homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

Disable Anonymous Proxies
Is there a way to deny anonymous proxies from accessing our web servers?

10+ Year Member

Msg#: 4473981 posted 4:07 am on Jul 10, 2012 (gmt 0)

Does anybody know if there is a way to deny anonymous proxies from accessing our websites? We continue to receive fraudulent orders from people utilizing anonymous proxy servers to hide their identities. Is this possible in anyway? Any help would be appreciated.



WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

Msg#: 4473981 posted 4:31 am on Jul 10, 2012 (gmt 0)

A good anonymous proxy doesn't even announce that it's a proxy server so how would you know?

In order to do what you really want to do you need to have an extensive database of IPs that know the difference between office, residential IPs and hosting data centers, etc. and even then the residential and office IPs could be hosting an anonymous proxy. This will allow you to accept orders only from homes and offices, not server farms when most proxies are hosts. Then you can download a whole bunch of known proxy IPs and filter them out as well but these change daily so good luck with that. Additionally, legit residential IPs can be hacked and used or rented as an anon proxy by the botnet herder.

I used to always check orders and run each order IP through a GeoIP and compare it with the address on the order and compare the area code as well, plus the email address. If you end up with an IP from Texas for an order in Burbank, CA with email from France it should make you think twice about shipping the order. Also put a link from the address in order admin Google Maps helps too so you can take a quick look at the street view of the location and make sure it's not a boarded up shack, burned out ruin or a vacant lot.

FWIW, a couple of the top GeoIP services offer some ecommerce fraud products that might suit your needs. Additionally, some of the credit card processors like the one I currently use has an anti-fraud detection service as well which does OK.

Another possibility is to download and install a bot blocking script that provides a data center database which would block all requests from proxies at hosting companies.

Personally, I'd do all of the above for orders over $100 or whatever your threshold of pain is.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved