This is my Anti-Proxy hack, works with any vBulletin version.

Just download the attachment.


What this hack does

This hack prevents anyone from accessing your site through a proxy.

This is pretty useful if you have a large/semi-large community like mine (www.bnfreak.com) with a lots of young / immature members.

If someone gets banned he will most likely try to come back through a proxy, this is what this hack prevents.



You can also customize it (like I did on my forums) to simply prevent new registrations from proxies rather than the whole site. To do this, just edit register.php instead of global.php



Don't forget to click Install ;)

description please ???

Pretty self-explainable:

Prevents proxies from accessing your forums.

hum... i see, the only thing that will be brought here is that 30% of the internet will not be able to visit your board... good for you, but not really useful. anyway, anybody can release a hack.. ;)

with all due respect to my vb duders but what the hell is the point of this hack?

with all due respect to my vb duders but what the hell is the point of this hack?
To keep users, youve banned from your site via ip, off your site.

To keep users, youve banned from your site via ip, off your site.

Indeed, can be very useful if one has a particular problem with trollers. Thanks :)

hum... i see, the only thing that will be brought here is that 30% of the internet will not be able to visit your board... good for you, but not really useful. anyway, anybody can release a hack.. ;)
Look man, I have a forum I can call large enough and we're a young community, many are very immature for instance if they get banned, they'll proxy back in and spam the website.

That's what this hack prevents.

thank you. i didn't mean to sound in any way like a smart mouth...

ohh i see....yes this is very useful...lol...

next time dude, explain for us that may not know. :nervous:

thank you. i didn't mean to sound in any way like a smart mouth...

ohh i see....yes this is very useful...lol...

next time dude, explain for us that may not know. :nervous:
Alright, just edited my first post

thank you sir

Nice work

Is there a way to exclude some proxies please :)

Thanks

Stupid question, but won't this block all AOL users and anyone else who's ISP automatically goes through a proxy (like Freeserve for me)?

This blocks all proxies that gives out HTTP_X_FORWARDED_FOR, HTTP_FORWARDED or the most common, HTTP_VIA.

High anonymity (sp?) proxies don't return any of those variables, so if you're on one of those you're fine.

Couldn't really say if AOL has one of those variables since this connection is very uncommon where I'm from.


And @ excluding proxies, yes there's a way, you can add safe proxies in an array and check if the remote address = this proxy.





// Add the safe proxies in this array
$safe_proxies = array('127.0.0.1','127.0.0.2','24.223.123.123'); // Safe Proxies

if (( isset($_SERVER['HTTP_FORWARDED']) || isset($_SERVER['HTTP_X_FORWARDED_FOR']) || isset($_SERVER['HTTP_VIA'])) && !in_array($_SERVER['REMOTE_ADDR'],$safe_proxies) )
{ die("No Proxies"); }

Excellent Hack!

Thanks for sharing Cerb. Installed and happy.

1 question. Is there an easy way to test this?

1 question. Is there an easy way to test this?
Use your ISP proxy, and surf to your own site. :)

Great Hack,thanks!!

Very nice ... ;)

Click install!

Hehe! Great hack after playing with it for a day, pissed off 1 or 2 people in the process but who cares. Security should always be the #1 priority.

this is exclude alot of users who browse inside companies or schools who must use proxies

That is true! This hack is not for everyone.

Yeah this hack is for people with forums like mine (www.bnfreak.com) with lots of kids that knows some things about computers and try to be funny by registering through a proxy and spamming. Anyways, doesn't work anymore with this ^_^

And if you wanna test it, just get a proxy (www.stayinvisible.com is a good site for them), Avant Browser is the most idiot-proof browser for proxy support :-D and well, try visiting your forum, you should see a "No Proxy" error message.

I signed up for and am surfing your site via a proxy right now and it's not doing anything to me.

Read your PM.

Like I told you, this hack does not work on High Anonymousity proxies.

it only works on proxies that return the HTTP_VIA variable, which contains every but High Anonymous proxies.

I added this and a lot of my regulars complained that they couldn't get on so I removed it.

