Can someone please tell me how I block someone who is browsing my site through a proxy? I have enabled the access restrictions and put both the person’s ip and the proxy ip in the ips to block, but it doesn’t seem to be stopping them.
I have read the manual and the knowledgebase and it looks as though I have put everything in correctly but the person is still managing to browse my site.
Can someone please help me urgently.
Many thanks.
[quote name=‘Lyn’]Can someone please tell me how I block someone who is browsing my site through a proxy? I have enabled the access restrictions and put both the person’s ip and the proxy ip in the ips to block, but it doesn’t seem to be stopping them.
I have read the manual and the knowledgebase and it looks as though I have put everything in correctly but the person is still managing to browse my site.
Can someone please help me urgently.
Many thanks.[/QUOTE]
If you have access to your CPanel on the host you can block there!
[quote name=‘Lyn’]Can someone please tell me how I block someone who is browsing my site through a proxy? I have enabled the access restrictions and put both the person’s ip and the proxy ip in the ips to block, but it doesn’t seem to be stopping them.[/QUOTE]
There is many things to do when trying to restrict proxies …
- Insert code in your web site scripts and applications to run RBL checks
of visitor IP connections against major blacklist databases
- Check for a “X-Forwarded-For” header in the HTTP information
- You can modify your server’s firewall to disallow incoming connections
originating from common proxy port numbers
- It takes a little more coding but you could also setup code to run active
proxy and relay scans against all incoming connections. This is one thing
I used on my forums many years ago and was very effective as the forums
knew for certain if you were trying to connect from a proxy and flat blocked it.
Here is a small PHP code snip that could easily be put inside your PHP scripts …
$blacklists = array('recent.spam.dnsbl.sorbs.net', 'web.dnsbl.sorbs.net', 'sbl-xbl.spamhaus.org', 'bl.spamcop.net');
$parts = explode('.', $_SERVER['REMOTE_ADDR']);
$ip = implode('.', array_reverse($parts)) . '.';
foreach($blacklists as $bl) {
$check = $ip . $bl;
if ($check != gethostbyname($check)) {
error_log('PHP Security: [DNSBL] - ' . $_SERVER['REMOTE_ADDR'] . ' - ' . $bl);
die("Your IP [{$_SERVER['REMOTE_ADDR']}] has been blacklisted by $bl");
}
}
if($_SERVER['HTTP_X_FORWARDED_FOR'] || $_SERVER['HTTP_X_FORWARDED'] || $_SERVER['HTTP_FORWARDED_FOR'] ||
$_SERVER['HTTP_CLIENT_IP'] || $_SERVER['HTTP_VIA']) {
die("Proxy servers are not permitted");
}
Try this one: [url]http://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htaccess/[/url]
Thank you all for your help. I think I have been able to block the person now using the access restrictions. And as it’s New Year and the holiday season, I will admit I must have had one of those dumba$$ moments referred to in a recent post and I had one of the digits wrong when inputting the ip.
[QUOTE]I will admit I must have had one of those dumba$$ moments referred to in a recent post and I had one of the digits wrong when inputting the ip.[/QUOTE]
This reminds me of when we receive customer calls stating "I tried to place an order online through your site & it tells me my card was declined, so I thought I would just call the order in & give you the credit card number (about now I am thinking “Okey Dokey”). So, I go online to view their declined order, and am viewing it as they are reading me their card number, and of course the digits just don’t seem to match what they are reading off! 
You just want to say, Yep, them little numbers on that card are sorta important details, ya know?
[quote name=‘Struck’]Yep, them little numbers on that card are sorta important details, ya know? :D[/QUOTE]
My only excuse is that it was late, I was trying to do our end of month accounts at the same time and panicking about what was going on with my site! :oops:
Finished the accounts, calmed down and noticed the error (thank goodness).
So … someone is browsing my site. They have an ip of (for example) 11.11.11.11 and a proxy of 22.22.22.222.
I put the ip 11.11.11.11 to be blocked in my Access Restrictions
I also put 22.22.22.222 to be blocked in my Access Restrictions.
The person is still able to access my site.
Why?
[quote name=‘Lyn’]So … someone is browsing my site. They have an ip of (for example) 11.11.11.11 and a proxy of 22.22.22.222.
I put the ip 11.11.11.11 to be blocked in my Access Restrictions
I also put 22.22.22.222 to be blocked in my Access Restrictions.
