E
E
En1ken2016-12-06 20:39:15
PHP
En1ken, 2016-12-06 20:39:15

How can a user be identified on the site?

Hello.
Actually such here a task. A very bad person got into the habit of one of our projects, which brings a lot of problems, to be more precise, on the website of the online store, it blocks all invoices that are issued in orders, more specifically qiwi invoices.
So I would like to know HOW you can put a certain label on it so that we can immediately know that it is he who will visit the site, I’ll say right away that he uses 4 different browsers, cleans the cache and cookies, he also sometimes uses the tor browser, but he has javascript support is enabled in browsers.
The site itself is written in php^ but unfortunately the experience does not allow to implement any solution to protect against such people, it uses proxy anonymizers to hide the real ip address.
I hope there are specialists here who can help, even ready on a financial basis, since he has already brought a lot of trouble!

Answer the question

In order to leave comments, you need to log in

5 answer(s)
I
Inter Carpenter, 2016-12-06
@Byrger

Read about Evercookie

A
Alexander Aksentiev, 2016-12-06
@Sanasol

What does it mean to block accounts?
TOR can be reversed using php and find out its availability.
Otherwise, there is no acceptance against scrap.
Ban all known IP addresses, that's all.

O
Oleg, 2016-12-06
@politon

It is necessary not on it, but to see how it is generally possible to access the processing of invoices from outside.
See logs. where does he go.
If interested, contacts in profile.

A
AdrianBlair, 2016-12-06
@AdrianBlair

As for Tor and VPN, there is a hopeless situation here, you can only notify the user about the limited functionality of actions (If it is Tor, you need to determine the browser by user agent, in the case of VPN, you need a list of all known ports) ... But ordinary users can be sent to another page. An example of a user who enters "unauthorized actions" went to the site example.com , at the beginning you check it "for lice" (look for an IP in your list) if there is a match, send it to the site google.comif not, the user continues to browse the site. Look up the blacklist for your CMS. In either situation, you will lose a lot of potential customers, as some providers do not give each user a unique IP, or a small percentage of your current customers have been using VPN and the Tor browser for a long time.

D
Dimonchik, 2016-12-06
@dimonchik2013

En1ken , to be honest, have you already been cheated with bitcoin or something else?
if you can't make e-mail - phone required for identification, how do you even work?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question