Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

How to prevent a VPN user from using my site
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How to prevent a VPN user from using my site

xaitmixaitmi Member
edited October 2016 in Help

So I have a website that people purchase small things from, (Most txns are under $30), and ~ I get $100-150 worth of sales per day.

I've noticed that lately a few people are connected to a VPN while browsing the site, and then they checkout with pp while on VPN and then make a unauthorized charge back right away and win it because paypal sees the "vpn ip" so they automatically believe the user was compromised.

That has happened 3 times this month so far.

Is there something I can integrate into my site so it tells ppl on VPN "You can't access this site while on a VPN".

p.s. this production site is hosted at RamNode. @Nick_A you guys are awesome. :) I upgraded my monthly vps to yearly and also bought a yearly ddos ip a few weeks ago.

Comments

  • blackblack Member

    http://GetIPIntel.net for free proxy / VPN detection, documentation is on the website :)

    Thanked by 1BeardyUnixGuy
  • doghouchdoghouch Member
    edited October 2016

    @xaitmi

    EDIT: @black already mentioned it

    EDIT #2: If you want simple code using PHP or something, a crude example you can put on top of your page is (no guarantees, modify as required, or don't use it at all):

    <?php
$ip = $_SERVER['REMOTE_ADDR']; // change to X_FORWARDED_FOR if reverse proxy, crude demo
if (file_get_contents('http://check.getipintel.net/check.php?ip='. $ip .'&[email protected]&flags=m') == 1) {
die('VPN/proxy detected');
}
?>

    While not perfect, and crude, you COULD check every IP that comes in using http://getipintel.net/ :)

    (or just whitelist EVERY single range from EVERY single ISP in the world) /jks on this one

    Thanked by 1black
  • joepie91joepie91 Member, Patron Provider

    Sounds like you just need to pay for a fraud detection service...

    Thanked by 1BeardyUnixGuy
  • timnboystimnboys Member
    edited October 2016

    @joepie91 said:
    Sounds like you just need to pay for a fraud detection service...

    yep as I already have getipintel.net integrated into my anti fraud module for blesta & whmcs and I can say it has really stopped alot of users that would have chargebacked anyway.

    I would like to thank black for allowing me to use his great api in my anti fraud module.

    and getipintel.net has been very useful at stopping people(I actually like not waking up to a paypal chargeback email lol)

    Thanked by 1black
  • blackblack Member

    timnboys said: yep as I already have getipintel.net integrated into my anti fraud module for blesta & whmcs and I can say it has really stopped alot of users that would have chargebacked anyway.

    I would like to thank black for allowing me to use his great api in my anti fraud module.

    and getipintel.net has been very useful at stopping people(I actually like not waking up to a paypal chargeback email lol)

    Thanks for the kind words, I appreciate it.

Sign In or Register to comment.