Welcome,
I'm writing application what will allow me to try detect what type of HTTP proxy user have installed.
Script calling remote server adding parameter http://xxxx.php?my_ip=real_IP
Here is my application:
<?php
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
$real_ip=$_GET['my_ip'];
$ip1=$_SERVER['HTTP_X_FORWARDED_FOR'];
$ip2=$_SERVER['HTTP_X_FORWARDED'];
$ip3=$_SERVER['HTTP_FORWARDED_FOR'];
$ip4=$_SERVER['HTTP_CLIENT_IP'];
$ip5=$_SERVER['HTTP_VIA'];
$ip6=$_SERVER['REMOTE_ADDR'];
$ip_array[1]=$ip1;
$ip_array[2]=$ip2;
$ip_array[3]=$ip3;
$ip_array[4]=$ip4;
$ip_array[5]=$ip5;
if($ip6==$real_ip)
{
echo "You are not using proxy.";
}
else
{
if(in_array($real_ip, $ip_array))
{
echo "You are using transparent proxy with one releave your ip.";
}
else
{
if( $_SERVER['HTTP_X_FORWARDED_FOR']
|| $_SERVER['HTTP_X_FORWARDED']
|| $_SERVER['HTTP_FORWARDED_FOR']
|| $_SERVER['HTTP_CLIENT_IP']
|| $_SERVER['HTTP_VIA'])
{
echo "You are using anonymous proxy with one protect Your IP but inform www servers about using proxy";
}
else
{
echo "You are using elite proxy, with one hide your IP and don't inform www servers about using proxy";
}
}
}
$table=<<<table
<p>Ip HTTP_X_FORWARDED_FOR FOR : $ip1</p>
<p>Ip HTTP_X_FORWARDED : $ip2</p>
<p>Ip HTTP_FORWARDED_FOR FOR : $ip3</p>
<p>Ip HTTP_CLIENT_IP FOR : $ip4</p>
<p>Ip HTTP_VIA FOR : $ip5</p>
<p>Ip remote addr : $ip6</p>
table;
echo $table;
?>
I run some tests and application looks working very well.
If you have any tips please tell me.
I mean i would like know am i dont miss something important.
Regards
Another way in which some major players (Paypal, eBay, sites that have high security etc) find proxies is by looking up your IP's hostname with gethostbyaddr() which can reveal a source that is likely to be a proxy E.g. server.squid.com (Very obvious example to show you what I mean!)
Related
The IP address of the computer that I am using is the one specified in $ip. The problem is that when $userip != $ip, the message is displayed, which it should not. The first version of the if statement is ideally how I want the page to work. Any ideas/suggestions? Thanks in advance.
Note: The purpose of the if statement is to ensure that the users access the site from a particular computer. For example, employees can only access the site from their work station computer (not from PCs). If they are not at their work station computer, then the message is displayed.
Note: I got the $ip from running an "ipconfig /a"ll command.
Note: I am currently testing this with one IP address and I will eventually test with multiple ones.
$userip = ($_SERVER['REMOTE_ADDR']);
$ip = '172.34.56.202';
if ($userip != $ip) {
echo "<h3>" . "ACCESS DENIED. Your IP address is not in the list of allowed IPs" . "</h3>";
} else{
$URL="http://www.yahoo.com";
header ("Location: $URL");
}
?>
I also tried to change around the operations of the if statement in this version, but it still doesn't work..the error message is still displayed instead of directing the user to a different page:
<?php
error_reporting(E_ALL);
$userip = ($_SERVER['REMOTE_ADDR']);
$ip = '172.34.56.202';
if ($userip == $ip) {
$URL="http://wt-ws.delta.lasalle.edu/tempProject/timeSheetProject/TimeSheet.php";
header ("Location: $URL");
} else{
echo "<h3>" . "ACCESS DENIED. Your IP address is not in the list of allowed IPs" . "</h3>";
}
?>
I just tested the above code and it works just fine on my end for the page I created.
The only thing I would suggest is doing
echo($userip);
To see what the value is for $userip. As if you are doing this on a test box installed on your machine your IP very well could be 127.0.0.1 , as you are viewing the file local.
To your updated question
When you use ipconfig /a this gives you the IP address assigned to your machine. Most networks use a subnet mask and a private IP Address. For example if you use ipconfig /a and get an IP address in the following ranges it is a private non routable IP address.
10.0.0.0 - 10.255.255.255 - Class A
172.16.0.0 - 172.31.255.255 - Class B
192.168.0.0 - 192.168.255.255 - Class C
To find your public IP Address you can do this a couple of ways:
You can google what is my ip?
www.ipchicken.com
www.whatismyip.com
Maybe try using the identical comparison operators such as !== or === ?
