Block proxys.

Fix it!!

Block proxys.

Postby Madsass » Fri Mar 11, 2005 9:37 am

I don't know if this is the right place to post this kind of subject.
But. I have a lot of lamers that are visiting my homepage. Then, if i'm blocking their ip address. They're using proxys.
Well, my question is if there was a php script or a .htaccess code that blocks proxys?

Thanks in advance.
Madsass
 

Postby Caterham » Fri Mar 11, 2005 10:03 am

To block someone, you'll need to identify them. You cannot use useragent identification such as Mozilla/5.0 (compatible...), you have to use the remote address (IP). So it's the same procedure... Block the remote address of that proxy... There are no other ways if the Proxy doesn't say I'm the proxy xy in a Header...
Caterham
 
Posts: 690
Joined: Fri Dec 10, 2004 1:30 pm

Postby Madsass » Fri Mar 11, 2005 10:50 am

Caterham wrote:To block someone, you'll need to identify them. You cannot use useragent identification such as Mozilla/5.0 (compatible...), you have to use the remote address (IP). So it's the same procedure... Block the remote address of that proxy... There are no other ways if the Proxy doesn't say I'm the proxy xy in a Header...

Arh. Damn. But there are over 10000 proxys in the entire world.
Madsass
 

Postby Caterham » Fri Mar 11, 2005 3:12 pm

But there are over 10000 proxys in the entire world.
Of cours, but the proxy does not say "hello, I'm a proxy" so you cannot see if your website is being viewed through a proxy, www-cache Server or a direct request....
Caterham
 
