Test: Proxy prevention

Discussion in 'General Discussion' started by Basti, May 10, 2013.

  1. Basti
    • Staff

    Basti Administrator Staff Member

    Ok guys i want to test out a simple method to stop a few, yes just a few, as you cant block every proxy. Especially with a htaccess or php method which checks the headers, its almost impossible to block as most fake/remove the needed headers.
    This method will work out for proxies not running javascript by default and a few older ones where this method will break their url in the browser.
    It is to point out that, if you dont have problems with proxy cheating, skip this. As you will kill legitimate proxy voters.

    What we will do is kill the html link to vote on the gateway ( so yes, gateway is required ) and append it again using javascript. Ive tested out a few proxies but more input would be useful to see how many are actually affected with this method

    So lets start, open up gateway.html

    search for this code ( this is how it looks like in parabolas default file ), if you dont find this code, please let me know how yours look like so you do it correctly.
    Code:
    jQuery(document).ready(function(){
        jQuery(".visio_button").hover(function(){jQuery(this).stop().animate({opacity:0.8},250)},
        function(){jQuery(this).stop().animate({opacity:1.0},250)})
        });
    Change it to this
    Code:
    jQuery(document).ready(function(){
        jQuery(".visio_button").hover(function(){
            jQuery(this).stop().animate({opacity:0.8},250);
        },
        function(){
            jQuery(this).stop().animate({opacity:1.0},250);
        });
     
        var countdown = 5;
        var vote = $('#vote span');
        function doVote() {
            var link = '{$list_url}/index.php?a=in&u={$username}&sid={$sid}';
     
            if (countdown > 0){
                $('#vote span').html('Please wait '+countdown);
                window.setTimeout(function() {
                    doVote();
                }, 1000);
     
                countdown--;
            }
            else {
                $('#vote').attr('href', ($('#mc_user').val()) ? link + "&mc_user=" + $('#mc_user').val() : link);
                $('#vote span').html('{$lng->gateway_vote}');
            }           
        }
        doVote();
     
    });
    Ive included also a simple countdown the user needs to wait until he can click vote. If you do not need it, simply change the countdown base value to zero ( 0 )
    Code:
    var countdown = 5;
    Next up, find this
    Code:
    <a href="{$list_url}/index.php?a=in&amp;u={$username}&amp;sid={$sid}" class="visio_button large_button green" target=""><span>{$lng->gateway_vote}</span></a>
    Change to
    Code:
    <a href="#" class="visio_button large_button green" id="vote" target=""><span>{$lng->gateway_vote}</span></a>
    Thats it. Ofcourse if the user is clever enough he might break it. But i find this pretty useful to block at least a few of them
  2. cajkan

    cajkan Active Member

    Very good Basti.

    I have 1 question -
    What if users / visitors dont realise that we use this kind of cheat protection, and they gonna complain that our website dont work as it should.
    Is there any chance real votes get stuck in this?
  3. Basti
    • Staff

    Basti Administrator Staff Member

    yes there is chance that legitimate visitors are catched with it. There is only block proxy(some) or dont block. Thats why i said if your certain all is ok on ur list dont do it
  4. panzerdude

    panzerdude Member

    Thank you Basti,

    I've just make the edits and tested it on 10 proxy sites that I know work with other top sites and with these edits it stopped the proxy votes from counting on my site.

    I am going to definitely going to be using this.

    BTW is there any advantage using var countdown = 5; like for automated vote bots or anything, do you recommend using this option?
    Basti and Mark like this.
  5. Basti
    • Staff

    Basti Administrator Staff Member

    That sounds good :)
    No the visual countdown was simply a request i had by a VL user ( for who i did this ), so i thought to include it for anyone wanting to use it.
    However who knows if it might as well stop bots, i dont know how they function. But maybe they dont wait 5 seconds
    panzerdude likes this.
  6. panzerdude

    panzerdude Member


    Ok cool thanks
  7. cajkan

    cajkan Active Member

    Was wondering, what if - visitor vote for 2 sites?

    Example for :
    Category: Aion
    Category: WoW
  8. Basti
    • Staff

    Basti Administrator Staff Member

    what does that have to do with this? please keep this for the proxy discussion only
  9. panzerdude

    panzerdude Member

    Hi,

    I've had some reports of members getting 403 errors, is there any way the plugin is doing that or edits to the htacess file would be causing those inadvertently.

    Code:
    RewriteEngine on
    RewriteCond %{HTTP:VIA}                !^$ [OR]
    RewriteCond %{HTTP:FORWARDED}          !^$ [OR]
    RewriteCond %{HTTP:USERAGENT_VIA}      !^$ [OR]
    RewriteCond %{HTTP:X_FORWARDED_FOR}    !^$ [OR]
    RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
    RewriteCond %{HTTP:XPROXY_CONNECTION}  !^$ [OR]
    RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
    RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
    RewriteRule ^(.*)$ - [F]
    
    Thanks,
  10. Basti
    • Staff

    Basti Administrator Staff Member

    RewriteRule ^(.*)$ - [F]
    Thats means if any rule above that match, forbid them access ( 403 )
    Would bet hes using one of the few proxies where that htaccess code is working
  11. ADKGamers
    • Licensed

    ADKGamers New Member

    I was one of those individuals that was blocked with a 403 while accessing from my home network. Along with some others from around the country/world who I asked again if they were on a proxy and they said no. I don't use proxies and never will use them...just a pain in the ass for me.

    It's working now, but there were a few days where I couldn't access the site here and there.
  12. Basti
    • Staff

    Basti Administrator Staff Member

    Well iam not to familar with that piece of htaccess, but a rule, dont know which is kicking in. You might better remove it until you actually have problems with proxies
  13. ADKGamers
    • Licensed

    ADKGamers New Member

    Yeah I'm not certain what he did, if he changed anything or not. I haven't gotten the issue at all in the past 2 days or so, so he might have removed it.
  14. panzerdude

    panzerdude Member

    I've removed the extra htaccess code now, I'll just still with the proxy prevention plugin from here on out. I don't know what was throwing out the server errors, I'll just have to keep an eye on things. Thanks
  15. top50servers

    top50servers Active Member

    The jquery did not work for me, there was no timer displayed and the link never allowed me to vote.

    If this needs updating could it please be done. I am having issues with proxy servers and need a way to control it.
    Basti likes this.
  16. Mark
    • Staff

    Mark Administrator Staff Member

    just a thought on proxy prevention, what about using public blacklists?

    the following sample script could be easily converted to a plugin
    http://snipplr.com/view/64564/
    Basti likes this.
  17. Basti
    • Staff

    Basti Administrator Staff Member

    Good catch top50! This is cos of the updated jquery and we forgot that change
    If you open up gateway.html you see at top
    Code:
        <script type="text/javascript" src="js/jquery-1.4.4.min.js"></script>
    
    The version need to be 1.9.1 , so
    Code:
        <script type="text/javascript" src="js/jquery-1.9.1.js"></script>
    
  18. top50servers

    top50servers Active Member

    Updated the jquery, the timer and link still do not change. (Timer doesn't show up, I assume it is meant to.)

    [​IMG]
  19. Basti
    • Staff

    Basti Administrator Staff Member

    And you made the edit to the vote link also?

    I just followed my steps again to make sure and it does work
  20. top50servers

    top50servers Active Member

    Edit: FIXED!

    I had to change the src= to my domain name.

    Code:
     <script type="text/javascript" src="http://www.your-domain.com/js/jquery-1.9.1.js"></script>

Share This Page