Jump to content

PHP Contact Form Capture IP Real/Source IP address behind Proxy

dingi

By dingi
in PHP Coding Help

 Share

Recommended Posts

dingi Newbie

dingi

Posted
Posted

I have a working Contact form in PHP that sends IP address of the visitor along with the user filled data via email. The "form.php" has this code:

$ip = ($_SERVER['X_FORWARDED_FOR']) ? $_SERVER

['X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];The "form.php" calls "processor.php" on submit. But the above code only shows the Proxy IP address. I myself tested it by using free proxy server (proxy4free dot com) and the form result showed only the Proxy IP address. How to get the real or source IP address. Since I  don't know PHP etc... I am in need of help from this forum. I am receiving several mails that are suspicious. I have CAPTCHA also in my form. Please help me. Thank you.

 

Link to comment
Share on other sites
oni-kun Member

oni-kun

Posted
Posted

Thank you for your answer. But in future there we should find some solution to get the real IP.

 

That code you posted only works for proxies which display that header, such as SQUID or a business/govt/school proxy so they can differentiate the origin IP. A web proxy will do the HTTP requests theirselves, For anonymity I doubt they'd ever send a *_FOR HTTP header.

 

What do you mean in the future? It's impossible, Unproxied Java may be able to display their true IP (as the http proxy only proxies http requests, Not Java's engine's requests) but not many proxies will let you run plugins, so that's scrapped.

 

You're stuck unless you check the proxy's hostname, and block them /treat them as less if required.

Link to comment
Share on other sites
dingi Newbie

dingi

Posted
  • Author
Posted

 

That code you posted only works for proxies which display that header, such as SQUID or a business/govt/school proxy so they can differentiate the origin IP. A web proxy will do the HTTP requests theirselves, For anonymity I doubt they'd ever send a *_FOR HTTP header.

 

What do you mean in the future? It's impossible, Unproxied Java may be able to display their true IP (as the http proxy only proxies http requests, Not Java's engine's requests) but not many proxies will let you run plugins, so that's scrapped.

 

You're stuck unless you check the proxy's hostname, and block them /treat them as less if required.

Thanks a lot in making me into the right concept about this topic "Web Proxy" and now I am very much clear from your explanation. What I meant "Future" is, if there is any loop hole to track the Real IP behind a web proxy it would be nice. But now its clear that, it is impossible as explained by you. But please help me to check the proxy's host name to block them or treat them less if required as you said. What code has to be inserted to check the host name. Can you please post it here? Thanks again.

Link to comment
Share on other sites
oni-kun Member

oni-kun

Posted
Posted

Thanks a lot in making me into the right concept about this topic "Web Proxy" and now I am very much clear from your explanation. What I meant "Future" is, if there is any loop hole to track the Real IP behind a web proxy it would be nice. But now its clear that, it is impossible as explained by you. But please help me to check the proxy's host name to block them or treat them less if required as you said. What code has to be inserted to check the host name. Can you please post it here? Thanks again.

 

You'd simply get the host name of the currently browsing user:

$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);

 

Then you may run a check on it, But again, It is proxied through a site. And there are hundreds of thousands of proxy sites, so you may want to block the main ones, for example:

 

if(stripos($hostname, 'hidemyass.com')) {
  die(); //Display a message about not allowing proxies, or just terminate the script
}

echo "If you can see this text, you are not on a proxy!";

 

Of course you need to research and place in many of the host names of various proxies, but this is pretty much the only absolute method of being able to detect transparent web proxies.

Link to comment
Share on other sites
  • 2 weeks later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.