Stop Proxy Servers

[crimsonmoon]

I run a site where I don't allow my users to have multiple accounts. I watch out for this via pulling the IP address from PHP. Well I now have users using proxy server sites like this: http://freeproxyserver.net/  To get by my tracking methods.

Is there anything I can do to stop them from using these sites. Is there a list of proxy server IP's I could just block?

What does everyone else do?

If you IP Banned someone they could just go to one of these sites and they are back in.

[jvrothjr]

Banning some one based on IP is not the best there is no true way to stop anyone from getting back in based on IP. For me I have cable modem connection and all i have to do to reset my IP is shut it down and restart it and I will get a new IP.
Plus the user can just go to another location and get back in...... you maybe able to Ban by Mac ID on the network card.  but this will lock that card out.

[.josh]

You can't get a mac address of someone unless you were local to them. The mac address is put into the IP packet at the 2nd level of the OSI model, its a physical address... once you go out through a router the mac address of the reported packet is changed, and is changed each and every time.. think of the mac as a "Return" address. You send out a packet and it goes across the country, and goes through 5 routers, the mac address on the packet will change each and every time it goes through a router, where the IP address won't. It's a type of routing code that the routers use to identify where the packet came from and where to send a response to.

[crimsonmoon]

So pretty much there's no way to keep someone who causes trouble off my site.

[redarrow]

what is the code you use see what the url is from the client.

[corbin]

Dont some proxies send something about being a proxy in a header?  I dont remember where i read that though so I'm probably wrong...

[Crimpage]

That would kind of defeat the purpose of using these proxies to hide / manipulate your IP Address... There is never a solid way to keep someone out of your website. There is always a way to pretend that you are someone else...

I'm not sure what your website does or how far people will go to create a new account, but here are a couple of things you could implement:
Log the IP address: You might as well, now with broadband and static IP addresses being more common, this is still a good start.

Require email verification / account activation: A lot of people only try to break / crack things because the oportunity is there. If you make a couple of extra hoops that they have to jump through to get it, some will just not bother... like me :)

Random character validation: You know the thing where is shows you 6 or so random characters so that you have to enter it in to stop people using programs that will automatically fill in forms etc... again, just another hoop.