VPN Detection.

[top50servers]

Ok so,

The majority of Proxies are now stopped with the jQuery on the gateway page, now I have the issue of voters using VPN's (such as hotspot shield) to change IP's as they please.

Any idea's on how to prevent this? I looked online but there isn't any real protection from them (thats free).

 

[Basti]

There fly around some php snippets who claim to detect proxy as well as vpn useage. Along this lines

function checkUser()
{
    global $_SERVER;
 
    // Check for Proper Encoding
    if($_SERVER['HTTP_ACCEPT_ENCODING'] != 'gzip, deflate')
    {
        $proxy = true;
    }
    else
    {
        $proxy = false;
    }
 
    // Check for Connection and Cache
    if(empty($_SERVER['HTTP_CONNECTION']) || strtolower($_SERVER['HTTP_CONNECTION']) != 'keep-alive' || $_SERVER['HTTP_CACHE_CONTROL'] != 'max-age=0')
    {
     
        // A Proxy or VPN Has Been Detected
        if($proxy == true)
        {
            $check = 'proxy';
        }
        else
        {
            $check = 'vpn';
        }
    }
    else
    {
        // Set Check to Null
        $check = null;
    }
 
    return $check;
}

That script claimed it identified
- HideMyAss Free Web Proxy as Proxy
- HotSpotShield Free VPN as VPN
- VPNOD Free On Demand VPN as VPN

Basicly it checks if the connection is set to keep-alive, if there is cache control and the likes.
This may work for some, but i belive its easy that it gives false positives

And seeing how that script is 2 years old, iam certain its a no-go by now

In the long run, since proxy and vps useage increase. We need to find a way of vote validating without ip ultimatively, but no idea yet how we could accomblish this, if at all

 

[Mark]

Cheaters and deadbeats will always find a way to cheat. The Internet is designed for anonymity, hence the reason hacktivists almost never get caught.

Vote validating without using the ip? No sir, not unless you want every person who votes to register an account or validate an email prior to voting..... Not going to happen.

 

[top50servers]

I know there are some that will always find a way around, but the average person who is using a big company brand name such as HotSpot Shield should be stopped as many users have access to this method. There are always people who slip though the cracks but I'd rather a drip then a flood.

 

[Mark]

http://visiolist.com/checker.php - try surfing here with hotspotshield or whatever VPN you want to block and report back the response. VPN are intended to appear as 100% normal user, they give zero clues.... I think you might need to focus on dealing with bad members rather than try to block the impossible.

BUT if you can find any reliable clues to identify a user is on VPN we are happy to write whatever code is required to block them. After reading on the topic for a couple hours, I have come to the conclusion there is no such clue.

 

[top50servers]

I found a site ( blocked.com ) which checks the IP against there list of 40 million or something ridiculous. I'm using there 1 week free trial over and over as they charge a $200 one time fee for the service. Baring in mind I haven't made any money since my toplist is less then a week old. Not good.