The person is still able to access my site.
Why?[/QUOTE]
Well if you are certain this person is only using 2 IP addresses, you could just block them directly in your firewall if you have server access or drop a “Deny from x.x.x.x” into your .htaccess file and that would take care of that pretty well.
(Notice I said “.htaccess” or “Firewall” — web software based matching is typically not as reliable)
The thing I have to wonder is if all their connections are really coming from only 2 IP addresses. If they are smart enough to use a proxy and aren’t going up against me or a server equipped with any of my special technologies, they probably know they could just simply pick any other proxy and keep on reconnecting to your server and there is literally thousands of them out there!
The code snip I gave you above should help drastically reduce such connections though you’ll need to add in an active proxy scanner against visitor connections if you want to be completely thorough which you can probably locate the code with a few google searches. Basically in a nutshell, you setup your pages to attempt to relay through the visitor’s IP upon initial first connection and then compare the results against what is expected and if you are able to successfully pull information using known normal proxy connection techniques, you’re dealing with an open proxy and know to block the connection.
Another tip, if this person is connecting from multiple but “close” IP ranges, they might be using a dynamic source inside the same CIDR range. You can find out who owns a particular IP address and what IP range they are authorized by using the WHOIS search at http://www.arin.net which will tell you the full IP range or direct you to one of the other regional authorities for more information such as RIPE for Europe or APNIC for Asia for example.
In a similar fashion, if the user is connecting from multiple CIDR ranges but from the same ISP, data center, or host and has the same source domain name, you could put a “Deny from (domain.com)” in your .htaccess though you should be warned that this will slow down your site performance because the moment you do any checks by domain name instead of numeric IP, every connection to your site from anywhere will have to be resolved back to it’s hostname and checked and that can impact site performance depending on how much traffic you get to your site.
Hopefully the above tips will help you out …
Now myself, I use active scanning of visitors connections upon connection to determine if the IP is itself a proxy server, proprietary technology that allows me see the true IP address backwards through proxy servers (even including those considered HIGH ANONYMOUS without any HTTP header attachments), and advanced AI profiling and tracking of visitor movements to determine common patterns and thus identity across multiple connections. However these technologies are not readily available to everyone so in your case, you might just go with some of the tips listed further above and that should be all you really should need anyway unless this particular person is doing some major damage to you enough to warrant such measures.
If you need more help tracking down and locking out this person, let me know …
[quote name=‘indy0077’]Try this one: [url]http://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htaccess/[/url][/QUOTE]
Hi- is there a way to block an IP/proxy from logging onto my webstie. I am not tech savy and when I read the responses about adding code to php… I am super confused. Where is it suppose to go? Wish there was a way to just block there IP more easily. They are from a non USA country, and keep loggin in for hours on my site. Please help.
Is there someone I can pay to protect my wesbite? We haven’t even Launched the opening of the website yet!
thanks a bunch!
AlmondJoy~ 
[quote name=‘Spiral’]
$blacklists = array('recent.spam.dnsbl.sorbs.net', 'web.dnsbl.sorbs.net', 'sbl-xbl.spamhaus.org', 'bl.spamcop.net');
$parts = explode('.', $_SERVER['REMOTE_ADDR']);
$ip = implode('.', array_reverse($parts)) . '.';
foreach($blacklists as $bl) {
$check = $ip . $bl;
if ($check != gethostbyname($check)) {
error_log('PHP Security: [DNSBL] - ' . $_SERVER['REMOTE_ADDR'] . ' - ' . $bl);
die("Your IP [{$_SERVER['REMOTE_ADDR']}] has been blacklisted by $bl");
}
}
if($_SERVER['HTTP_X_FORWARDED_FOR'] || $_SERVER['HTTP_X_FORWARDED'] || $_SERVER['HTTP_FORWARDED_FOR'] ||
$_SERVER['HTTP_CLIENT_IP'] || $_SERVER['HTTP_VIA']) {
die("Proxy servers are not permitted");
}
Anyone using this code above should remove it from their files asap or at least update the blacklists array to contain working RBL addresses.
If speed is important to you then this type of coding should never be added to your files because, it tells the server to investigate every connection to ensure that it is not listed on any of the lists and block the connection if a match is found. This greatly impacts the speed at which your site can load because this investigation is done before serving the page content and it’s even worse if the addresses are not valid.
I have recently found this coding on 2 client sites and both clients were having speed issues because of it.