Before PHP 5.4 when running retrieving the users IPAddress using $_SERVER['REMOTE_ADDR'] the result would be the users external IPV6 IPAddress.
EG: 60.123.456.168
However since updating my server to PHP 5.4 the returned users IPAddress seems to be their internal IP:
EG: 192.168.1.34
This becomes an issue if you want a specific office or 'router' to see a particular group of content or in our case debug code.
I tried using the other IP option $_SERVER['HTTP_X_FORWARDED_FOR'] but this isn't available on all servers.
Is their another way to grab the users external ipaddress in PHP >= 5.4 or has this functionality been removed?
this even checks for proxy servers and still reveal correct user ip
<?php
function get_real_ip()
{
if (isset($_SERVER["HTTP_CLIENT_IP"]))
{
return $_SERVER["HTTP_CLIENT_IP"];
}
elseif (isset($_SERVER["HTTP_X_FORWARDED_FOR"]))
{
return $_SERVER["HTTP_X_FORWARDED_FOR"];
}
elseif (isset($_SERVER["HTTP_X_FORWARDED"]))
{
return $_SERVER["HTTP_X_FORWARDED"];
}
elseif (isset($_SERVER["HTTP_FORWARDED_FOR"]))
{
return $_SERVER["HTTP_FORWARDED_FOR"];
}
elseif (isset($_SERVER["HTTP_FORWARDED"]))
{
return $_SERVER["HTTP_FORWARDED"];
}
else
{
return $_SERVER["REMOTE_ADDR"];
}
}
$IP_Address = get_real_ip();
echo $IP_Address
?>
It is not PHP's fault. PHP doesn't detect anything but just reading environment variable.
You have some proxy probably, that is not properly configured.
Ok,
Figured out this issue appears to be due to our Newb server setup.
As the server was in fact running from a localhost and networked through Windows (I wasn't aware it was till now).
This explains why the Local IPAddress was coming up.
False alarm :)
Thanks everyone for your help though!
I have been hit with a huge amount of traffic recently from proxy visitors and countries that are not within the target demographics from the site (flat out visitors from these countries cannot use the service).
Rather than simply blocking the visitors, I want to not render the Google Analytics and other analytics code for these visitors. This seems to be a happy medium vs just whacking everything coming in, but I'm not sure of the best way to detect proxy visitors. What is the preferred method for detecting proxy visitors and visitors that fit within certain geographical IP boundaries?
Just run this function to detect if proxy is used, and if so, you can use whatever analytics code you want or block the user.
function proxy_detected()
{
if (
$_SERVER['HTTP_X_FORWARDED_FOR']
|| $_SERVER['HTTP_X_FORWARDED']
|| $_SERVER['HTTP_FORWARDED_FOR']
|| $_SERVER['HTTP_CLIENT_IP']
|| $_SERVER['HTTP_VIA']
|| in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))
|| #fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 30))
{
return true;
} else {
return false;
}
}
echo ( proxy_detected() ) ? "Proxy detected" : "No proxy detected";
I am building my first website. It is an Online Real Estate Agency. Users can create themselves a profile and then insert an ad and upload pictures.
I was told that I should detect multiple logging attempts to protect against Brute Force attacks. Well, with the following code I detect the IP's :
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{ $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];} else
{ $ip=$_SERVER['REMOTE_ADDR'];}
The system counts missed logging attempts within a certain delay and holds a ban list in a DB.
It works great ... at least when a I test it myself !
Then as I was told 'Beware of piracy through false IP's ', I get the impression my protection system mentionned above is made uneffective.
There are :
1) sofwares available to pirats that encompass a Proxy which can hide their real IP
2) proxies on the web that can also hide real IP's.
What 's the difference between 1) and 2) ?
I would like to know how proxies can be used and what they are able to do in term of illicit practices
Can sombody change at will it's Ip ?
Can somebody in China or in Russia 'simulate' a Western Europe or US ip ?
Can I do more than what I've done to detect any suspicious activity ?
Thanks a lot.
Anyone can change ip, proxy, vpn....
