# discovered a little gem



## Nanakisan (Mar 20, 2009)

A friend of mine on a huge webhosting service forum posted this script

Its designed to deny access of the site to anyone found to be using a known proxy

could this be useful in combating trolls with proxies.


```
<?php
        $Ports = array('1080', '8080', '8000', '3128', '8888', '23', '80', '8081');     // To hold the list of ports.
        $AllowedHosts = array('localhost', 'allowedhost.com');                 // To hold the list of allowed hosts.
        $DisallowedHosts = array('127.0.0.1.poo.com', 'something.msn.com');         // To hold the list of disallowed hosts.
        $Redirect = "http://sfastnews.com/";            // Redirect page
        $SocketTimeout = 1;                                // Higher the number, the longer it takes.
        if ((!in_array ($REMOTE_ADDR, $AllowedHosts)) && (!in_array ($REMOTE_ADDR, $DisallowedHosts)))
        {
            $x = 1;
            while ($Ports[$x])
               {
                $fSockPointer = fsockopen($REMOTE_ADDR, $Ports[$x], $errno, $errstr, $SocketTimeout);
                if ($fSockPointer)
                {
                    header ("Location: $Redirect");
                    fclose($fSockPointer);
                }
                $x++;
            }
        } else {
            if (in_array ($REMOTE_ADDR, $AllowedHosts))
            {
                die();
            } else {
                header ("Location: $Redirect");
                die();
            }
        }
?>
```


----------



## Rilvor (Mar 20, 2009)

lol, combating trolls using proxies.


----------



## Takun (Mar 20, 2009)

Good luck, I'm behind 7 proxies.


----------



## Nanakisan (Mar 20, 2009)

Takumi_L said:


> Good luck, I'm behind 7 proxies.



you know just as a test i'm gonna implant this on my own site and see if it work. i'll lay the link down if anyones interested in seeing if it works.


----------



## SnowFox (Mar 20, 2009)

meh.

I recently realised that most of the random spam shit that turns up in my access log are from behind proxy servers. I wanted to test one out so I searched for a list and used the first one on the list and tried to view my homepage and found that I'd already banned myself from my own site. LOL



> 61.139.105.163	[20/Mar/2009:01:17:29]	-	GET	/fastenv		HTTP/1.1	403	520	-	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
> 61.139.105.163	[20/Mar/2009:11:22:30]	-	GET	/fastenv		HTTP/1.1	403	520	-	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
> 168.8.91.6	[20/Mar/2009:13:50:30]	-	GET	HTTP/1.1		HTTP/1.1	400	226	-	Toata dragostea mea pentru diavola
> 168.8.91.6	[20/Mar/2009:13:50:34]	-	GET	HTTP/1.1		HTTP/1.1	400	226	-	Toata dragostea mea pentru diavola
> ...



What's the point of all this shit?


----------



## Irreverent (Mar 20, 2009)

I'm no coder but......I'm guessing that management of the $DisallowedHosts array would be problematic after a time.  You'd need to pre-load it with the 50K+ known internet proxy's (maybe a live feed from 8e6?) for it to be useful.


----------



## Takun (Mar 20, 2009)

Okay, I have a list of daily proxies as well as an application to use.  I'll try it.


----------



## Nanakisan (Mar 20, 2009)

Irreverent said:


> I'm no coder but......I'm guessing that management of the $DisallowedHosts array would be problematic after a time.  You'd need to pre-load it with the 50K+ known internet proxy's (maybe a live feed from 8e6?) for it to be useful.



according to the scripter who made this code claims it doesn't look at IP addresses but rather detects if the person trying to connect is using a known port for proxies. 8080 8000 those and the like. seeing as most idiots that can use a proxy only know how to actually use the proxy but not foward ports or change port accesses would be quite stumped on this. but then again how many furs do we know that use this site and might use a proxy then the script itself would regulate even normal furs.


----------



## SnowFox (Mar 20, 2009)

*** EDIT: disregard this, I suck cocks ***

It seems like it checks to see if your IP is in either of the allowed or disallowed lists, if it's not it then checks the ports. But I don't see the point of the disallowed list, as far as I can see it doesn't ban you if you're on it.


----------



## Kesteh (Mar 20, 2009)

Some sites provide a proxy blacklist. Hard to keep up but some autoupdate when new proxies appear.
Only gripe I've hear was that it was too hard to maintain. But that was a couple years back.


----------



## Irreverent (Mar 20, 2009)

Nanakisan said:


> according to the scripter who made this code claims it doesn't look at IP addresses but rather detects if the person trying to connect is using a known port for proxies. 8080 8000 those and the like. seeing as most idiots that can use a proxy only know how to actually use the proxy but not foward ports or change port accesses would be quite stumped on this. but then again how many furs do we know that use this site and might use a proxy then the script itself would regulate even normal furs.



Same problem though, there is no established rules for proxy ports, just convention.  You'd have an ever increasing list of "evil" ports to worry about, ultimately making it worthless.  

And here's another interesting twist: port 8083 and 8080 is the default port for a proxy appliance(s) that is used by most of the Fortune 500 companies, government and universities.  This code fragment's blanket approach would bar all of them too.  I'm using one right now.  Where's most of the fan base?  Schools, libraries, internet cafes etc.  You'd also have to be careful that this approach didn't accidentally block proxies that are used between ISP's at Internet peering points; typically those are transparent, but you never know.

I think this approach would be useful for infrequent blocking of proxies when your site was being raided; turned off and on as necessary.



Kesteh said:


> Some sites provide a proxy blacklist. Hard to keep up but some autoupdate when new proxies appear.
> Only gripe I've hear was that it was too hard to maintain. But that was a couple years back.