I need a hack like this, but is there really no way to detect a high anonymity proxy?
I guess, the most trolls will use high anonymity proxies :(

Could anyone help me to modify this hack, so that high anonymity proxies are blocked too?
Isn't it possible to identify a high anonymity proxy on the basis of missing private header information?
( or just any proxy? )

Great Hack This Will Work Great For ME!

You can also customize it (like I did on my forums) to simply prevent new registrations from proxies rather than the whole site. To do this, just edit register.php instead of global.php

Don't forget to click Install ;)


*clicks install* great hack. i'm a bit of a noob at this, but i like the idea of preventing proxy users to register, but still letting them view the forum.

following your instructions above, am i correct to put the hack above this line?

// ####################### SET PHP ENVIRONMENT ###########################

Erm...this sounds like a good idea and all, but do you think there is any way to keep those kids who just change their IP's and reregister away? I have more problem with those than people with proxies. Most people I catch on my board using a proxy are people who are at school or something and need to get around their schools web administration. I have a few people that use 'em to get around proxies at work as well.

I too couldnt find the "//identify where we are" in teh register.php and havent successfully installed it in the register.php, always get errors. Anyone know where this should do then if not on top?

Thanks

Find this bit in register.php:
define('NO_REGISTER_GLOBALS', 1);
And underneath add:
if (( isset($_SERVER['HTTP_FORWARDED']) || isset($_SERVER['HTTP_X_FORWARDED_FOR']) || isset($_SERVER['HTTP_VIA'])) && !in_array($_SERVER['REMOTE_ADDR'],$safe_proxies) )
{ die("No Proxies"); }

BTW: Does anyone know how to make this redirect to an html page instead of it saying No Proxies?

I upgraded to 3.0.5 which of course overwrote my register.php but when I put it back in the new register.php it no longer works correctly.... I am now getting this error

Warning: in_array(): Wrong datatype for second argument in /home/al7bar/public_html/forums/register.php on line 19

really excellent you may have saved my forums

great work! thanks

anyway to display something like my forums header and the message or ability to display a graphics box with text in rather than just plain text

BTW: Does anyone know how to make this redirect to an html page instead of it saying No Proxies?
Change:
if ( isset($_SERVER['HTTP_FORWARDED']) || isset($_SERVER['HTTP_X_FORWARDED_FOR']) || isset($_SERVER['HTTP_VIA']) )
{ die("No Proxies"); }
To:
$Proxy_Detect = isset($_SERVER['HTTP_FORWARDED']) || isset($_SERVER['HTTP_X_FORWARDED_FOR']) || isset($_SERVER['HTTP_VIA']);

if($Proxy_Detect){
header("Location: http://YOURSITE.com/YOURPAGE.HTML");
}

Change: http://YOURSITE.com/YOURPAGE.HTML to your settings. :)

It's a good modification, however in the process it will knock off a lot of users, perhaps research proxies and find out what information they do output, collect this information into an array and check if this is matched while browsing? That way it would only knock off those proxies instead of all, just a thought.

- Zero Tolerance

I assume this hack is not aimed at the uk, since you would kill off a major number of potential members (the major uk ISP's such as ntl and freeserve use proxy servers).

nice, just what i was looking for
some of us dont care if 99% of internet users can not see our site

dont like it, dont use it
no need to bash something because its not useful to you particularly

thanks for the hack
will help me stop abuse

I tried this exact same hack before. 3 seconds after I installed it, every AOL user on the site IM'ed me saying they were blocked from the site. I visited my own site through my AOL and this variable existed:

$_SERVER['HTTP_VIA'] = "HTTP/1.1 (Velocity/1.1.1 [uScMs f p eN:t cCMp s ]), HTTP/1.1 dtc-ad09[CDBC74CB] (Traffic-Server/5.3.8 [uScM])"

As much as I would like to ban proxies or ban by IP at all, I just figured it would be easier to turn on admin validation for new user registrations.

