Ban users using proxys?

Forum Moderators: phranque

Message Too Old, No Replies

Ban users using proxys?

vileiz

6:38 pm on Sep 17, 2005 (gmt 0)

Hello,
I was wondering if there is any way to deny users who surf the site using proxy servers, i am running a phpbb site and it has a serious cookie flaw where anyone can pose as anyone [else under certain specific circumstances].
so i was thinking if there is any way of denying proxys from entering site using the deny #*$!.#*$!.#*$!.xxx feature, knowing most proxys are elite + using port 3128 , i am kind of unexperienced, thank you for your help in advance.

[edited by: jdMorgan at 8:23 pm (utc) on Sep. 17, 2005]
[edit reason] Removed specific hack info., [/edit]

jdMorgan

8:22 pm on Sep 17, 2005 (gmt 0)

A proxy is not necessarily a bad thing. There are many of them in use. For example, the entire AOL network is behind proxies, as are most satellite ISP users.

The problem is that 'good' proxies identify themselves and tell you that they're proxies, whereas 'bad' ones don't. So that makes trying to detect them rather difficult.

I'd suggest you contact the phpBB development group and ask for a patch to fix the security problem. The sooner you ask, the sooner it gets fixed. In the meantime, maybe you can try to keep up by denying certain IP addresses.

Jim