I'd like to know how one detects whether a user is using proxy to connect to the server. There are several ideas where you'd save the user's IP in a config, and then geo-check the user's IP everytime they login. But that's not "detecting proxy" at all. Please, no plugin reference.
I guess it is a higher-order thing. So you have to depend on a website for that. Here goes CODE for the future readers. Currently using this for my server. PHP: <?phpnamespace CosmicCore\Tasks\Cosmic;use pocketmine\utils\TextFormat as TF;class VPNCheckTask extends \pocketmine\scheduler\AsyncTask { private $data; public function __construct(array $data) { $this->data = $data; } public function onRun() { $api = "http://legacy.iphub.info/api.php?ip=".$this->data[0]."&showtype=4&[email protected]"; $api = json_decode(file_get_contents($api)); $check = $api->proxy == 1; $msg = TF::GOLD."Please turn your VPN off if you want to continue playing."; $this->setResult([ $check, str_repeat(" ", strlen($msg)/2.25).TF::RED."VPN Detected.".PHP_EOL.$msg, TF::ITALIC.TF::GRAY."Kicked ".TF::AQUA.$this->data[1].TF::GRAY." for using a proxy." ]); } public function onCompletion(\pocketmine\Server $server) { if (($res = $this->getResult())[0]) { $server->getPlayerExact($this->data[1])->kick($res[1], false); foreach (array_keys($server->getOps()->getAll()) as $op) { if ($pl = $server->getPlayer($op)) instanceof \pocketmine\Player) { $pl->sendMessage($res[2]); } } } }} PHP: /*** Check if $player is connected* through a VPN/Proxy/TOR/Hosting.*/public function proxyCheck(Player $player){ Server::getInstance()->getScheduler()->scheduleAsyncTask(new VPNCheckTask([$player->getAddress(), $player->getName()]));}
Could be useful, but without paying for their services you'll have the same limit of 500 API checks / day as VPNGuard, for example. You might want to append '&flags=m' to the query so it only checks static block lists btw, since you only kick if the probability is exactly 1.
500 checks? But there no such limit on the web page. Also, I haven't checked out how VPNGuard managed it. I'll recheck the host page, you do make a point of it not being free tho.
Cool concept; but sadly, legacy.iphub.info seems to have the same problems as the paid provider VPNGuard uses. It's accuracy is so low that a random number generator is probably equivalent. Or a coin toss. I ran legacy.iphub.info past the same sanity checks I used to test VPNGuard's provider. I sent a bunch of known server (legitimate) IP addresses against it. Then I ran a bunch of IP addresses I know belong to VPN services against it. Sadly many of the servers showed up as proxy=1 and many of the VPN service IPs showed as proxy=0. It's accuracy was not better than a coin toss. I don't think an IP blacklist database is really possible for VPN. The VPN providers have to make sure of it or they would quickly be out of business. They must have some way of shifting their blocks around regularly. Beware running above code. You will be kicking a lot of legit players.
I have tested it with 7 different non-proxy IPs and it has worked fine. And no, they don't sell anything. Check again, it's 100% free.
That service does indeed say 'free', but further down you'll see the above. I used one of these for a while, and even paid for it, but it gave too many false positives and false negatives for it to be useful, so I wrote MegaBan and AntiSpamPro which you can find on poggit. I also added PIN codes to SimpleAuth (also on poggit for logged in users) which works with PurePerms to ensure staff don't get hacked by other unscrupulous server owners.
It's worth a try I suppose, and you've got nothing to lose except annoyed players suffering from false-positives... Let us know how you get with it.
I don't send any plugins there anymore because they don't get approved. All i get is a message saying "Fix your namespace". The plugin works just without the "AuthorName\PluginName" thing.
Off-topic... yes the plugin will still work, but you won't learn anything about the importance of namespaces. I had to update several of mine for Poggit too - it's fine using any namespace, commands and permission nodes that you like if you are the only one using the plugin, but when you share it's important to be considerate to other devs and server owners, so you should ensure there won't be conflicts.