is there anyway to stop people useing a proxy server from accessing my server for a site that i host.

I host a site called ghettowars.com
You give someone your link they click it you get a hit.
People use a list of proxy and a proxy program and hit there link a lot of times they get more hits but also killing my server.


Please help

-Jeremy

You can block some proxies by checking for the X-Forwarded-For header, but the problem is you can't distingiush the good proxies from the bad.

Simply blocking all proxies would have massive collateral damage.

And other proxies you cannot detect, since they are completely transparent.

In other to detect cheat you need to figure out another method.

Well i have been useing cpanel and when the server gose slow i check the last 300 visitors and it tells what address there calling but im not at home to keep watch of that 24/7 is there a script or something to log that to a txt file.

Apache logs everything automatically. Don't know where 'cPanel enriched' machines keep those by default, though.

On another note, if you get to much traffic you should clean out those Apache logs once in a while. Maybe even rotate them.

I want to detect proxy servers aswell by using php but for some reason it wont work for me. I am going to be switching my site to server beach within the week but it wont work on my current server and want to know if it will work on server beach if I switch. I am currently running apache on linux and have tried using the environment variable HTTP_X_FORWARDED_FOR but for some reason it doesn't seem to detect anything. I heard that it is an uncommon environment variable unlike REMOTE_ADDR so it might not be supported. Is there a way to add this functionality to my site and if so how?

The X-Forwarded-For header is entirely optional, so you cannot rely on it.

There just isn't a good way to detect proxies, except to keep large databases of what ISPs that use proxies, and what IP that are open proxies, etc etc...more work than it's worth.

Wow, Thanks for the very fast reply! So when you say optional, you mean that it might or might not be supported by the server? Is there a way to add support for that to the server? I have seen products like www.proxyguard.com but they are very expensive and mainly for affiliate type program. Do you know of a similar site to www.proxyguard.com?

I mean that X-Forwarded-For is optional in the sense that a proxy really doesn't need to add it.
And many proxies don't add the extra header in order to protect their users from attacks.

Proxy Guard seems to be quite a scheme, but I doubt they can really do what they claim. It's just too much information to process.
They'd most likely catch the large/systematic abusers, though...

Else, a good way to report abusers is the best defense. Let the community sort out their miscreants.

ive been useing HTTP_X_FORWARDED_FOR sence i started the site.

but in the long run there is know real good way to stop proxy users?

There must be a good solution for detecting proxy users. Places like cj.com are able to detect proxies very well so there must be a method but I think that unless its a really large scale site or major part of your site like an affiliate program it might not be worth it. I think I might just find new ways to live with proxy cheaters as suggested before. If you still are looking, maybe check some of those traffic trading scripts or some of the vote scripts because I know they are able to detect much more than some of the other scripts. I think there is an open source TGP script called Traffic Traders or something like that and you might be able to check in there to see if they have anything to block proxies. If you find anything please post it here.

Found an interesting free script that you should take a look at. Its at http://www.unixcon.net/~datalogik/projects.php?cat=phpGuardIt. So far it worked for me and has lots of features in it.

hum ill check that out

I might know of a good way or 2.

1. Alot of proxies don't use Keep-Alive connections, but by blocking that you will also block some ISPs.

2. A better way would be to connect to another site and read their results.

For example cgi has LWP::Simple and Parellel which you can includeother websites, then parse them. Parse a site which check the data 99% of the proxies block the data for security reasons, and that way you can figure it out.

also about, X FOWARD is fine but I heward many new proxies will not fall for it.

It really is impossible to detect proxy servers. A properly configured anonymous proxy will appear in all respects to be a normal connection.

The solution I use on my site is:

1. Maintain a large list (~16000 ) of open proxies via a db and black hole them.

2. Use reverse DNS lookups on blackhole lists that track open proxies.

Additionally, many of the major ISP's (Earthlink, AOL, etc.) use proxy servers, so you'd essentially be blocking all of those users from your server/site.