Get reports on Real IP

Today login Nine seconds community http://www.9miao.com/forgotten the user name and password, tried 5 times did not log in successfully, the site pop-up prompt 15 minutes before you can log in again. I wonder how it determines the number of users login, at this time the user has not logged in successfully, access to UserID, then also is the background do not know "who is the person who is the login?" (After clearing the localstorage, it is also prompted to log in after 15 minutes, of course I do not clear cookies, nine seconds of the site will not do so). All I can think of is based on IP to determine the number of logins, and then want to use proxy server to muddle through, there is the following experiment.

Nine seconds is able to obtain the user IP through the transparent server, so to use the anonymous/high-stealth proxy server to skip the "15 minutes after the logon" level, the fact proves this.

Program code

1<?PHP2     //Real IP3      functionGetIP () {4         $unknown= ' Unknown ';5         if(isset($_server[' Http_x_forwarded_for ']) &&$_server[' Http_x_forwarded_for '] &&strcasecmp($_server[' Http_x_forwarded_for '],$unknown)) {6             $ip=$_server[' Http_x_forwarded_for '];7         }8         ElseIf(isset($_server[' REMOTE_ADDR ']) &&$_server[' REMOTE_ADDR '] &&strcasecmp($_server[' REMOTE_ADDR '],$unknown)) {9             $ip=$_server[' REMOTE_ADDR '];Ten         } One         /** A handling multi-tier proxies - or use regular mode: $ip = Preg_match ("/[\d\.") {7,15}/", $ip, $matches)? $matches [0]: $unknown;  -         ***/ the         if(false!==Strpos($ip, ‘,‘)){$ip=Reset(Explode(‘,‘,$ip)); } -         return $ip; -     }  -     EchoGetIP (); +?>

Lab 1: No proxy server is used
http://ip.chinaz.com/is displayed as "You are from: 219.147.15.232 area: Shandong Province Qingdao Telecom"
http://ip.cn/display results are "current ip:219.147.15.232 from: Shandong Province Qingdao Telecom"
The result of http://www.ip138.com/is "native ip:219.147.15.232 Qingdao Telecom in Shandong province"
The program code shows that the result is 219.147.15.232

Conclusion: The program code correctly obtains the user host IP

Lab 2: with 36.250.69.4:80 transparent proxy Server
http://ip.chinaz.com/is displayed as "You are from: 219.147.15.232 area: Shandong Province Qingdao Telecom"
http://ip.cn/display results are "current ip:36.250.69.4 from: Xiamen, Fujian Province, China Unicom"
http://www.ip138.com/display result is "Your IP is: [36.250.69.4] From: Fujian Province Xiamen Unicom"
The program code shows that the result is 219.147.15.232

Conclusion: The program code can obtain the real IP of the user through the transparent proxy server (or ip.chinaz.com more professional)

Lab 3: using 61.135.217.10:80 anonymous proxy server in case
http://ip.chinaz.com/The result is "you are from: 61.135.217.10 area: Beijing unicom Internet Data Center"
http://ip.cn/display results are "current ip:61.135.217.10 from: Beijing Unicom"
http://www.ip138.com/display result is "Your IP is: [61.135.217.10] From: Beijing Beijing Unicom"
The program code shows that the result is 61.135.217.10

Conclusion: can the program code obtain the user's real IP through the anonymous proxy server ?

Lab 4: Using the 1.69.186.141:8888 high-Stealth proxy server
http://ip.chinaz.com/is displayed as "You are from: 1.69.186.141 area: Shanxi Province G"
http://ip.cn/display results are "current ip:1.69.186.141 from: Shanxi Province Yuncheng Telecom"
http://www.ip138.com/display result is "Your IP is: [1.69.186.141] From: Shanxi Province Yuncheng Telecommunications"
The program code shows that the result is 1.69.186.141

Conclusion: The program code can get the real IP of the user through the high stealth Proxy server .

Summarize:

$_server["REMOTE_ADDR" is often used in PHP get client IP.
(1) However, if the client is accessed using a proxy server, the IP address of the proxy server is taken, not the real client IP address. To get the real IP address of the client through the proxy server, it is necessary to use $_server["http_x_forwarded_for" to read.
(2) But only if the client uses "Transparent proxy", the value of $_server["Http_x_forwarded_for" is the real IP of the client (if it is a multilayer proxy, the value may be composed of the client's real IP and the IP of multiple proxy servers, by commas "," Separated).
(3) and in the case of "anonymous proxy", "high anonymity" is the IP value of the proxy server (if it is a multi-tier proxy, the value may consist of multiple proxy IP, separated by a comma ",").

Extended:

If you divide from the level of hidden use proxy users, the agent can be divided into three kinds, namely the highly anonymous proxy, the ordinary anonymous proxy and the transparent proxy.
(1) The highly anonymous proxy does not change the client's request, so that the server looks like there is a real customer browser to access it, when the customer's real IP is hidden, the server does not think we use the proxy.
(2) Ordinary anonymous agent can hide the real IP of the client, but will change our request information, the server side may think we use the agent. However, when using this kind of agent, although the website visited does not know your IP address, but can still know that you are using agents, of course, some can detect IP pages can still find your IP.
(3) Transparent proxy, which not only changes our request information, but also transmits the real IP address.
The three hidden levels of the use of proxy identity are highly anonymous proxy most covert, followed by ordinary anonymous proxy, the worst is transparent proxy.

Get reports on Real IP