showed for tungaqhd + nastyhosts.com = nice protection free Cool

Kazuldur

legendary

Activity: 971

Merit: 1000

You can use nastyhosts.com. It's like getipintel but with much higher limits.

Disclaimer: I've worked for company that's running NastyHosts.

btcoinworld

newbie

Activity: 20

Merit: 0

Quote from: krishnapramod on December 30, 2016, 02:15:05 AM

Quote from: DuddlyDoRight on December 29, 2016, 07:28:48 PM

Most services do have query limits.

It's not hard to code a simple bot that factors site-policy. Most sites have them and it stops nobody.

"INSERT INTO blacklist(id,ip) VALUES(:id,:ip);"
"SELECT id FROM blacklist WHERE ip=:param1 LIMIT 1;"
"UPDATE users SET threshold=threshold+1 WHERE session=:sid LIMIT 1;"
"SELECT userid FROM users WHERE session=:sid AND threshold>:qlimit LIMIT 1;"

Those and about ten lines of PHP give you blacklisting and threshold. The only improvements would be account-type variable profiles.

How I deal with bots: RNG, JS>AJAX, and reCaptcha.. Let them use VPN or whatever.. They'll have to manually work every one or use a solving-service, and those solving services charge exponential rates to what faucets and BTC games pay(which correlates to my other post on these forums about only idiots using faucets and games).

This guy should be a pro with the language he is using, have not even heard about RNG. It would be really good of you to share further details about blocking bad IPs or bots, everyone ain't as good as you when it comes to coding, sharing is caring, a bit detailed explanation would not not harm anybody

Acccording to Wikepedia it is Random-number generator (RNG) hehe Tongue

But I agree with you, it would be really good to share some knowledge Roll Eyes

krishnapramod

legendary

Activity: 1470

Merit: 1079

Quote from: DuddlyDoRight on December 29, 2016, 07:28:48 PM

Most services do have query limits.

It's not hard to code a simple bot that factors site-policy. Most sites have them and it stops nobody.

"INSERT INTO blacklist(id,ip) VALUES(:id,:ip);"
"SELECT id FROM blacklist WHERE ip=:param1 LIMIT 1;"
"UPDATE users SET threshold=threshold+1 WHERE session=:sid LIMIT 1;"
"SELECT userid FROM users WHERE session=:sid AND threshold>:qlimit LIMIT 1;"

Those and about ten lines of PHP give you blacklisting and threshold. The only improvements would be account-type variable profiles.

How I deal with bots: RNG, JS>AJAX, and reCaptcha.. Let them use VPN or whatever.. They'll have to manually work every one or use a solving-service, and those solving services charge exponential rates to what faucets and BTC games pay(which correlates to my other post on these forums about only idiots using faucets and games).

This guy should be a pro with the language he is using, have not even heard about RNG. It would be really good of you to share further details about blocking bad IPs or bots, everyone ain't as good as you when it comes to coding, sharing is caring, a bit detailed explanation would not not harm anybody

btcoinworld

newbie

Activity: 20

Merit: 0

Quote from: DuddlyDoRight on December 29, 2016, 07:28:48 PM

Most services do have query limits.

It's not hard to code a simple bot that factors site-policy. Most sites have them and it stops nobody.

"INSERT INTO blacklist(id,ip) VALUES(:id,:ip);"
"SELECT id FROM blacklist WHERE ip=:param1 LIMIT 1;"
"UPDATE users SET threshold=threshold+1 WHERE session=:sid LIMIT 1;"
"SELECT userid FROM users WHERE session=:sid AND threshold>:qlimit LIMIT 1;"

Those and about ten lines of PHP give you blacklisting and threshold. The only improvements would be account-type variable profiles.

How I deal with bots: RNG, JS>AJAX, and reCaptcha.. Let them use VPN or whatever.. They'll have to manually work every one or use a solving-service, and those solving services charge exponential rates to what faucets and BTC games pay.

Hi.

Can you provide, if possible, more details on how to do it? Huh

DuddlyDoRight

sr. member

Activity: 318

Merit: 260

Most services do have query limits.

It's not hard to code a simple bot that factors site-policy. Most sites have them and it stops nobody.

"INSERT INTO blacklist(id,ip) VALUES(:id,:ip);"
"SELECT id FROM blacklist WHERE ip=:param1 LIMIT 1;"
"UPDATE users SET threshold=threshold+1 WHERE session=:sid LIMIT 1;"
"SELECT userid FROM users WHERE session=:sid AND threshold>:qlimit LIMIT 1;"

Those and about ten lines of PHP give you blacklisting and threshold. The only improvements would be account-type variable profiles.

