Link to home
Start Free TrialLog in
Avatar of DrZork101
DrZork101

asked on

Fraud in php click counter

Hi,

I am creating a click counter using a php script so i can log the amount of clicks to a certain url. I need to know this so I can bill my advertisiers.

However, I am aware that one of the main problems with cost per click campaigns is fraud.

I intend to use the $_SERVER['REMOTE_ADDR'] to get the ip address of the 'clicker' & use this to separate unique clicks.

- Is this an acceptable method?
- How can IP addresses be faked?
- What other methods of fraud prevention can i use?

Thanks
Avatar of V4nP3rs13
V4nP3rs13
Flag of Bosnia and Herzegovina image
Here's is the code... you will have to combine it with mysql database and use session to secure your counter against frauds. This visitor is visiting one ip and one session for 24hours. You can also use high IP protection buy using substr(); with the if() to make it more secure.

in the database, make a table "counter" with two fields... "ip" and "date".

Then, here's the code for counting:
<?php
$ip = $_SERVER["REMOTE_ADDR"];
$date = date("d-m-Y");

if((mysql_num_rows(mysql_query("SELECT * FROM counter WHERE ip = '$ip' AND date = '$date'")) == 0) && (!isset($_COOKIE["visitor"]))) {
  mysql_query("INSERT INTO counter VALUES('$ip', '$date')");
  setcookie("visitor","online", time()+3600*24);
}

/* THEN YOU CAN DISPLAY THE AMMOUNT OF VISITORS WITH
echo mysql_num_rows(mysql_query("SELECT * FROM visitors"));
AND THAT WILL DISPLAY THE AMMOUNT OF VISITORS ALL THE TIME */

?>

Open in new window

Avatar of DrZork101
DrZork101

ASKER

Hi,

Thanks for this code.

The added protection of the session cookie is good, however is it possible to write your own cookies?

Also is it possible to spoof your IP?

I just want to know where the security holes live even if it very difficult to plug them.

Thanks

ASKER CERTIFIED SOLUTION
Avatar of V4nP3rs13
V4nP3rs13
Flag of Bosnia and Herzegovina image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of DrZork101
DrZork101

ASKER

Thanks that looks good!

In relation to my other questions - can IP addresses be spoofed?

Also is there any chance of sql injection via the cookie? I assume not because of just using the isset

Thanks,

Julian
Avatar of V4nP3rs13
V4nP3rs13
Flag of Bosnia and Herzegovina image
IP can be faked through proxys ;)

And my code doesn't have any SQL injection holes... cause it uses isset() instead of if();

So the code is secure from SQL injections through cookie.

Hope I helped you!
Avatar of DrZork101
DrZork101

ASKER

Ok cool, I realise that nothing is trulely secure!

Is there anything I can do to detect proxy ips - charateristics of web request, patterns, blacklists etc?

Thanks
Avatar of V4nP3rs13
V4nP3rs13
Flag of Bosnia and Herzegovina image
I'm afraid there isn't a way to detect proxies, cause they are made to cheat us. So they are created identically like a user is surfing through original IP. Maybe you should try using getenv();

Look here => http://php.net/manual/en/function.getenv.php

and here's the example of the code => http://forums.digitalpoint.com/showthread.php?t=58964
Avatar of DrZork101
DrZork101

ASKER

OK great i will give all of this a go, thanks for all the help!