Banning Proxy Sites on a website

[4u-domains]

One of our clients runs a large and active Video Gaming battle community, similar to www.GameBattles.com

One annoying issue is that people will register and play on the site using a proxy service. This opens up the possiblilites of fraudulent play and general cheating.

Therefore, does anybody know of any software that will spot a proxy and immediately intervene with a 'Er, please xxxx off' message ?

Thanks in advance.

[Acro]

You can block IP ranges or hostnames at server level.

[4u-domains]

Nah, thats just reactive and what they have been doing here and there.

They need a system that spots that a proxy is trying to access the site and immediately block them, giving them a message to contact the staff.

This will also block some ISP users and and colleges but overall it may well be worth it.
I know they exist and I had a look last year but to have one that is half-intelligent was darn expensive.

[tres]

1) Subscribe to a service that offers IP's from known spammers and proxy services. Do some searching, you will find many list.

Here are a few, http://www.stopforumspam.com/ https://check.torproject.org/cgi-bin/TorBulkExitList.py

2) Check the http headers sent from the client. Most legit proxy services will provide a clue in the forward-for or other information passed at the time of connection.

Nah, thats just reactive and what they have been doing here and there.

They need a system that spots that a proxy is trying to access the site and immediately block them, giving them a message to contact the staff.

This will also block some ISP users and and colleges but overall it may well be worth it.
I know they exist and I had a look last year but to have one that is half-intelligent was darn expensive.

[4u-domains]

yeah, but i cant see how i can automatically block these sorts of visitors from even entering the site.

Sure, I can place a truck load of known spamming IPs in my server to check but thats just being reactive. I want to find something proactive.

[tres]

yeah, but i cant see how i can automatically block these sorts of visitors from even entering the site.

Sure, I can place a truck load of known spamming IPs in my server to check but thats just being reactive. I want to find something proactive.

There are more sophisticated methods of identifying visitors using a proxy service, i.e. automaticly checking for a proxy serivce on the connecting IP address when a user tries to submit data through a form.

Other then buying a crystal ball, i don't know how to know ahead of time if the visitor is likely to spam your website.

As for automatic proxy checking, you might find something on sourceforge.com but you will likely need to have it custom coded.

[Jacksplat]

Some users can't surf the web without using a proxy. There are several proxy options as well. web-based, pc-based and even browser based. There's only a few identifiers, such as ip etc.. each are changable pc side as well as from a web based proxy site. I have several proxy sites which I change ips whenever they get blocked, I also change domain names on some with a landing page that doesnt change. An ip is extremely cheap. I buy a bunch at a time and renew them here and there. cgi proxies have access even to forums, bank accounts and other secure servers (https) while php and other such proxies get you into most everyday websites. You'll have a hard time stopping people from getting in. If people want to be creative they can maintain a connection with a leased ip and let it expire so their ip changes often.

Good luck, try not to use up all your time with this

[4u-domains]

Some users can't surf the web without using a proxy. There are several proxy options as well. web-based, pc-based and even browser based. There's only a few identifiers, such as ip etc.. each are changable pc side as well as from a web based proxy site. I have several proxy sites which I change ips whenever they get blocked, I also change domain names on some with a landing page that doesnt change. An ip is extremely cheap. I buy a bunch at a time and renew them here and there. cgi proxies have access even to forums, bank accounts and other secure servers (https) while php and other such proxies get you into most everyday websites. You'll have a hard time stopping people from getting in. If people want to be creative they can maintain a connection with a leased ip and let it expire so their ip changes often.

Good luck, try not to use up all your time with this

Yeah, looks like i'm on a hiding to nothing.

Its nothing to do with spam, its about stopping people creating multiple accounts. I guess then, its just not possible for a system to deduce if a visitor is using a 'ghost' IP address , other than checking it against a rogue list, which doesnt really help, in this case.

Of course, its really complicated. All large bodies of learning are using proxies and indeed a lot of ISPs themselves could be considered as running proxies.

Unfortunately, cheaters will continue to wreak havoc on our gaming networks. We still use some manual checks on suspicious activity and there are IP checks on all processes incase they forget to log in with a proxy.

Umm... When people use proxies, the IP changes randomly. If thats the case then they may struggle to use the same IP again.
In which case.... upon registering on the gamebattle site maybe I can write a program to LOCK in their IP upon registration and ONLY allow that IP to be used when creating a team and reporting results...

Possible!?