How I deal with bots: RNG, JS>AJAX, and reCaptcha.. Let them use VPN or whatever.. They'll have to manually work every one or use a solving-service, and those solving services charge exponential rates to what faucets and BTC games pay(which correlates to my other post on these forums about only idiots using faucets and games).

felicita

legendary

Activity: 1582

Merit: 1031

Quote from: tungaqhd on December 29, 2016, 09:45:50 AM

I see this code working very well, but their sever reject my sever ip while i am trying to curl their sever
https://github.com/blackdotsh/getIPIntel

found this in the F:A:Q: of getipintel D:

How many queries can I make?
There's a rate limit 15 requests / minute to prevent abuse as well as a burst parameter set to ensure smoothing of traffic. If you hit any of these limits, the web server will return a 429 error. Please do not exceed 500 queries per day. The limits may change based on abuse and/or server load which will be posted on twitter and at least one week in advance. If you need guaranteed resources and/or more queries, please contact me. In most cases, the cost is significantly less than other paid services.

Code:

limit 15 requests / minute

have fun with a limit of 15/minute 500/day !!!!!

kind regards

tungaqhd

hero member

Activity: 1540

Merit: 508

Quote from: krishnapramod on December 29, 2016, 10:14:23 AM

Quote from: tungaqhd on December 29, 2016, 09:45:50 AM

I see this code working very well, but their sever reject my sever ip while i am trying to curl their sever
https://github.com/blackdotsh/getIPIntel

Told you, the code is really effective, now for this there might be two scenarios, does not have much knowledge of coding, even do not know what PHP stands for Grin

1. Might be your server IP is blacklisted

2. Or the hosting service you are using does not have curl enabled which is rare, most of the latest PHP version comes with curl.

Like I said, I am not into coding, just know the basics (not even the basics), just to make my faucet stand a bot attack. I guess gpintel have a limit on requests per minute (does not apply to paid users).

Earlier I saw a thread by felicita (yannik admin) to block bad IP's, have to pay, have not gone through the details.

Buddy just go through this section, and spend some time, PHP ain't child's play, start with getting the IP's and finding if they are good or bad (nasthosts or enjen or http://www.ip2location.com/free/visitor-blocker) and block the bad IP's in that ASN

Thank you, i am not a professional coder, they are teaching me pascal at high school Roll Eyes

i will try more way to prevent bots like you said

krishnapramod

legendary

Activity: 1470

Merit: 1079

Quote from: tungaqhd on December 29, 2016, 09:45:50 AM

I see this code working very well, but their sever reject my sever ip while i am trying to curl their sever
https://github.com/blackdotsh/getIPIntel

Told you, the code is really effective, now for this there might be two scenarios, does not have much knowledge of coding, even do not know what PHP stands for Grin

1. Might be your server IP is blacklisted

2. Or the hosting service you are using does not have curl enabled which is rare, most of the latest PHP version comes with curl.

Like I said, I am not into coding, just know the basics (not even the basics), just to make my faucet stand a bot attack. I guess gpintel have a limit on requests per minute (does not apply to paid users).

Earlier I saw a thread by felicita (yannik admin) to block bad IP's, have to pay, have not gone through the details.

Buddy just go through this section, and spend some time, PHP ain't child's play, start with getting the IP's and finding if they are good or bad (nasthosts or enjen or http://www.ip2location.com/free/visitor-blocker) and block the bad IP's in that ASN

tungaqhd

hero member

Activity: 1540

Merit: 508

I see this code working very well, but their sever reject my sever ip while i am trying to curl their sever
https://github.com/blackdotsh/getIPIntel

FaucetRank.com

hero member

Activity: 868

Merit: 500

Quote from: tungaqhd on December 29, 2016, 02:28:51 AM

Thank for all your help, my faucet have ptcwall and offers, so i want to prevent bad ip on accessing earing page

It is very necessary to learn about how to prevent bots/ Vps / Tor or proxy/ bad Ips because without this knowledge you can not run your faucet successfully. All above codes mentioned above are good way to prevent bots/vps/proxy/bad ips but you should also keep in mind sometimes these codes also ban real human users so you should create a code to white list real users Ip address if they get banned.

