FirehawkCash

I created a paid to click website, and users are only allowed to have one account per household. I blocked it where users can't have more than one account on the same ip. Now my question is, how do I prevent a user from using a proxy server to cheat the system? Any information would be helpful... thanks!

Guaranteed Visitors

saschakimmel

You could check the remote ip against a list of open proxies you can find on the internet or actually try to connect to the remote ip on port 3128, 8080 or even 80 (common proxy ports) and check if you can retrieve a URL through the server although this is not a good practice because if the remote IP is NOT a proxy their firewall will either block the access or warn them that your site tried to "attack" you.

I'd favor the first suggestion although it's not 100% safe depending on the proxy list you're using.

Or you could use this service - although it's not cheap:
IP2Proxy IP-Country Database [PX1]

** Get my ViralListMachine software now for free and build your own list virally by giving away free stuff @ http://www.virallistmachinegiveaway.com **

customertools

I've got a friend who ran a site like yours, the only way he was able to make sure that multiple people where not using the site was to force them to install an internet explorer toolbar which got the windows product ID, mac address, and CPU information (if not turned off). And check against others information. but that was not 100% safe either. And by doing this he limited his customers to Windows users and users of IE, but he keep his fraud level down using this.


-Brad

Ultimate Keyword Tool - Create HUGE Targeted Keyword Lists In Minutes Not Hours Or Days. $7 seven day trial.

FirehawkCash

Could you please explain on how to do this? Thanks

Guaranteed Visitors

saschakimmel

Just search for "open proxy list" on Google
open proxy list - Google Search

** Get my ViralListMachine software now for free and build your own list virally by giving away free stuff @ http://www.virallistmachinegiveaway.com **

DanPE

Logic flaw here. One IP <> One household. Most ISPs have dynamic IP allocation, if you tie the account to IP your user will not be able to log in after he reconnects.

lisag

Not 100% foolproof, but read up on this: Geolocation by IP Address

Compare the return values against known user data, add a bit of fuzzy logic, and take it from there.

-- Lisa G

FirehawkCash

This is only on registration

Guaranteed Visitors

jamespitt

Why don't you do a phone registration as well - force them to use a phone number to register. It'd be easy to hook into an asterisk box to do that & it's a bit more painful to get a new phone number than a new ip.

DanPE

It would be kind of weird to have to call halfway around the world to register on a site, wouldn't it?

FirehawkCash

nobody would sign up if you had to verify by phone.

Guaranteed Visitors

mywebwork

Of course a flaw in the logic here is that the statement 1 residence = 1 IP Address isn't necessarily true.

One IP Address in a corporate environment can be shared among hundreds of users. And in a DSL or dial-up situation the same IP address may get recycled among different users. In both cases using an IP Address to limit sign-ups could block legitimate users from using your service.

Not really sure what the best solution here is, schemes that involve using a cookie to identify legitimate users aren't foolproof and even MAC address doesn't get around the issue of one household having multiple computers.

Bill

elenana

Why don't you try to use the proxy detection to detect the IP addresses?

You can take a look at the free web service from Ip2Proxy | FraudLabs Credit Card Fraud Prevention - Live Demo .

I used it for online fraud checking purpose. I hope it works for yours.