Prevent acces from TOR, Opera VPN and etc?

I wrote about "bots" in my previous topic. So these bots or spyes coming from behind VPN's and occupying 2-3 channels on my KiwiSDR for almost 24 hours. I don't want to block any bands because sometimes I scan those freqs too and some users from Ukraine do the same (not behind VPN...), but not for hours. thats not problem for me.

How can I block VPN's?

And another thing, I tried to hide my Kiwi's IP behind Cludflare but through Cloudflare, it stops after a few minutes. It is possible or I can use kiwisdr.com proxy only?

Comments

  • edited October 28

    There are paid services that can very accurately determine whether an IP address belongs to TOR, Opera VPN and etc. There are free services for determining the privacy of IP addresses, however, as I have noticed, they are often wrong. You can use a little javascript. The principle is that the script determines whether the IP address belongs to TOR, Opera VPN, etc. If so, a warning will be displayed and the user will be kicked after a certain amount of time. However, this will not work for non-Kiwi apps. There are also ways to bypass any additional (and built-in) javascripts by the user.

    <script type="text/javascript">
    setTimeout(function(){
    	var time_limit = 120;
    	function httpGet(theUrl)
    	{
      var xmlHttp = new XMLHttpRequest();
      xmlHttp.open( "GET", theUrl, false ); // false for synchronous request
      xmlHttp.send( null );
      return xmlHttp.responseText;
    	}
    ip_test = httpGet("http://ip-api.com/json/?fields=proxy");
    if ((ip_test.indexOf("true")) > 0 && (ip_test.indexOf("proxy")) > 0 )  
      {
      alert("Sorry. VPN or proxi is not support. Set time limit " + time_limit + " seconds.");
        setTimeout(() => document.location.href = "http://kiwisdr.com/", time_limit * 1000);
      }
    }, 5000);
    </script>
    
  • edited October 29

    I have responded to you by email. The script for blocking TOR is very simple. The TOR project itself gives out what needs to be blocked. Blocking a VPN will be more difficult. That is, it will be the eternal addition of new subnets. It is advisable to check whois that we add. Well, you need a skill. By whois it is not always clear whether it is a VPN or not. You can use other people's lists compiled by someone unknown, if such exist. But I decided to make my own.

    Opera vpn uses the following ranges: 77.111.244.0/24 77.111.245.0/24 77.111.246.0/24 77.111.247.0/24.

  • edited November 3

    I changed the javascript a little. Now the https://vpnapi.io/ service is used. This is a free service for determining VPN, proxy, etc. However, registration on https://vpnapi.io/ is required. After registration, you will receive a personal API key, which must be added to this javascript. What does it give? Firstly, you can make 1000 requests per day, and secondly, you can see the statistics of the number of connections to your receiver on this site. To prevent anyone from seeing your personal API key, you must use obusfication of your script. This will "confuse" Javascript and make it difficult for a human to understand, but it will not affect its execution. For obfuscator, you can use the online service https://www.obfuscator.io/ . Use the "String Array Encoding" option to hide text strings. Just in case, I will say that no javascript added to the "Additional HTML/Javascript for HTML" field will not be able to damage your KiwiSDR. You can always remove it.

    https://www.youtube.com/shorts/IAraJ5lXUAo


  • And will it work? The cunning "spy" will simply cut out this script locally. You need to adapt this script on the server side.

  • edited November 3

    Oh sure. Javascript is completely executed on the client side and user can do whatever he wants with it. Fixing the software part of the server is very difficult for me! I only offered simple options for KiwiSDR owners. Perhaps @jks will use it to adapt the server side.


    The problem is that the IP address is determined on the client side and passed to the server side. It will not be difficult for a cunning "spy" to replace it during transfering.

    No. This is probably not true. On the client side, only geolocation is determined.

Sign In or Register to comment.