I have been running a public forum (no registration required) with over 50,000
visits per day. Lot of Trolls and bad / advertising posts etc from other sites
and individuals.
-> It was small initially and I used to track the IPs and ban them manually to
put them within a database and Posting script checked the IP ban list before
anyone can post.
-> By the time, it grew and I started monitoring {HTTP:Forwarded-For} and
{HTTP:X-Forwarded-For}as well to filter out trolls.
-> later I also tried mod_rewrite,
# Ban anonymous proxy requests
RewriteCond %{HTTP:Via} !^$ [OR]
RewriteCond %{HTTP_FORWARDED} !^$ [OR]
RewriteCond %{HTTP:X-Forwarded} !^$
RewriteCond %{HTTP:Client-IP} ^$
RewriteCond %{HTTP:Forwarded-For} ^$
RewriteCond %{HTTP:X-Forwarded-For} ^$
RewriteRule .* /cgi-local/not_allowed.pl [L]
Now the problem is that Trolls are STILL coming through, I track those IPs and
matched a couple of those as "Elite Proxies" (http://www.samair.ru/proxy/).
Elite Proxy -> HTTP Servers of this type do not send HTTP_X_FORWARDED_FOR,
HTTP_VIA and HTTP_PROXY_CONNECTION variables. Host doesn't even know you are
using proxy server an of course it doesn't know your IP address.
Now the question is how to get these Elite Proxies filtered out? Another thing
that I want to ask is that when I used these Elite Proxies myself to access
Yahoo or Google, they immediately tracked it and gave the error "405 - Resource
Not Allowed". It means that there is some way to detect it or it's because of
https? If SSL can deal with this issue I am ready to go for it but just need to
confirm or alternative solution to it before I make my move.
Thanks for any help.
Sara.
