Say, a merchant have an asp.net with c# e-commerce website abc.com, he would like to allow Spanish customers only. But a credit card fraudster located in Greek attempts to purchase goods online with a stolen credit card having a Span billing address. System try to protect the fraud by matching up customer IP location and billing address but the fraudster can bypass this check by selecting a proxy located in Span.
So, is this possible to block the proxy user? I do not want any third party paid proxy detector.
I have following discussion regarding proxy, but non of them is match enough with me.
Proxy detection,
.NET proxy detection and http://www.maxmind.com/app/proxy (paid service)
As I guess, we may able to detect proxy customer by knowing what DNS he is using in his machine. Normally, customer should use the DNS of ISP of IP. If customer is using another public DNS, can we treat him as a proxy user?
Any idea would be appreciated.
If flash is a viable option you should be able to detect the users real ip that way.
Related
From 《HTTP Definitive Guide》:
private HTTP proxy are not common, but they do exist, especially when running directly on the client computer. Some browser auxiliary products, as well as some ISP services, will run some small proxies directly on the user's PC in order to extend browser features, improve performance, or provide host advertisements for free ISP (Internet Service Provider) services.
how to understand it?
why it can extend the browser features?
A private proxy acts as an intermediary between a client and the internet. Applying a private proxy means that one client is exclusively using the dedicated IP address at a given time. When a private proxy is in use, requests run through the proxy server (which masks the client’s original IP address) first, and only then connects to the internet resources to fulfill client’s requests.
Private proxies provide you with the highest level of anonymity, they are used not only for personal but also for business purposes. While personal use cases usually involve anonymity and you can setup your Chrome browser to use a proxy which will route all traffic via a specific endpoint, business uses are different.
For example, ad verification companies use private proxies to check advertisers’ landing pages anonymously. Or, let’s take travel fare aggregators whose businesses almost entirely depend on private proxies. For travel fare aggregators proxies enable automated data collection of flight company websites, online travel agencies, and other sources without IP blocks or bans.
I develop and manage a small promotional/marketing website on Wordpress for a startup SaaS product. We're using Cloudflare for DNS and whatnot. Apparently the WAF has been turned on which uses a proxy and changes the user's IP address. i'm trying to use IP address to filter "internal" traffic for Google Analytics and the only way this works is with the WAF turned off. If not using the WAF is going to cause any sort of significant risk for my website, then obviously I'll need another way to do my analytics thing. Reading about what all it provides on their website doesn't make it all that clear to me how important it is for a website like this. If anyone who "gets it" had some insight to share, I'd be most appreciative. thx!
You should definitely use the WAF - it will protect your website from many malicious bots and attacks.
Wordpress sites are particularly juicy targets for attackers, for a number of reasons:
The security of a default Wordpress installation is not great.
Every Wordpress site shares common default features, such as the location of the admin login page, the admin username, and other exploitative resources.
Wordpress is extremely popular, and currently used by an estimated third of all websites on the internet.
Wordpress is used by many, many small businesses and hobbyists who do not how to secure their site properly.
Ergo, attackers can very easily scour the web for Wordpress websites that are easily hackable. Other nefarious activities are commonly carried out with ease on most Wordpress sites, such as comment spam or Denial of Service attacks.
What protection does the WAF offer?
Cloudflare and most other high quality WAFs can be configured to protect your site by automatically performing actions like:
Blocking known bad IP addresses.
Blocking bad bots which are automatically making requests to your site.
Limiting high numbers of requests from one source in a short amount of time (usually a sign of a DoS attack or scraping).
Blocking requests from particular countries or locations.
There is no reason why you wouldn't want to enable this protection if you have it available to you, and Cloudflare is the industry leader in this area.
Additionally, I would recommend you research how to better secure your Wordpress site in ways other than just the WAF - e.g. The Ultimate WordPress Security Guide
How to solve the IP address issue
Cloudflare is not changing the user's (the client) IP address, but rather acting as a proxy. As you have noticed, the IP address you're seeing is not the client's own, but one of Cloudflare's. This is crucial to how Cloudflare works to protect your site, but this is a common issue when using any kind of proxy.
To get the correct IP address when using a proxy, you need to check the X-FORWARDED-FOR header. You might see this as a string of comma-separated IP addresses, depending on how many proxies the user has gone through before reaching the site. The first one in the list is the original client IP.
e.g. Here 203.0.113.1 is the client's original IP address:
X-Forwarded-For: 203.0.113.1,198.51.100.101,198.51.100.102
Documentation: How does Cloudflare handle HTTP Request headers?
Anyway, it's good to use a function which can comprehensively check headers and give you the best match for the original client IP, regardless of whether the user is behind a proxy or not, so that you can guarantee it always works.
Here's a very popular StackOverflow question about this:
What is the most accurate way to retrieve a user's correct IP address in PHP?
We're looking to setup some restrictions employees won't have access to social media sites on workstations. However, some workstations needs to have access. One method I've tried was DNS zone, however, I'm not sure how to authenticate for those who needs to have this access. Any solution would be greatly appreciated.
What you are trying to achieve is not possible with DNS, what you are looking for is a proxy server, depending on your environment you can use either Squid Proxy (linux) or Microsoft Internet Security & Acceleration Server (Windows). Each has their own way of restricting access to certain sites based on users and user groups so you would need to review the documentation for the specific site you are after but this should give you a starting point and point you in the right direction.
Currently im trying to make a license server based on ASPNET Web Api.
Basicly the licensed software wont be under my control, hence i need a way to control usage.
I see one problem however, in case the license server responds with json or an statuscode saying a license check is ok, the format could be sniffed on the software location and a service could be created to respond likewise (by changing their dns, so that the hardcoded domain is pointed to their service instead.
Any help in this area is appreciated, as if i recall correct, ssl is only point to point
You could have your application host a wild card DNS record. Meaning an A record that looks something like:
*.foobar 86400 IN A 1.2.3.4
thus requests to the host could include a different host name:
ab34dd8993aedf455c.foobar.mydomain.com
The code in front of the name could be used to authenticate the request based on time/source ip/json in request.
Regards
Frank
I am developing an application in c# that requires the hostname or IP address of a specific Skype user, so that my server infrastructure can establish itself appropriately to the specific customer that one of my employees will be speaking to, over their Skype messaging sessions.
I have done some research over the internet to find these "Skype resolver" services, that can be used for malicious purposes, I assure you that this is not my intention, however, due to the fact that I do not support malicious activity, I would rather build my own method of fetching an IP address by utilising a Skype username, rather than support these malicious organization by using their tools.
So what do I need to do, in order to get these IP addresses from Skype usernames?