Someone is trying to get round an IP ban (they're accessing from a work IP) by using an anonymous proxy at something called radicaloverthrow.com

The referrer URLs take the form http:// www. radicaloverthrow. com / prox/pf.php?url=http:/ /www.mydomain.com/forum/example-vt2241.html

I tried blocking it in my .htaccess with the following:

Code: Select all

SetEnvIfNoCase Referer radicaloverthrow.com spammer=yes

Order allow,deny
allow from all
deny from env=spammer

But it didn't work. When I tried accessing through that URL, it was still getting through.

Is there a better way of blocking it? I simply do not want this person sniffing around my site, period.

Thanks.

[dcz: I know this has nothing to do with SEO, sorry, but you seem to know so much more about mod-rewrite than anyone else]

Have you considered the Block Open Proxy Registrants MOD?

::edit:: oops, nevermind. you are probably talking about browsing your site using proxy, not just registering.

Well you could try to block access based upon the referrer, but, it can be empty so it's not 100%.

The easiest and most secure way to block access from a proxy, besides implementing a script that checks is the client is a proxy, wit a script, is to just block the proxy ip itself.

If the proxy service is not using many ips, it's easy, you just need to add :

Code: Select all

Satisfy any
Order Deny,Allow
Deny from xx.xx.xx.xx
Allow from all

at the begining f your root's .htaccess.

Where xx.xx.xx.xx would be the proxy ip, you can find it in the server log.

++

Yeah, have already set an IP ban for that particular one. But having looked into it, there are thousands of the goddamn things out there. I was hoping to be able to block by the referrer but that doesn't seem to be working.

The mod linked by Peter77 can be a solution, if proxy user cannot register, it will help

To keep anonymous bots from registering on your forum use botscout-php and api. I'm still searching for a good overall proxy deny solution for my site.

maxmind does provide with a geoloc db which lists a decent amount of proxies ips. But I don't know of any exhaustive list, so it's always a difficult matter, and it's also not always desirable to block all proxy usage, since they could after all just be used for good reason (privacy, connexion from work or not so free countries etc ...).

Yes, that's the thing about the casting a wide net approach - google-feed-fetcher uses a proxy and so do other valuable assets

I have combed the net looking for a solution as well, as of right now I have only found 1 decent source, which so far proves semi useful, but doesn't completely block proxies.
Information Source - Click here!


--Let me add that some real players have ISPs that connect them through proxies, this may result in wanted users being unable to access your website.

I had to make another post because I can't put more than 1 link, but the same place has also compiled a blacklist for known proxies, I hope this helps, if not hopefully someone will develop something more useful as proxies are becoming more coming everyday


Information Source - Click here


""Just realized this post was ressurected from 4 yrs ago!! Geez whose digging ? lol""