If AOL didn't use proxies such as that one then I would probably use it. Of course if you didn't use AOL's default browser and opened up an external browser, then the AOL proxy vars aren't there anymore. But most AOL users aren't smart enough to do that, or they are just too lazy to.

hehe @ the aolers
im about to add deny from aol.com to my .htaccess file :)

That's fine, if you're don't mind blocking a large chunk of the internet community from accessing your site... whatever spins your wheel I guess :)

It doesn't work when I tested it with www.guardster.com

Any way around this?

if someone used this code here, to detect what the real IP address is, (unless sent by a annonomous proxy) how could, or could u use that to help stop banned users from coming back under a proxie? or would this help in any other way

if (getenv("HTTP_FORWARDED") != ""){$ip = getenv ("HTTP_FORWARDED");$proxy_used = 1;}
elseif (getenv("HTTP_X_FORWARDED_FOR") != ""){$ipt = explode (",",getenv ("HTTP_X_FORWARDED_FOR")); $ip=trim($ipt[0]);$proxy_used = 1;}
elseif (getenv("HTTP_CLIENT_IP") != ""){$ip = getenvgetenv("HTTP_CLIENT_IP");$proxy_used = 1;}
else {$ip = getenv ("REMOTE_ADDR");}

ok a guy just emailed me, hack is working ;D hes at work, they have a proxy so he cant register, but instead of just getting a page that says no proxies, he got this error message

Warning: in_array(): Wrong datatype for second argument in /home/asylum/public_html/forums/register.php on line 18 No Proxies

so i need to fix that also id like to put as the message "Sorry but this site does not allow people using a proxie"

nice, just what i was looking for
some of us dont care if 99% of internet users can not see our site

dont like it, dont use it
no need to bash something because its not useful to you particularly

thanks for the hack
will help me stop abuse

If you do happen to stop by this thread at some point, care to re-read what I've quoted, if your site was getting you a whole load of revenue then you would care that 99% of internet users couldn't access your site, so a suggestion don't complain if your traffic takes a nose dive that you cannot pull out from, he wasn't bashing it he was just pointing it out. ;)

To jog your memory I was talking about your reply to PaulM

If you do happen to stop by this thread at some point, care to re-read what I've quoted, if your site was getting you a whole load of revenue then you would care that 99% of internet users couldn't access your site, so a suggestion don't complain if your traffic takes a nose dive that you cannot pull out from, he wasn't bashing it he was just pointing it out. ;)

To jog your memory I was talking about your reply to PaulM
did u see me quote paulm? i was talking about the ones bashing the hack
you know that one guy that sits here all day refreshing the main page waiting for a hack to be released so he can make negative comments?

btw, dont u go worrying yourself about my site as i could care less
im not into making a popular sites for the masses...its a small semi private site so this hack is perfect for me
only wish i didnt have 2 users that sometimes use aol or i would make it sitewide instead of register.php only :)

NICE. I have the same type problem with pissed off users coming back on proxies. I have a hack to where it tells me their actual IP and the proxy so I can ban both, but I may just install this...that is if it doesn't block AOL :)

that is if it doesn't block AOL :)
it does
i had my 2 aolers test it

ok a guy just emailed me, hack is working ;D hes at work, they have a proxy so he cant register, but instead of just getting a page that says no proxies, he got this error message

Warning: in_array(): Wrong datatype for second argument in /home/asylum/public_html/forums/register.php on line 18 No Proxies


so i need to fix that also id like to put as the message "Sorry but this site does not allow people using a proxie"

Same error here

It'll probably block all NTL (UK) users as well being as we all behind proxies. This why I don't like any hacks that ban proxies.

would it not be better to moderate users who register using a proxy? which also includes the real ip to compare?

yes, it prolly would. also an easy work around for AOL at least, would be to get the host by ip and see if it has AOL in it and let it through.

Excellent Hack!

Great hack! I'm doing this soon!

Could anyone help me to modify this hack, so that high anonymity proxies are blocked too?
Isn't it possible to identify a high anonymity proxy on the basis of missing private header information?
( or just any proxy? )

I would like to know as well?

No one knows a modification that will work?

Yeah. Not sure if I posted this before, but this hack doesn't work with my v3.6.8. Is something better out there?

It didn't work for me <.<, I tested it on a proxy.