Welcome to WebmasterWorld Guest from 54.145.13.215

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Disable Anonymous Proxies

Is there a way to deny anonymous proxies from accessing our web servers?

     
4:07 am on Jul 10, 2012 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 16, 2003
posts:525
votes: 0


Does anybody know if there is a way to deny anonymous proxies from accessing our websites? We continue to receive fraudulent orders from people utilizing anonymous proxy servers to hide their identities. Is this possible in anyway? Any help would be appreciated.
4:31 am on July 10, 2012 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14624
votes: 88


A good anonymous proxy doesn't even announce that it's a proxy server so how would you know?

In order to do what you really want to do you need to have an extensive database of IPs that know the difference between office, residential IPs and hosting data centers, etc. and even then the residential and office IPs could be hosting an anonymous proxy. This will allow you to accept orders only from homes and offices, not server farms when most proxies are hosts. Then you can download a whole bunch of known proxy IPs and filter them out as well but these change daily so good luck with that. Additionally, legit residential IPs can be hacked and used or rented as an anon proxy by the botnet herder.

I used to always check orders and run each order IP through a GeoIP and compare it with the address on the order and compare the area code as well, plus the email address. If you end up with an IP from Texas for an order in Burbank, CA with email from France it should make you think twice about shipping the order. Also put a link from the address in order admin Google Maps helps too so you can take a quick look at the street view of the location and make sure it's not a boarded up shack, burned out ruin or a vacant lot.

FWIW, a couple of the top GeoIP services offer some ecommerce fraud products that might suit your needs. Additionally, some of the credit card processors like the one I currently use has an anti-fraud detection service as well which does OK.

Another possibility is to download and install a bot blocking script that provides a data center database which would block all requests from proxies at hosting companies.

Personally, I'd do all of the above for orders over $100 or whatever your threshold of pain is.