DrZork101
asked on
Fraud in php click counter
Hi,
I am creating a click counter using a php script so i can log the amount of clicks to a certain url. I need to know this so I can bill my advertisiers.
However, I am aware that one of the main problems with cost per click campaigns is fraud.
I intend to use the $_SERVER['REMOTE_ADDR'] to get the ip address of the 'clicker' & use this to separate unique clicks.
- Is this an acceptable method?
- How can IP addresses be faked?
- What other methods of fraud prevention can i use?
Thanks
I am creating a click counter using a php script so i can log the amount of clicks to a certain url. I need to know this so I can bill my advertisiers.
However, I am aware that one of the main problems with cost per click campaigns is fraud.
I intend to use the $_SERVER['REMOTE_ADDR'] to get the ip address of the 'clicker' & use this to separate unique clicks.
- Is this an acceptable method?
- How can IP addresses be faked?
- What other methods of fraud prevention can i use?
Thanks
ASKER
Hi,
Thanks for this code.
The added protection of the session cookie is good, however is it possible to write your own cookies?
Also is it possible to spoof your IP?
I just want to know where the security holes live even if it very difficult to plug them.
Thanks
Thanks for this code.
The added protection of the session cookie is good, however is it possible to write your own cookies?
Also is it possible to spoof your IP?
I just want to know where the security holes live even if it very difficult to plug them.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks that looks good!
In relation to my other questions - can IP addresses be spoofed?
Also is there any chance of sql injection via the cookie? I assume not because of just using the isset
Thanks,
Julian
In relation to my other questions - can IP addresses be spoofed?
Also is there any chance of sql injection via the cookie? I assume not because of just using the isset
Thanks,
Julian
IP can be faked through proxys ;)
And my code doesn't have any SQL injection holes... cause it uses isset() instead of if();
So the code is secure from SQL injections through cookie.
Hope I helped you!
And my code doesn't have any SQL injection holes... cause it uses isset() instead of if();
So the code is secure from SQL injections through cookie.
Hope I helped you!
ASKER
Ok cool, I realise that nothing is trulely secure!
Is there anything I can do to detect proxy ips - charateristics of web request, patterns, blacklists etc?
Thanks
Is there anything I can do to detect proxy ips - charateristics of web request, patterns, blacklists etc?
Thanks
I'm afraid there isn't a way to detect proxies, cause they are made to cheat us. So they are created identically like a user is surfing through original IP. Maybe you should try using getenv();
Look here => http://php.net/manual/en/function.getenv.php
and here's the example of the code => http://forums.digitalpoint.com/showthread.php?t=58964
Look here => http://php.net/manual/en/function.getenv.php
and here's the example of the code => http://forums.digitalpoint.com/showthread.php?t=58964
ASKER
OK great i will give all of this a go, thanks for all the help!
in the database, make a table "counter" with two fields... "ip" and "date".
Then, here's the code for counting:
Open in new window