Posts: 690
Joined: Fri Dec 10, 2004 1:30 pm

Postby Cobi » Mon Mar 28, 2005 7:54 pm

I know this is ugly, and doesnt really use mod_rewrite, but this should do the trick... (just save this as prx_chk.php):
Code: Select all
<?php
   $addr = $_SERVER['REMOTE_ADDR'];
   $raddr = explode('.', $addr);
   $raddr = $raddr[3].'.'.$raddr[2].'.'.$raddr[1].'.'.$raddr[0];
   $ip['opm'] = gethostbyname($raddr.'.opm.blitzed.org');
   $ip['njabl'] = gethostbyname($raddr.'.dnsbl.njabl.org');
   $ip['akill'] = gethostbyname($raddr.'.dnsbl.winbots.org');
   $ip['virbl'] = gethostbyname($raddr.'.virbl.dnsbl.bit.nl');
   $ip['ircahbl'] = gethostbyname($raddr.'.ircbl.ahbl.org');
   $ip['sectoor'] = gethostbyname($raddr.'.tor.dnsbl.sectoor.de');
   $ip['torahbl'] = gethostbyname($raddr.'.tor.ahbl.org');
   $ip['no-more-funn'] = gethostbyname($raddr.'.no-more-funn.moensted.dk');
   $ip['sorbs'] = gethostbyname($raddr.'.dnsbl.sorbs.net');
   if ($ip['opm'] == $raddr.'.opm.blitzed.org') { $ip['opm'] = "...n"; }
   if ($ip['njabl'] == $raddr.'.dnsbl.njabl.org') { $ip['njabl'] = "...n"; }
   if ($ip['akill'] == $raddr.'.dnsbl.winbots.org') { $ip['akill'] = "...n"; }
   if ($ip['virbl'] == $raddr.'.virbl.dnsbl.bit.nl') { $ip['virbl'] = "...n"; }
   if ($ip['ircahbl'] == $raddr.'.ircbl.ahbl.org') { $ip['ircahbl'] = "...n"; }
   if ($ip['sectoor'] == $raddr.'.tor.dnsbl.sectoor.de') { $ip['sectoor'] = "...n"; }
   if ($ip['torahbl'] == $raddr.'.tor.ahbl.org') { $ip['torahbl'] = "...n"; }
   if ($ip['no-more-funn'] == $raddr.'.no-more-funn.moensted.dk') { $ip['no-more-funn'] = "...n"; }
   if ($ip['sorbs'] == $raddr.'.dnsbl.sorbs.net') { $ip['sorbs'] = "...n"; }
   $ip['opm'] = explode('.', $ip['opm']);
   $ip['njabl'] = explode('.', $ip['njabl']);
   $ip['akill'] = explode('.', $ip['akill']);
   $ip['virbl'] = explode('.', $ip['virbl']);
   $ip['ircahbl'] = explode('.', $ip['ircahbl']);
   $ip['sectoor'] = explode('.', $ip['sectoor']);
   $ip['torahbl'] = explode('.', $ip['torahbl']);
   $ip['no-more-funn'] = explode('.', $ip['no-more-funn']);
   $ip['sorbs'] = explode('.', $ip['sorbs']);
   $ip['opm'] = $ip['opm'][3];
   $ip['njabl'] = $ip['njabl'][3];
   $ip['akill'] = $ip['akill'][3];
   $ip['virbl'] = $ip['virbl'][3];
   if ($ip['ircahbl'] == 'n') { $ip['ircahbl'] = "You Aren't Listed."; }
   if ($ip['sectoor'] == 'n') { $ip['sectoor'] = "You Aren't Listed."; }
   if ($ip['torahbl'] == 'n') { $ip['torahbl'] = "You Aren't Listed."; }
   if ($ip['no-more-funn'] == 'n') { $ip['no-more-funn'] = "You Aren't Listed."; }
   if ($ip['sorbs'] == 'n') { $ip['sorbs'] = "You Aren't Listed."; }
   if (($ip['njabl'] != '9') and ($ip['njabl'] != "You Aren't Listed.")) { $ip['njabl'] = "Invalid Reply (You Aren't Listed)"; }
   if (($ip['akill'] != '1') and ($ip['akill'] != "You Aren't Listed.")) { $ip['akill'] = "Invalid Reply (You Aren't Listed)"; }
   if (($ip['sectoor'] != '1') and ($ip['sectoor'] != "You Aren't Listed.")) { $ip['sectoor'] = "Invalid Reply (You Aren't Listed)"; }
   if (($ip['torahbl'] != '2') and ($ip['torahbl'] != "You Aren't Listed.")) { $ip['torahbl'] = "Invalid Reply (You Aren't Listed)"; }
   if (($ip['no-more-funn'] != '10') and ($ip['no-more-funn'] != "You Aren't Listed.")) { $ip['no-more-funn'] = "Invalid Reply (You Aren't Listed)"; }
   if (($ip['sorbs'] != '2') and ($ip['sorbs'] != '3') and ($ip['sorbs'] != '4') and ($ip['sorbs'] != "You Aren't Listed.")) { $ip['sorbs'] = "Invalid Reply (You Aren't Listed)"; }
   if (is_numeric($ip['opm'])) { $listed = 1; }
   if (is_numeric($ip['njabl'])) { $listed = 1; }
   if (is_numeric($ip['akill'])) { $listed = 1; }
   if (is_numeric($ip['virbl'])) { $listed = 1; }
   if (is_numeric($ip['ircahbl'])) { $listed = 1; }
   if (is_numeric($ip['sectoor'])) { $listed = 1; }
   if (is_numeric($ip['torahbl'])) { $listed = 1; }
   if (is_numeric($ip['no-more-funn'])) { $listed = 1; }
   if (is_numeric($ip['sorbs'])) { $listed = 1; }

   if ($listed == 1) { die("Your ip, ".$addr.", is listed in one or more of the proxy/abusive lists we check."); }
?>

then in your existing php pages, at the top right after "<?php", put:
Code: Select all
include("/path/to/your/prx_chk.php");


NOTE: this will slow down your pages loading time... and will use more bandwidth
Cobi
 

Postby Cobi » Mon Mar 28, 2005 8:12 pm

Another solution if you dont currently implement a php site, but you do have php available to you...
Add the following under "if ($listed == 1) { die("Your ip, ".$addr.", is listed in one or more of the proxy/abusive lists we check."); }":
Code: Select all
   $base = "/full/path/to/your/web/root"; //no trailing slash
   $what = $_GET['w'];
   if (isset($what)) {
      $what = str_replace("../", "", str_replace("..\\", "", $what));
      if ((substr($what, -5) == ".html") or (substr($what, -4) == ".htm")) { readfile($base.$what); }
   }

and this goes in your .htaccess file:
Code: Select all
Rewriteengine on
RewriteRule ^/(.+\.htm(l)?)$ prx_chk.php?w=$1 [L]


NOTE: Untested
Cobi
 

Postby HM » Wed May 11, 2005 1:33 pm

What about checking for HTTP_VIA and X_FORWARDED_FOR. That'll kill off all the non-anonymous ones (including alot of transparent ISP proxies) if you are trying to kill ALL proxies.

:-/
HM
 


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 11 guests

cron