Proxy/VPN Detection API/Database?

Post your questions about proxy servers here.
Locked
DeadlyData
New Member
Posts: 3
Joined: Sun May 01, 2011 3:04 am

Proxy/VPN Detection API/Database?

Post by DeadlyData »

I'm a fluent programmer in various languages but for this project I've decided to work with PHP and I noticed that the "WhatIsMyIpAddress.com" proxy checking utility/service works very well.

So upon seeing such I was tempted to see if there was any API to use it with and unfortunately I guess you guys provide this nor source code to such.

While my current issue/complication is the fact my online services are currently being hit with multiple counts of fraud and account theft via tricking consumers into downloading things or etc.

I've done everything I can to cut it down a bit ( Block IP Addresses being used, report users to ISP(s), Warn consumers of the activities and told them how to protect them selves, Block Emails, Block User Accounts, Check StopForumSpam.com and etc databases ).

But one of the really big issues here is the users will always come back ( Using a different proxy then they did previously ).

So I started to build a system to check the whatismyipaddress.com utility to see if a IP address is detected as a proxy within your system and then log it to to a database so it commits a single query and doesn't overload your server.

Upon doing so I was presented with a 503 status code eventually, I know I should have gotten authorization from your staff/developers before doing something of the sort but I didn't expect it to be on such high load.

Anyway now that I've discussed my actual problem I was wondering if there's any services, or code/api available to query the DB of your proxy checking system or if there are any other reliant proxy checking services I could look into and get data from.

Any help would be greatly appreciated and...

Here's the code I originally had an implementation of,
Note: I've disabled this script until I get permission to use such or some other resource to use.

Code: Select all

<?php

function get_url( $url,  $javascript_loop = 0, $timeout = 5 )
{
    $url = str_replace( "&", "&", urldecode(trim($url)) );

    $cookie = tempnam ("/tmp", "CURLCOOKIE");
    $ch = curl_init();
    curl_setopt( $ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1" );
    curl_setopt( $ch, CURLOPT_URL, $url );
    curl_setopt( $ch, CURLOPT_COOKIEJAR, $cookie );
    curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
    curl_setopt( $ch, CURLOPT_ENCODING, "" );
    curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
    curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
    curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false );    # required for https urls
    curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, $timeout );
    curl_setopt( $ch, CURLOPT_TIMEOUT, $timeout );
    curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
    $content = curl_exec( $ch );
    $response = curl_getinfo( $ch );
    curl_close ( $ch );

    if ($response['http_code'] == 301 || $response['http_code'] == 302)
    {
        ini_set("user_agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1");

        if ( $headers = get_headers($response['url']) )
        {
            foreach( $headers as $value )
            {
                if ( substr( strtolower($value), 0, 9 ) == "location:" )
                    return get_url( trim( substr( $value, 9, strlen($value) ) ) );
            }
        }
    }

    if (    ( preg_match("/>[[:space:]]+window\.location\.replace\('(.*)'\)/i", $content, $value) || preg_match("/>[[:space:]]+window\.location\=\"(.*)\"/i", $content, $value) ) &&
            $javascript_loop < 5
    )
    {
        return get_url( $value[1], $javascript_loop+1 );
    }
    else
    {
        return array( $content, $response );
    }
}


$dbg_log = fopen("noproxy.txt","a");

$conn = mysql_connect("localhost","noproxy","") or die( fwrite($dbg_log,"[DB Error]: ".mysql_error()."\r\n") );
mysql_select_db("noproxy",$conn) or die( fwrite($dbg_log,"[DB Error]: ".mysql_error()."\r\n")  );

$ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);

$query = "select proxy from ipcheck WHERE ipaddress='".$ip."';";
$q = mysql_query($query) or die( fwrite($dbg_log,"[DB Error]: ".mysql_error()."\r\n") );

