Blocking access from proxy sites??

Did we ever figure out a way to block people accessing our sites using proxies? .. I know some sites can tell if you are using proxy sites, programs like hotspot shield, Tor . things like that. Anyone have an idea how to stop them from accessing a Dolphin site?

Yes

 elaborate PLEASE?

Trying to block trolls using proxy eh? 

 Well yeah and no, not just trolls.. bots use proxies too. I just want all proxies blocked, if not all then a good majority then, I think there is a why to tell and deny if they are visiting via proxy. Waiting to see what HL comes up with.

Do you want to block the entire site, or just the join form? 

 All proxies from my join, and chat pages would be nice,,,, if i have to do from the entire site I will.

I'd just use it on the join form if I were you.  The service isn't free, and can get expensive if you overuse it.

http://www.maxmind.com/en/ccv_buynow

After purchasing credits, you can add this to the beginning of  join.php

<?php


/* Begin Maxmind Proxy Detection */

$license_key = 'Your License Key Goes Here';
$ipaddress = $_SERVER['REMOTE_ADDR'];
$query = "https://minfraud1.maxmind.com/app/ipauth_http?l=" . $license_key
  . "&ipaddr=" . $ipaddress;
$score = file_get_contents($query);
$numericScore = str_replace("proxyScore=", "", $score);
//echo "$numericScore";

if ($numericScore > .5) {
header( 'Location: denied.php' ) ;
}

/* End Maxmind Proxy Detection */

Users trying to access join.php via a proxy server will be redirected to denied.php, or whatever url you decide,

I use GeoIP to allow site access from only the US... that gets rid of 95% of the planet, and Maxmind gets rid of those using US based proxy servers.   A good thing about the Maxmind service, is that it sends a proxy score so you can reject only the proxy servers that are bad... not all of them are.

TY, I am going to buy it, I got my bots joining under control. I am going to try it on my chat pages, I get "hackers" that like to come in scripting and running packets at times,, i block their pool of ips they keep pulling from then they just tor in or use one of the many other proxy programs,,  I think I am going to try this and see if it does any good.

Why would you need it on a chat page?  Isn't your chat for members only?

Nope,, I allow "guest" and "no registration needed for chat".. I get loads of hits from that search in Google alone lol.

 RE:

 Well, in that case, you deserve to be hacked.   Maxmind may not help you.  You'll probably go through queries so fast, that  you'll go broke. Just out of curiosity, what good is some chat person that can't even be bothered to fill out a join form.... what... they have time to type mindless comments in a chat room for hours, but they don't have all minute to fill out a join form?

 no, and no! .. and for the record "no one deserves to be "hacked"" .. we allow guest so people can check the site out and see if they are interested in being a member, we do not allow guest to view cams and stuff though. Second I am fixing to test it, it is not like I get ALOT of proxy hits, normally it is just someone who has been IP banned from chat trying to get back in. I dont see how you can say the join would be less traffic than the chat. And not sure how allow only members to chat would be more secure.. all they would do then is create new profiles one after another. I think proxy banning would be the way to go. once they see it no longer works they should give up. ... thanks for the site and the tip, bout to try it just now.

The way it works, is you have to test for a proxy server every time the page is accessed,  Every page access = money paid for a query.  Sounds to me like your chat page gets a whole lot more hits than your join form, so be prepared to watch those queries deplete rapidly.  You use, and pay for a query, regardless of whether it's a proxy or not.  Don't buy a lot of queries.

I use about 200 queries a day on a site that is still under development, and that has 95% of the planet blocked.

I requested this for the Access Management System from AntonLV and he said he would look at adding it to the module.

you can try checking out and researching this class: proxyCheck.class.php

 i got it working on one of my pages that was php,., but my other pages like popout and full screen and mobile client it html, is there an html version of this?

Another, cheaper option would be to integrate Maxmind's commercial version of the GeoIP Country database which could be used to block anonymous proxies.  It's not a good as using the web service, because its does not, or could not include data for Open Proxies.  Open proxy IPs change so frequently, it's impossible to include them in a fixed database.  Maybe a good solution for that free-for-all chat of yours, would be a combination of both.  Use GeoIP country to block anonymous proxies first, then use a web service to block open proxies.

You really should consider using Apache Mod GeoIP to   block all the completely useless traffic from CN, RU,  etc.... or don't you care if the chatters don't speak, read, or understand English?

 RE:

 No.  You can't check for a proxy client side... it has to be a server-side script

 ahh I see now

 Will look at that first thing in the morning when I am fresh and awake.

Actually there is already build-in support for Open Proxy Checking, it is opm.tornevall.com in DNSBL:

Admin panel > Tools > Antispam tools > DNS Block Lists

 thats only for 7.1 right?

 Yes, DNSBL was added in 7.1

 AlexT, what do I need to do to block proxies? 

Go to:

Admin panel > Tools > Antispam tools > DNS Block Lists 

Then enable opm.tornevall.com rule in DNSBL tab, make sure that DNSBL is enabled in anti-spam settings.

 i set this and hidemyass can still see my site,, any tricks after you enable it?

 
That database is used for blocking known open proxy ip addresses from joining your site. Works like all other DNS block lists.

It's not for hiding your site. Not sure what prompted you to think that it would.

 RE:

 This is where Maxmind's paid GeoIP database might be useful to you, as it contains all the IPs of anonymous proxies like hidemyass.  Maxmind updates this DB frequently, as sites like hidemyass frequently change their IP.  I'm really not sure how block lists for open proxies can stay up to date, since many of those IPs change on a daily basis.  Maxmind's open proxy detection is based on various criteria to determine the likelihood of an IP being an open proxy, and a high risk IP, and it does this on the fly...... I don't believe it uses   a preexisting list of IPs.  Maxminds open proxy detection is really good, but like I said, it can get expensive.  You definitely need to use it only on the join form, and you must do everything you can to keep bots and search engines off join.php.   Every request for join.php will cost you .5 cents.  That may not sound like much, but it can add up.  Your server access logs should tell you how many hits join.php gets, and could giive you some insight as to what the service would cost you.

The truth is, as long as you have an open, free-for-all website that doesn't even require people to register to use chat, you are going to have these headaches.  I honestly don't understand what could be so important about people being able to use chat, when they can't even be bothered to fill out a join form.

 Because that is what me and HL was talking about at first then alex chimed in and said it was added to 7.1 so I just went in there and enabled it,, didnt even get it any look other than that

 Yeah I am using that one and it works great at blocking my chat boxes that are coded in php.. but i have 2 other options "pop out" and "fullscreen" that are in html so it wont work on those to. I like the way it works and it works very well I dont mind paying .05 cents to keep trolls out of the chat, after a while they will just give up and move on. I leave it free to chat as a "guest" cause it is a mobile heavy site and ALOT of the mobile users find it hard to login or create an account mobile .. always one issue or another,, but dolphin jay and I been working the last two days to take it to 7.1 and we will see how mobile users find joining and logging in to be with this I might set chat for members only.

 RE:

 It will work everywhere if you insert the proxy check into the right place, or use a php file to pop up the content.