Proxy Check

[Sunchaser]

After reading some posts on this forum, I tried to assemble an anti-proxy function, could anyone pls revise it and
eventually tell me if i correctly implemented it?

Thanks.

Code: [Select]

function check_dnsbl( $ipaddress )
{

// check if the IP address is in the blacklist

$ret = ORM::factory('proxywhitelist') ->
where ( array( 'ipaddress' => $ipaddress) ) -> count_all();
if ( $ret > 0 )
return false;


if ( isset( $_SERVER['HTTP_VIA']) and isset( $_SERVER['HTTP_X_FORWARDED_FOR']) )
if($_SERVER['HTTP_VIA'] || $_SERVER['HTTP_X_FORWARDED_FOR'])
{
kohana::log('info', 'Attention! Ipaddress ' . $ipaddress . ' is a proxy! ' );
return true;
}

$dns_black_lists = file('./text/dnsbl.txt', FILE_IGNORE_NEW_LINES);

//Reverse ip
$rev_ipaddress = implode(array_reverse(explode('.', $ipaddress)), '.');
$response = array();
foreach ($dns_black_lists as $dns_black_list) {
kohana::log('debug', '=> checking ' . $ipaddress . ' on ' . $dns_black_list . '...' );
$response = (gethostbynamel($rev_ipaddress . '.' . $dns_black_list));
if (!empty($response))
{
kohana::log('info', 'Attention! Ipaddress ' . $ipaddress . ' is dns-blacklisted! ' );
return true;
exit;
}
}
return false;
}

[Freyr]

If I'm not mistaken, DNSBL is just a list of reported spammers. And mainly used for anti-spam email purposes.(please correct me if I'm wrong)
In theory, the script does work. But it practicality, it isn't sufficient.

One thing to keep in mind is that people actually do connect through proxies, and they have no control over it. It's a default by their ISP, and potentially they are in a pool of IP addresses so the IP adress you see is never constant. This is a big problem when using anything IP driven.
IP logging is mainly just used because it gives web' admin's a reference to who is browing their website and from where. It goes along with a time-stamp as well.

The theory of doing the above, logging IP and time of access, is to actually track the person if they are up to mischiff. You can contact the related ISP and give them the information you have, and they may(or may not) tell you who they are, or act on your behalf on punishment.
This is not fool-proof either, as it's a breach of the clients privacy, unless they engaged in illegal activity while they were on the ISP's network. Only then, could the ISP themselves be kept liable for your losses, etc..

Your best bet is not to use proxy detterent techniques at all. Because, alas, all the information you really do need is recorded by web server default(IP, REQUEST methods & data, time).

[CygnusX]

I would tend to agree with the above post.  Any good proxy server would change IP's periodically to keep systems like this from working.  What is the intended us?  To prevent multi's from routing through a proxy?

[Sunchaser]

I would tend to agree with the above post.  Any good proxy server would change IP's periodically to keep systems like this from working.  What is the intended us?  To prevent multi's from routing through a proxy?

Thank you for the answers. Yes, it is a check to prevent possible multis.

[133794m3r]

http://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htaccess/

Also i'm sure that there's a way to do this via php since you can still access the referrer header and other such information via php itself incase you don't have access to a htaaccess file. I've not yet looked into it yet, since i have no reason to block proxies other than this method since i know that my hoster will let me have my own custom .htaaccess file. I'm sure someone at the forums could probably rewrite such conditions into a php file. the parts of the HTTP header that is.

If not then i guess i don't know what to say about it, since i've not yet looked into it. But i know that some hosters beyond godaddy probably allow such things. If yours doesn't then i don't know what to say. But if they do, it's probably the perfect solution.

[codestryke]

If I'm not mistaken, DNSBL is just a list of reported spammers. And mainly used for anti-spam email purposes.(please correct me if I'm wrong)

This would be incorrect. You can subscribe to various RBL lists based on what your criteria might be, they have gone way beyond just spammer addresses (though this was the original intent).

The main idea behind this is to make it harder to multi. The admin can easily subscribe to an RBL list that has a list of known anonymous web proxies and deny access. The htaccess code and article provided above only denies requests made though a proxy that answers up that it is a proxy. The problem is anonymous proxy services when sending requests remove the proxy header information and thus appear to be a direct connection from the client IP. Oh yes and just about any good anonymous proxy service will have many IP's they pull from and all on various class addresses (hence the usefulness of an RBL list).

This method isn't the best it's just another tool for the administrator to use to prevent multi's from infecting there game. We've been using this method for over 5 years now and has proven to work

[Freyr]

Thanks for correcting me codestryke.

But, I can see how an implementation of a blacklist would work for some. But anyone with a decent knowledge of this would know bypassing systems like said would be fairly easy.
I do agree that you may be able to block sub-sets of the IP range, but this would potentially cause harm for some services located near the other "spamming" clients.
I, for one have not yet been able to get through this loop some "spammers" use. Because it is possible that within the same pool of IP's allocated to the "spammer", there is a server lurking. ISP's have been known to use the same pool of IP addresses for the connection of their clients and servers. To prove this example, let's take a small company. They ask their ISP to allocate four IPs to them, which they use for their traffic. They use two for their servers, and two for their employees. Some traffic needs to be filtered according to company policies(whether it be something as complex as BlueCoat, or something as simple as a Perl script) and then the filter connects to the website through their own allocated IP. This could potentially blacklist the companies public IP address.  (This is not likely, but it is something that has to be taken into consideration).

133794m3r (ps, 'leet' is juvenile, please consider a different alias),
As mentioned above, I use a VPS, get PHProxy, and viola.

I think the moral of this whole enigma is, that: IP blocking is insufficient, and therefor it can't be relied on to stop "spammers" as the only means of protection.
Keeping your server, scripts and apps protected is all that really matters in this messed up i'net word s'kiddies.

[133794m3r]

the code provided above was a way to block a lot without a ton of work. Since it'll block a lot of them without a ton of extra work. And blocklists are going to help but, it was something that was a way to help get against the rest of the system.

As far as my alias, i've been using it since i was 11. I'm not planning on changing it anytime soon since i've had it for years upon years now. It's all about layers, the more layers of things to help you protect yourself against scammers, spammers and other such things. The article i posted helps block a lot of things that'll do it automatically and thus is a nice little layer of security to help you.

I already know that no solution is perfect, and thus layers is always the best bet. Plus blocklists are ok, but they're full of flaws with things such as dynamic ips, domain names changing and other such things. For blocking of proxies and such i use on my own machine the following site http://www.iblocklist.com/lists.php to block all access to any attempts into my ssh server. For actual blocking of spammers i use the stop forum spam's api via the guildwars based php script to check for spammers on the list that was there.

[Freyr]

My intention wasn't to belittle you in any way, so sorry if I might have offended you. I just don't like numbers as names.

It's just that my view of blocking people are a little bit different than others. I don't like it.
If someone really wants to create an account, I let them. There's no harm in it for me or anyone else, I just create certain methods which makes it useless to do so. So there is no reason for them to do it.

One could use complex AI methods to log players and find similarities, and block them that way - but it's time consuming. I just tend to think that it's my own flaw if someone wants to create a new account, because my administration abilities are thus so, that they think I'm inferior so I take it upon myself to prove the player with the best playability possible that they won't do it.

Sure there's going to be that one player, that does it despite my careful planning, but that's why games have staff members that also play the game so they can figure out themselves who the baddies are and just block(and/or) delete their accounts.