8e6 offers this service, I'm sure there are open source version too.


----------



## Stratelier (Mar 20, 2009)

Irreverent said:


> I'm no coder but......I'm guessing that management of the $DisallowedHosts array would be problematic after a time.  You'd need to pre-load it with the 50K+ known internet proxy's (maybe a live feed from 8e6?) for it to be useful.


That's when you start logging IP addresses in a database table (keyed by IP) and simply run a SELECT query against the database.

However, as with all IP bans you do risk some level of collateral damage against innocent users.


----------



## whoadamn (Mar 20, 2009)

So, what could possibly make you think that they haven't made use of that thought in a much more efficient means?

Because you know, it's just so easy to design and run a website, maintain it for several years and somehow overlook the fact that there's also people out there you don't want to access it for whatever reason.

Here's an additional idea which could be used to bring in more revenue for the site: take a loaf of bread, cut it into slices and sell it. Just imagine the amount of people who would purchase that in lieu of plain old bread they'd have to slice themselves.


----------



## Carenath (Mar 21, 2009)

I didnt catch if anyone actually explained how this script works or not, but it is pretty simple. It just checks if your IP is on a list of disallowed hosts, or if any of the proxy-ports are open on your system. Most open proxies will accept connections from anyone, and generally use 80, 8080 and 3128, so this script will be enough to kick those visitors out. The downside is that it can catch out legitimate users as mentioned above.


----------



## yak (Mar 21, 2009)

You can't ban proxies. 
A lot of legitimate visitors come from proxies simply because that's how their network is arranged. A lot of AOL are behind transparent proxies. Public places computers are behind proxies, a lot of networks are behind a caching squid proxies. Entire ISPs are under proxies (obnoxiously caching proxies to boot, but that besides the point)
_Proxies are not the tool of the devil, they have their own legitimate purpose and uses._

Now, about the script.
For each and every incoming request it tries to establish a reverse connection back to the client on _eight ports sequentially_, and with a 1 second socket connection timeout. There is so many things wrong with this approach I don't know where to start.

1. First of all, if the client's firewall is set up to drop incoming packets destined to random ports instead of denying them, you are going to have to wait a full 1 second before socket timeout kicks in so the code can continue. That, times 8 ports being checked equal _8 second waiting time before the script even tries to process a legitimate user request_.
And Widows firewall DROPs packets by default. 

2. I run a password protected http/socks proxy at home for legitimate purposes, as some of my servers are configured to allow external access from specific IP addresses alone. I suspect a number of people have a reason to run their own too.
I am going to be denied access this way, why should I?

3. Okay, okay, there are online services that maintain their databases of open proxies and allow you to check an address against it. But it still requires one to open a socket connection to them, send request and receive a reply. Even that is enough overhead to significantly delay page generation time.
Besides FA would likely to DOS that service, with the amount of requests it gets that would need to be verified.


Whatever means you try to implement to combat proxies will result in each and every single user request being halted until their IP origin is verified, which is significant overhead compared to 0.002 sec. page generation times otherwise.

Is it worth it to make everyone suffer every time they use the site just to deny access to an occasional handful of trolls that one can ban and clean up the mess in under half an hour?


----------



## LizardKing (Mar 21, 2009)

yak said:


> _8 second waiting time before the script even tries to process a legitimate user request_.



Sweet, it doubles as a 56k emulator.


----------



## Toaster (Mar 21, 2009)

this code really made me lol.


----------



## Stratelier (Mar 21, 2009)

Yak said:
			
		

> A lot of AOL are behind transparent proxies.


Yes, and Wikipedia has had to block many AOL IP addresses in their history due to sockpuppets and troll accounts browsing via AOL.  The collateral damage was so bad that AOL ultimately agreed to send XFF headers so Wikipedia can log and record the correct (non world-facing) IP address for AOL users.



LizardKing said:


> Sweet, it doubles as a 56k emulator.



Even worse, a 56k at least _transfers data_ during those 8 seconds rather than just . . . waiting....

Straight up IP banning is simple enough already since your server already knows the visitor's (world-facing) IP address.  Just be careful when/where you use it and watch out for the collateral damage....


----------



## whoadamn (Mar 21, 2009)

whoadamn said:


> So, what could possibly make you think that they haven't made use of that thought in a much more efficient means?
> 
> Because you know, it's just so easy to design and run a website, maintain it for several years and somehow overlook the fact that there's also people out there you don't want to access it for whatever reason.
> 
> Here's an additional idea which could be used to bring in more revenue for the site: take a loaf of bread, cut it into slices and sell it. Just imagine the amount of people who would purchase that in lieu of plain old bread they'd have to slice themselves.





yak said:


> You can't ban proxies.
> A lot of legitimate visitors come from proxies simply because that's how their network is arranged. A lot of AOL are behind transparent proxies. Public places computers are behind proxies, a lot of networks are behind a caching squid proxies. Entire ISPs are under proxies (obnoxiously caching proxies to boot, but that besides the point)
> _Proxies are not the tool of the devil, they have their own legitimate purpose and uses._
> 
> ...



Somebody give me a table so I can rest this case on it.


----------



## Eevee (Mar 21, 2009)

1. DNSBL
2. php lol


----------



## Nanakisan (Mar 21, 2009)

Eevee said:


> 1. DNSBL
> 2. php lol



more like this when i was still buzzing around

1. hack computer
2. script computer
3. connect computer to DNS
4. make computer connect to other computers
5. we are sorry but you are a hacker and have 30 seconds till the FBI arrives

FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFuck!!!

lol


----------

