amuck-landowner

Check if a user is on a vpn / proxy

rds100

New Member
Verified Provider
Well, it gives 1 for all our busyness IPs (which are not proxies / VPNs), so... take the results with a grain of salt.
 

lbft

New Member
0.8425 for my residential connection. Clearly this needs some work.
 
Last edited by a moderator:

KuJoe

Well-Known Member
Verified Provider
0.8425 for my residential connection. Clearly this needs some work.
It checks the IPs around you in your /24 (I think it's /24 at least) and if any of them are running proxies/VPNs/webservers then it affects your score. It's great for new IP blocks that are picked up by hosting providers that haven't been tagged as such yet by databases.
 
Last edited by a moderator:

RTGHM

New Member
For those who want to integrate this into a PHP script, here's the code I use for my control panel:


if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) != true) {
$proxychk = file_get_contents("http://check.getipaddr.net/check.php?ip=".$ip."");
} else {
$proxychk = '-2';
}
echo $proxychk;
Works nicely with FraudRecord for quick screening without having to spend any money.
file_get_contents
 

KuJoe

Well-Known Member
Verified Provider
file_get_contents
If you know a better method I'm all ears. I'm not a software developer by any stretch of the imagination (ask vld, he did a complete audit of Wyvern). If you're implying about the potential security issues, then I would recommend adding more validation and sanitation to the script (I left it out as I was just providing the code to get the score).
 
Last edited by a moderator:

black

Member
Just wondering, is this any more effective than just banning every datacenter IP?

https://github.com/Zalvie/nginx_block_files
Cakey and I swap AS lists. I think at this point, if he's using my list as well, it's a lot bigger than the one published on github.

This system has

- a lot more ASNs banned than what's published on github.

- it has fine grained control for ASNs that offer both residential and server hosting (by using CIDR bans instead of ASN bans).

- It's able to infer if an IP is/isn't a proxy if it's not statically banned.

For these reasons, I think it's better.

Gives me 0.55 for my non-proxy/VPN external 4G IP.
Yeah, 0.55 isn't something to worry about. The server is saying I'm 55% sure this is a proxy, which is like guessing a coin toss. For administrators that use this service, I recommend them flagging a user (not explicitly banning them) for values > 0.75 (at the minimum).
 

rds100

New Member
Verified Provider
Sorry I just saw this. Can you give me some of the IPs in question? I'll look into it.
Just check AS16154. Of all the prefixes from this AS only several /24s are for VPS and dedicated server customers.
 

black

Member
Just check AS16154. Of all the prefixes from this AS only several /24s are for VPS and dedicated server customers.
My apologies. This AS must've been banned when I first started the project and didn't have fine grained control as well as the dynamic checks. All IP blocks were removed (except for a few) and it's no longer a banned AS.

@black:

well I've also got 0.55 :|
Nothing to worry about. 55% isn't much better than a coin flip toss (probabilistic speaking).

Nice project! Is it possible to use getipaddr.net to check info (from more page) of other IPs?
Not at this time. getipaddr.net is made to query your own IP address. I don't plan to expand it further unless there's some serious demand.

----------------

From Feb 1st to Feb 25 (now), the proxy check system has served ~950k queries. No one has really contacted me about any corrections (except for rds100, which I have corrected), so I think that implies things are working pretty well. Moving forward, please let me know any issues you have.

Thanks.
 

black

Member
@black:

May I ask what kind of setup/node served that 950k query? :)
1 master (main http server), 6 slave nodes ( for dynamic checks). If I continue to develop this project, I'll make the master server semi-redundant / distributed as well.
 

black

Member
Some updates: I'm working on a new version. Use check.dynamic.php instead of check.php

Dynamic checks are faster and there's more of them. I've added detection for 'bad agents' like spammers as well. 

There's 9 dynamic checks on the beta version. 

The backend slave servers are multi-threaded.

 

The old system got an update as well where everything is running in ram. I've adjusted some values because one attribute was being too heavy handed.
 
Last edited by a moderator:

black

Member
There's been some major improvements made so I thought I'd let people know. Firstly, I've curated my own datasets which is about 40 GB in size that I maintain on a daily basis. This means that queries take around 150 - 300 ms instead of 3 secs to 11 secs on previous versions. I've upped the query limit from 40 to 80 queries a minute. There are 15+ unique dynamic checks at this point, compared to < 10 in previous versions. When it comes to boosting in machine learning, the more weak classifiers there are (in this case, more dynamic checks), the better the result.

 

 

As always, this is 100% free. If you're having issues with bots scanning your application, crawlers, fraudsters, trolls, people trying to ban evade, etc, try it out.
 
Top
amuck-landowner