$rows = mysql_num_rows($q);

if( $rows == 0 )
{

	$response_arr = get_url("http://whatismyipaddress.com/ip/".$ip);

	if( $reponse_arr[1]['http_code'] !== 500 )
	{	
		$ip_info = $response_arr[0];
        $ip_arr = explode("<th>Proxy:",$ip_info);
        $proxy_fin = explode("</td></tr>",$ip_arr[1]);
        $fin = str_replace(array("<td>","<td>","</th>","<span class=\"red\">","</span>","(<a href=\"/proxy-server\">Read about proxy servers</a>)"),"",$proxy_fin[0]);

        if($fin == "None detected")
        {
				$q_i = mysql_query("INSERT INTO ipcheck VALUES('','".$ip."','0');") OR die(mysql_error()."\r\n");
        }else{
				$q_i = mysql_query("INSERT INTO ipcheck VALUES('','".$ip."','1');") OR die(mysql_error()."\r\n");
				die("Proxies are not allowed to be used on our website, please log-off or disconnect from the proxy and try again.<br><br>
				Thanks,<br>DeadlyData (Timothy Lawerence)<br>XorNetworks - Security and Development Division<br><br><br><br>If you feel that you've gotten this message in error you may contact me via email at tim (at) thedefaced (dot) org");
		}
		
	}
	else
	{
			fwrite($dbg_log,"[HTTP ERROR]: STATUS 500 IP: ".$ip.".\r\n");
	}

}else{
	
	if( mysql_result($q,0) == 1 )
	{
		die("Proxies are not allowed to be used on our website, please log-off or disconnect from the proxy and try again.<br><br>
		Thanks,<br>DeadlyData (Timothy Lawerence)<br>XorNetworks - Security and Development Division<br><br><br><br>If you feel that you've gotten this message in error you may contact me via email at tim (at) thedefaced (dot) org");
	}
	
}

fclose($dbg_log);
mysql_close();	
?>
User avatar
Chrispcritters
Forum Administrator
Posts: 2579
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: Proxy/VPN Detection API/Database?

Post by Chrispcritters »

At this time we do not have an API available for our proxy detection functionality.

What kind of website are you running? Forum, ecommerce? There may be other services which will address your issue.
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.
DeadlyData
New Member
Posts: 3
Joined: Sun May 01, 2011 3:04 am

Re: Proxy/VPN Detection API/Database?

Post by DeadlyData »

It's both a community as well as a eCommerce system (sorta).

The community is a vBulletin forum where I've already installed "Spam-O-Matic" which checks akismet and stopforumspam I believe are the two databases, but these two websites/databases aren't necessarily "Proxy Detection" systems.

Other various plugins I've tried to preform the proxy detection have failed as well, and I've tried coding my own via detecting the X_Forwarder header, checking open ports on the connection and etc.

And all of such are just unreliable, and don't work all that well.

The eCommerce side of things requires a vBulletin log-in and is based on our own "currency" or "credit" which is purchased via PayPal, or other online payment services.

So basically blocking registration or log-in from proxy based IP addresses on vBulletin would cut down on it a lot due to the fact they'd have to have the vBulletin account to get into the shop.
User avatar
Chrispcritters
Forum Administrator
Posts: 2579
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: Proxy/VPN Detection API/Database?

Post by Chrispcritters »

The problem is that all proxies are not bad. AOL passes a ton of it's traffic through proxies to reduce their bandwidth costs. Anyone that would solely rely on an IP being a proxy would probably throw out more good than bad.

You may also want to look into an akismet implementation.
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.
iastaff
Active Member
Posts: 439
Joined: Sat Apr 03, 2010 8:12 pm
Contact:

Re: Proxy/VPN Detection API/Database?

Post by iastaff »

You also have to keep in mind that even the best proxy detection databases/scripts won't catch everything. VPN servers are even harder to detect as they don't use an X_Forwarded_For header at all.
DeadlyData
New Member
Posts: 3
Joined: Sun May 01, 2011 3:04 am

Re: Proxy/VPN Detection API/Database?

Post by DeadlyData »

Thanks for the info guys, I've decided to just use an implementation of maxmind and pay the monthly fee for it.
Locked