I use this function to detect REAL IP address if it's valid:
function getrealip() {
if (getenv('HTTP_CLIENT_IP') && long2ip(ip2long(getenv('HTTP_CLIENT_IP')))==getenv('HTTP_CLIENT_IP') && validip(getenv('HTTP_CLIENT_IP')))
return getenv('HTTP_CLIENT_IP');
if (getenv('HTTP_X_FORWARDED_FOR') && long2ip(ip2long(getenv('HTTP_X_FORWARDED_FOR')))==getenv('HTTP_X_FORWARDED_FOR') && validip(getenv('HTTP_X_FORWARDED_FOR')))
return getenv('HTTP_X_FORWARDED_FOR');
if (getenv('HTTP_X_FORWARDED') && long2ip(ip2long(getenv('HTTP_X_FORWARDED')))==getenv('HTTP_X_FORWARDED') && validip(getenv('HTTP_X_FORWARDED')))
return getenv('HTTP_X_FORWARDED');
if (getenv('HTTP_FORWARDED_FOR') && long2ip(ip2long(getenv('HTTP_FORWARDED_FOR')))==getenv('HTTP_FORWARDED_FOR') && validip(getenv('HTTP_FORWARDED_FOR')))
return getenv('HTTP_FORWARDED_FOR');
if (getenv('HTTP_FORWARDED') && long2ip(ip2long(getenv('HTTP_FORWARDED')))==getenv('HTTP_FORWARDED') && validip(getenv('HTTP_FORWARDED')))
return getenv('HTTP_FORWARDED');
$ip = htmlspecialchars($_SERVER['REMOTE_ADDR']);
/* Added support for IPv6 connections. otherwise ip returns null */
if (strpos($ip, '::') === 0) {
$ip = substr($ip, strrpos($ip, ':')+1);
}
return long2ip(ip2long($ip));
}
More info for X-Forwarded
Proxy is a server that can mask your ip. It will send your request as if it was its and then send you back response that got.
Can sombody change at will it's Ip ?
No, they can't just change their ip to whatever they like to. But they can mask it.
Can somebody in China or in Russia 'simulate' a Western Europe or US ip ?
Yes
Can I do more than what I've done to detect any suspicious activity ?
If you detect that some user name is logging in with wrong password too many times using brute force techniques, you could slow down him by using sleep function. This technique you wouldn't cut off users that are using the proxy without bad intends and you will slow the brute force hacking.
if($wrongAttempts > 5) sleep(3000);
if($password == $_GET[pass])
{
// ...
}
You could also start including captcha images to raise security or block the account for some time.
As Dagon says, IP address is a pretty weak way of identifying users, and hackers will almost certainly not use their own IP address, but rather a stolen machine, or a botnet; on the other hand, many corporate users may appear to all come from the same IP address, and you could easily end up blocking every user from that building/company if someone forgets their password.
The first defense against a brute force attack is to have a strong password policy; commonly, this is assumed to be at least 7 characters, with at least one number and one punctuation mark. This often annoys users, and makes them hate your site.
The next defense - if you think you're really at risk - is CAPTCHA; this makes users hate you even more.
The bottom line is: if you are building your first website, I'd look at an off-the-shelf framework, rather than inventing everything yourself. Consider PEAR:auth.
hi I just want your opinions about this code I found on a website for detect real search spiders from spammer is it good?? and do you have any recommendations for other scripts or methods for this subject
<?php
$ua = $_SERVER['HTTP_USER_AGENT'];
$spiders=array('msnbot','googlebot','yahoo');
$pattern=array("/\.google\.com$/","/search\.live\.com$/","/\.yahoo\.com$/");
for($i=0;$i < count($spiders) and $i < count($pattern);$i++)
{
if(stristr($ua, $spiders[$i])){
//it's pretending to be MSN's bot or Google's bot
$ip = $_SERVER['REMOTE_ADDR'];
$hostname = gethostbyaddr($ip);
if(!preg_match($pattern[$i], $hostname))
{
//the hostname does not belong to either live.com or googlebot.com.
//Remember the UA already said it is either MSNBot or Googlebot.
//So it's a spammer.
echo "spammer";
exit;
}
else{
//Now we have a hit that half-passes the check. One last go:
$real_ip = gethostbyname($hostname);
if($ip != $real_ip){
//spammer!
echo "Please leave Now spammr";
break;
}
else{
//real bot
}
}
}
else
{
echo "hello user";
}
}
note: it used user agent switcher with this code and it worked perfectly but am not sure if it will work in real world, so what do you think??
What would keep a spammer from simply giving an entirely correct user agent string?
I think this is fairly pointless. You would have to at least compare IP ranges (or their name servers) as well in order to get reliable results. This is possible for Google:
Google Webmaster Central: How to verify Googlebot
but even if you test for Google and Bing this way, a spambot can enter your site simply by giving a browser user-agent. Therefore, it is ultimately impossible to detect a spam-bot. They are a reality, and there is no good way to keep them out from a web site.
you can also have htaccess so that things like this will be prevented just like on this tutorial
http://perishablepress.com/press/2007/06/28/ultimate-htaccess-blacklist/