DuddlyDoRight

sr. member

Activity: 318

Merit: 260

"90%"? No way.. The bottom feeder bot developers and users at sites like thebot [dot] net use copied lists that after downed and non-elite proxies are removed are least a couple dozen uniques. Some of them are actually capable of testing lists and using them in the horribly buggy .NET bots there.. You would have to use statistics and blacklists for these. Real threats will do full audits of lists using a python script or something and use a lot of random timers and full emulation of JS and such in their bots.
Banning entire subnets is anti-commerce. You deal with DHCP with browser fingerprinting, penny deposits, or SMS with region logging.

tungaqhd

hero member

Activity: 1540

Merit: 508

Thank for all your help, my faucet have ptcwall and offers, so i want to prevent bad ip on accessing earing page

krishnapramod

legendary

Activity: 1470

Merit: 1079

Quote from: tungaqhd on December 29, 2016, 12:44:35 AM

Quote from: DuddlyDoRight on December 29, 2016, 12:17:11 AM

There are a couple headers you can use to detect HTTP and SOCKS 4/5 proxies(the non-"elite" ones). VPN subsets, VPS, and stealth proxies require scraping and building IP blacklists and optionally detecting region changes using a region-subnet cached DB..

It's about 20 lines of PHP including the PDO DB code..

I tried this code

Code:

$proxy_headers = array(
        'HTTP_VIA',
        'HTTP_X_FORWARDED_FOR',
        'HTTP_FORWARDED_FOR',
        'HTTP_X_FORWARDED',
        'HTTP_FORWARDED',
        'HTTP_CLIENT_IP',
        'HTTP_FORWARDED_FOR_IP',
        'VIA',
        'X_FORWARDED_FOR',
        'FORWARDED_FOR',
        'X_FORWARDED',
        'FORWARDED',
        'CLIENT_IP',
        'FORWARDED_FOR_IP',
        'HTTP_PROXY_CONNECTION'
    );
    foreach($proxy_headers as $x){
        if (isset($_SERVER[$x])) { die("You are using a proxy!");}
    }
// M
?>

But it said my real ip as proxy

The above code is really effective, but sometime blocks non-proxy users also (but about 90% accurate)

There are paid options like getip intel, very good service

https://getipintel.net/

https://github.com/blackdotsh/getIPIntel

If you are using FaucetBox script, then nastyhosts is there, in my opinion they are one of the best because when my faucet got drained in just a few minutes I used it. I had to use it manually, but blocked 99% of proxy or bad ip's through htaccess.

I had done it manually, just catch a bad IP, check it with http://v1.nastyhosts.com/IP

and then use ASN blocklist to block the whole bad IP range

https://www.enjen.net/asn-blocklist/index.php

https://bitcointalksearch.org/topic/m.16902102

So far my collection of bad IP's

http://pastebin.com/k9eMLy9d

Also check your analytics data and block spam referral traffic

Code:

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} example\.com [NC]

RewriteRule .* - [F]

Hope it is helpful

DuddlyDoRight

sr. member

Activity: 318

Merit: 260

Remove what matches. Without blacklisting IPs you're only going to stop 35%-74% or so anyway.

tungaqhd

hero member

Activity: 1540

Merit: 508

Quote from: DuddlyDoRight on December 29, 2016, 12:17:11 AM

There are a couple headers you can use to detect HTTP and SOCKS 4/5 proxies(the non-"elite" ones). VPN subsets, VPS, and stealth proxies require scraping and building IP blacklists and optionally detecting region changes using a region-subnet cached DB..

It's about 20 lines of PHP including the PDO DB code..

I tried this code

Code:

$proxy_headers = array(
        'HTTP_VIA',
        'HTTP_X_FORWARDED_FOR',
        'HTTP_FORWARDED_FOR',
        'HTTP_X_FORWARDED',
        'HTTP_FORWARDED',
        'HTTP_CLIENT_IP',
        'HTTP_FORWARDED_FOR_IP',
        'VIA',
        'X_FORWARDED_FOR',
        'FORWARDED_FOR',
        'X_FORWARDED',
        'FORWARDED',
        'CLIENT_IP',
        'FORWARDED_FOR_IP',
        'HTTP_PROXY_CONNECTION'
    );
    foreach($proxy_headers as $x){
        if (isset($_SERVER[$x])) { die("You are using a proxy!");}
    }
// M
?>

But it said my real ip as proxy

DuddlyDoRight

sr. member

Activity: 318

Merit: 260

There are a couple headers you can use to detect HTTP and SOCKS 4/5 proxies(the non-"elite" ones). VPN subsets, VPS, and stealth proxies require scraping and building IP blacklists and optionally detecting region changes using a region-subnet cached DB..

It's about 20 lines of PHP including the PDO DB code..

Topic: Is there any php code that can detect vpn/proxy (Read 1283 times)