Get real IP Address

[php-beginner]

Hello guys,

 

I have been searching on the internet for articles that shows me how to get the real IP address when they are behind a proxy. But after some reading it seems that this is not completely possible. Correct me if I'm wrong.

 

So what is the best thing to do? Because I have seen different methodes and I'm not sure which one is the best.

 

http://www.laughing-buddha.net/php/lib/remoteip

[flyhoney]

If a user is behind a proxy, the only way for you to get their IP is if the proxy explicitly forwards that information to you.  There is a convention for proxies to pass that information a long in an X-Forwarded-For header.  Reverse proxies like Varnish can do that.

 

 

[php-beginner]

Thankyou for your reply.

 

But what can I do to prevent this as much as possible? Or do I only use $_SERVER['REMOTE_ADDR']?

[cssfreakie]

it depends on what you want with that info really. You can't prevent it for everyone. But that's the same as with security, it's never 100% waterproof.

[php-beginner]

I don't want users to registrate themself twice on the same address.

[php-beginner]

Isn't there anyone that has dealed with this before? I'd like to know which method is best for this problem. Any good tutorials?

[mens]

Proxies aren't meant to be detected, well not the ones people will use to create multiple accounts on your website.

The short and simple answer to this, is: Forget it, there is no way you will be able retrieve the "real" IP address of someone behind an anonymous proxy.

 

If they had malicious intent, you can contact the proxy administrator and request the originating IP address. This still may not be the real IP address.

[php-beginner]

Ok, thankyou for your explanation. Then I will only check if they already have registrated with the same IP. And if they still want to make multiple accounts by using a proxy, then so be it.

[mens]

I'm sorry if I sounded harsh about it, but many, many people ask about this topic.

 

What I said may not be 100% correct, as there are methods to blocking proxies themselves, but lists aren't 100% accurate, though they are your best bet.

I'd suggest looking into something like DNSBL, which is a list of know spammers/offenders.

[cssfreakie]

I agree with Mens,

 

Say for instance you live in a house with 30 students and you all have the same ip-address, If you only allow 1 you miss 29 potential customers.

If you want to block certain content, or automated bots. use other methods like captcha,