How do u go about locating a masked IP address and then blocking it

General PHP Help
#1

Hello everyone

I am not sure if this is the correct place to ask this question; but since it involves PHP I felt that I should try. I have 3 questions

[ol][li]What is the best way to block a region/country from accessing a site? [/li]
[li]Is it possible to create a ‘fake IP address’ so that it fools a website into thinking the user is accessing the site from a different country? [/li]
[li]Where can I get the list of IP addresses from?[/li][/ol]

I have built a travellers members sites (a guide to travelling around the world); the problem is that I have fake travellers registering on the site and then targeting legitimate members with fake scams.

i am now spending a substantial amount of my time searching out these fake members and deleting them from the site. I have noticed that all the fake travellers come from a certain african country ( I will not mention the name but i suspect that everybody knows which country I am talking about).
Accordingly, rather than waste my valuable time on ‘search and delete’ operations, why not simply block the entire country or region from, where the scammer are accessing the site,

Question One

What is the best and most cost effective way to block a region or country.

I realise that it’s possible to use .htaccess to block regions/countries; but I have also read that this solution is very consuming on your systems and also slows your systems down. Is there a PHP/Mysql solution that will not be a drain on my systems and will also not slow down my site.
I was thinking of using the following function to block user from registering on the site.

It works by simply checking whether the IP address of a ‘proposed new member’ is a blocked IP address :
[PHP]
//first obtain the IP address of user
$value = mysqli_real_escape_string ($dbc, $_SERVER[‘REMOTE_ADDR’]);

//Next; check if it’s a banned or blocked IP address

	// If   a banned IP address is submitted 
	// the system will simply return an empty string-and since the system requires an IP //address for registration-  the user is simply prevented from registering.

function banned_IPaddresses($value) {

  	$banned_IP = array('91.228.1.85' );
	
foreach ($banned_IP as $v) {
		if (stripos($value, $v) !== false) return '';
	}
		
}

[/PHP]

Question Two

I am using the code below to track the IP address of users to my site. The problem is that I am now engaged in a ‘cat and mouse game’ with this scam gang; they know that the ONLY WAY that I have been able to catch them thus far is by their IP addresses (i.e. they claim on their profile that they live in one country but the IP address clearly shows that they are actually accesses the site from another country).

I am therefore extremely concerned that they will soon find a way to fool my systems into thinking that they are indeed accessing the site from the stated country.

My question therefore is this; is it possible to do this or can I reply upon the code below to give me an accurate reading of where a user is accessing my system from.
If not, is there a better system/function for tracking IP addresses ?

[PHP]

$IP = mysqli_real_escape_string ($dbc, $_SERVER[‘REMOTE_ADDR’]);

				$SSID = htmlentities(SID);
				// If IP address exists
				// Get country (and City) via  api.hostip.info
			if (!empty($IP)) {
				$country=file_get_contents('http://api.hostip.info/get_html.php?ip='.$IP);

				// Reformat the data returned (Keep only country and country abbr.
                              list ($_country) = explode ("\n", $country);
                              $_country = str_replace("Country: ", "", $_country);
                              
                            }

[/PHP]

Question Three
Does anybody know where I can find the codes for IP addresses from; i.e the country and region codes ?

Thank you very much for your help everyone.

Warm regards

Andreea

#2

I think the easiest solution would be to use a GeoLocation service… I’ve used http://ipinfodb.com/index.php in the past. It’s free, has a simple php API. It has pretty good accuracy at the country level.

Basically, as soon as a vistor lands on your site, use their IP to query the IPInfo service which will return the County/City. Then redirect the “unwanted” visitors with header() or something similar.

That should take care of questions 1 and 3. The answer to 2 is “yes”… they could easily use a proxy.

That’s what I’ve got as far as a solution anyway…

#3

hello
Thank you to g0dzuki99 for his reply.

I have a question.

You mentioned that they can easily use a proxy; does this mean that the scammers can fool the systems into thinking that the IP address is from the USA as opposed to the proscribe country .? If so, is there any defence agasint this.

warm regards

Andreea

#4

You’re Welcome.

With a proxy, yes… the traffic will appear to come from what ever country the proxy is located in. AFAIK, there’s no way to really detect it - not at the web server level anyway. Unless you’re lucky and the proxy doesn’t send a user agent, or it says it’s a proxy in the user agent.

Welcome to life on the public internet :wink:

What sort of stuff are you trying to block? Post/comment/forum spam? Just curious… There isn’t going to be a single solution that’s going to fix this. Maybe with a combination of the IPLocation service, and some custom code to detect patterns, user agent checking, etc, you’ll have high enough success where you can deal with the ones that sneak through manually. Shrugs.

Edit:
Haven’t tested it out or even know how well and if it works but found this after a google search for “proxy detection php”:

[php]if (
$_SERVER[‘HTTP_X_FORWARDED_FOR’]
|| $_SERVER[‘HTTP_X_FORWARDED’]
|| $_SERVER[‘HTTP_FORWARDED_FOR’]
|| $_SERVER[‘HTTP_CLIENT_IP’]
|| $_SERVER[‘HTTP_VIA’]
|| in_array($_SERVER[‘REMOTE_PORT’], array(8080,80,6588,8000,3128,553,554))
|| @fsockopen($_SERVER[‘REMOTE_ADDR’], 80, $errno, $errstr, 30))
{
exit(‘Proxy detected’);
}[/php]

#5

hello again g0dzuki99

thank you and everyone else for your kind help.

You asked what i want to block. i basically want to block them from writing comments, writing to other members; registering on my site. . They are really causing a lot of problems for me; they acount for the second highest group of visitors to my site; yet i have not had one legitimate registration from that country.

Once they register on my site, they start sending all sorts of ridiculous scam letters to my members ; this of course gives my site a bad reputation; i now regard their removal as the top priority.

the ideas you have given have all been fantatic. i am thinking of just blocking them from logging into the members area and from registering for new membership (you can only post comments on my site if you are a registgered member) . That means, I only need to target a few pages for the added secruity . i will then also implement this proxy detection php script.

i am very intrigued as to whether it would work though . but its worth a try.

warm regards

Andreea

Sponsor our Newsletter | Privacy Policy | Terms of Service