Deny acces from proxy to my PHP website

Question

Is this even possible?

I have a website running PHPBB3 and there is a user that got banned, but still keeps comming back. I ha ve found out he is using Proxies to bypass his IP ban and new accounts to bypass his accountban.

Is there a way todetermine if the Host is using proxies? or if not is there any website out that list public/free proxies that i can add my ban list?

thank you

Answer 1

Just add these lines to your root .htaccess file

RewriteEngine on
RewriteCond %{HTTP:VIA}                 !^$ [OR]
RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
RewriteRule ^(.*)$ - [F]

Read more about this were i learned it, here

Answer 2

Yes and no. You should check out the great response here: https://superuser.com/questions/284927/how-to-get-the-real-ip-address-of-someone-using-a-proxy

But, there are things you can do. Just enable email validation, and ban the email addresses. He will eventually run out of them.

If he is a spammer, you can try using Advanced Block Mod ( https://www.phpbb.com/customise/db/mod/advanced_block_mod/ ) - it helped me a LOT on some websites that were targeted by russian spammers :)

That's about all I can think of at the moment.

Answer 3

Here's a few ideas:

• You could check the X-Forwarded-For: header to see if it matches $_SERVER['REMOTE_ADDR'], but this can be spoofed by a malicious or badly configured proxy
• You could find a list of open proxies, however you won't find a complete list. For example, I believe the Tor project maintains an exit node list.