Jump to content

illegitimate traffic

ajetrumpet

By ajetrumpet
in PHP Coding Help

 Share

Recommended Posts

ajetrumpet Advanced Member

ajetrumpet

Posted
Posted

I would like to be able to detect, for instance, people who are using the TOR browser when they attempt to log in to one of my sites.  my traffic report globals can already tell me if they are coming from a TOR node, but I would like to reject a login if an onion system or an anonymity browser is being used.  I have only ran into one other site that has the capability of doing this, in terms of talking about forums only, and that is MrExcel: https://www.mrexcel.com/board/

if you try to register an account there with TOR, the page renders and says “we have detected you are trying to use automated queries to register an account”. there are of course, ways to get around that, if you click buttons in a timely manner, so they are not that good. but regardless, the pre-packaged software they bought does the job fairly well.

can anyone offer any help in this regard? I know for a fact that most of the big banks in the USA have this covered, so I know that technology exists to block traffic coming from these sources, but I don’t know if it’s available to the little guy like me.

Link to comment
Share on other sites
ajetrumpet Advanced Member

ajetrumpet

Posted
  • Author
Posted (edited)
29 minutes ago, requinix said:

Is there a particular reason you want to block people from trying to browse the internet anonymously? Not everyone has the kind of freedoms that the western world gets to enjoy.

from what I've heard req, a lot of the world has that ability.  what i'm trying to do here, possibly, is charge for reading the content on one of my sites and not issue a refunds if ''X'' number of pages are viewed.  and I can't do that if I'm detecting a page render with INCLUDE() or REQUIRE() and everytime a render comes through it lists a different TOR exit node, now can I?  If the page requests come from the same ip address, more than likely I can tell its the same person reading the different pages.  I have no idea how fast those onion systems cycle through their nodes, but I would assume it's fairly fast.  so for instance, if 2 pages are read 10 minutes apart from each other more than likely PHP would pick up 2 different IP addresses for those 2 different page visits if someone is using TOR, wouldn't it?

Edited by ajetrumpet
Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted

Wait a minute. Your goal here is to not issue refunds to people who have paid money for use of your site and have used the site enough that you feel they have received their money's worth, right?

We're talking about money here. Aren't you dealing with user accounts to do this? User creates an account, spends money, and gets content?

Link to comment
Share on other sites
ajetrumpet Advanced Member

ajetrumpet

Posted
  • Author
Posted (edited)
2 hours ago, requinix said:

Wait a minute. Your goal here is to not issue refunds to people who have paid money for use of your site and have used the site enough that you feel they have received their money's worth, right?

We're talking about money here. Aren't you dealing with user accounts to do this? User creates an account, spends money, and gets content?

well the site that I'm referring to is not set up yet.  but yes, that's right.  Once content is exposed, you can't let them "unknow" it, now can I?  the reason I mentioned them looking at "a few pages" is simply because after they have done that, they really should not get a refund on their money, but I'm sure I would have to provide proof to them that they were visiting multiple pages.

the money spending has not been set up yet.  that code has yet to be written, if it can even be written at all.  do you have another idea for this?  I'm talking about giving away intellectual property.  Once it's gone, you can not get it back.  so what other choice do I have besides doing things this way?  I was not going to so far as having accounts be required, but I supposed that could solve the TOR browser issue.  There are no accounts really required to view what I've got to show.

Edited by ajetrumpet
Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted
27 minutes ago, ajetrumpet said:

well the site that I'm referring to is not set up yet.  but yes, that's right.  Once content is exposed, you can't let them "unknow" it, now can I?  the reason I mentioned them looking at "a few pages" is simply because after they have done that, they really should not get a refund on their money, but I'm sure I would have to provide proof to them that they were visiting multiple pages.

Get your proof by recording activity according to the user's account, not their IP address. After all, they have to be logged in to see stuff. If the account has been active enough then you don't allow the refund.

Then it doesn't matter whether someone browses with Tor or not. Or whether they browse from home, or the office, or their phone, or anywhere else that there will be a different IP address.

 

Quote

the money spending has not been set up yet.  that code has yet to be written, if it can even be written at all.  do you have another idea for this?  I'm talking about giving away intellectual property.  Once it's gone, you can not get it back.  so what other choice do I have besides doing things this way?  I was not going to so far as having accounts be required, but I supposed that could solve the TOR browser issue.  There are no accounts really required to view what I've got to show.

Give previews of content so that people have some idea what they could get, then charge for full access.

But yeah, there's basically nothing you can do to stop people from copying the content while they have access to it and then using the copies when their access expires or gets cancelled. You can try to spot abuse with scraping, with bad repeat customers, with content sharing, and any other way you can, but ultimately you cannot stop everything. Make it easy for people to get what they want and they'll be less likely to fight the system, then track what they do so you can give yourself some degree of confidence that you're able to detect typical levels of abuse.

Link to comment
Share on other sites
ajetrumpet Advanced Member

ajetrumpet

Posted
  • Author
Posted (edited)

req,

I appreciate your advice.  I will take what you said and see what I can do with it.  If I have issues with it, I will get back to you.  thanks again for your help on this.  sorry it took so long for me to respond here.

Edited by ajetrumpet
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.