Skip to content

PHP Code to Check if Someone is Coming from a Open Proxy.

php open proxy check

As some of you know I’ve been moving to building my own offers and some other things on the advertisers side I’ll sharing later. In this quest I’ve found the most challenging thing is to flush out the fraud from the legitimate users. Everyone thinks being an advertiser is the way to go right? Affiliates send traffic and you pay them 5$ and you make 7-10$. Well if only it was that easy. Honestly being the advertiser or network would be the greatest thing since sliced bread if there wasn’t so much affiliate fraud. Now I’m not talking about Blackhat tactics or spam traffic generation stuff. I’m talking straight fraud such as stolen credit cards and lead stuffing. There’s large organized rings of fraudsters primarily in China, India, Phillipines, Vietnam, Russia, Turkey and a few other countries. So if any of my readers on from those countries and get denied for networks and offers a lot that’s why.

Why you should care

Fortunately most of the fraudsters aren’t that sophisticated from what I’ve seen, so there’s a lot of ways to flush them out of the bushes and cut your losses before they start. There’s very good reason to catch them “Before” they start. As an advertiser the last thing you want is a large number of charge backs or stolen credit cards running through your system. If enough of this happens you can be blacklisted for any merchant account. Therefore the prevention of these transactions going through is a good place to begin.

One of the hard parts about owning a network or running an offer is the careful balancing act between what you let through and what you block. You could lock down your affiliate approval or purchase system tighter then a drum and approve hardly anyone. Or you could let everyone through but these are extremes of the spectrum of course. So the goal is to build little checks in to weed out most of the fraud before it starts. One thing I’ve chosen is anyone signing up with a proxy is going to get denied. If you can’t signup with your real IP I don’t want to do business with you. Maybe I’m going to knock out some sales and some affiliates this way but it’s worth it so I don’t have to deal with as much fraud.

Now there’s no way you can block all proxies, I know this but you can weed out the simple ones by checking the regular open proxy ports which are 80, 8080, and 3128. I’ve written a little function that you pass the IP address to and return 0 or 1 based on whether those ports are open on the IP. So that when an affiliate applies or a sale goes through I check if the IP ( address of the computer) is coming from computer that has those ports open. 99.9 out of a 100 home users aren’t going to have any of those ports open.

Just take this code and stick it in your sign up form or registration form and decide how you want to deal with these orders or sign ups. You may want to just throw them into a queue to be manually checked. Or build a rating system based on points. How you handle things is up to you.

PHP Proxy Port Checking Code:

function ipProxyPortCheck($ip){
//timeout you want to use to test
$timeout = 5;
// ports we're going to check
$ports = array(80,3128,8080);
// flag to be returned 0 means safe, 1 means open and unsafe
$flag = 0;
// loop through each of the ports we're checking
foreach($ports as $port){
// this is the code that does the actual checking for the port
@$fp = fsockopen($ip,$port,$errno,$errstr,$timeout);
// test if something was returned, ie the port is open
if(!empty($fp)){
// we know the set the flag
$flag = 1;
// close our connection to the IP
fclose($fp);
}
}
// send our flag back to the calling code
return $flag;
}
// call our function and check the IP in there
echo ipProxyPortCheck('69.217.73.52');
?>

Hope this saves some advertisers and affiliate networks some time and money.

9 Comments

  1. audax audax

    Other method I use is to reverse the IP to a physical location using MaxMind GeoIP or something of the sort, and then compare the signup address to the location of the IP address. It’s not fool proof but can help flag possible fraud.

  2. ptv ptv

    I appreciate the idea and code provided. But …
    What if our prospective customer has installed some kind of port scanning warning software? The probablity is low, but the risk of being suspected of “hacking”?

    Maybe some kind of third party service not connected with us is better?

  3. I would definitively go with the flags or points approach… I really can’t justify auto-banning someone because he has a port 80 open… besides, many home based routers do respond to a port 80 query because they have web administration enabled…

  4. audax: I was going to make a post about maxmind next.

    ptv: this isn’t a full proof plan just a point of diversion, you definately need to combine it with other tactics. You’re never going to get all the fraud from the get go but the more strategies you have the better.

    webmasters: agree’d. To your point about routers, most routers don’t open port 80 on the wan only the lan. Again not full proof and should be added to a points system I agree. But yet another tool in the quiver.

  5. Our problem at Chatropolis.com is that advertisers will use scripts to post advertisements from open proxy switching software. We literally have a 100,000 proxy users so I would want to look for open proxy users. Services like TOR give a nobel speach but all that comes is illegal advertising and kiddie porn from them. I have never examined a TOR user exit node because the user did something nice.

    I want to stop all open proxys from using our site. There would be no reason somebody needs to use an open proxy. In most cases These services help people break a law weather it’s Chna’s policy on pornagraphy or Iraqs. I don’t believe my site is something someone needs to access against it’s countrys laws. Also the paranoid line on privacy is a load of crap. If your ashamed about your body,sex or the conversation there of join the Nunnery.

    Does anyone have ideas on checking for open proxys 500,000+ times a day and not need a cluster of super comps to do it?

    MJL
    For Chatropolis.com

  6. Hugh Hugh

    Thanks for your script, it was very helpful.
    Does anyone have some code I can use to block users using TOR?

  7. You can get a list of all the tor ips pretty readily. Just get that list and check your visito against it.

  8. MJL: Quova’s GeoPoint gold service includes a list of known open proxies. You have to pay for it, but you can then just create an exclusion list for apache or whatever you’re using.

  9. Skype takes over ports 80 and 443 when there’s nothing else on them.

Comments are closed.