We have a registration form where people can sign up to take surveys for a small compensation. Recently we found a lot of suspect entries. I tracked down a site in Chinese that I translated via google and it was basically a "how to" to sign up for these sorts of sites. I've been working to track down a way to automatically filter off the bogus ones since.
The registration has a "captcha" to hopefully block non-humans, but the data being entered is extremely realistic in many cases. The survey is for bartenders and all the fields are filled out using legitimate locations and addresses. The phone numbers may be off, but they could be using a cell and moved into the area. I've been trying to screen by capturing the IP info and country data using the following function:
// this function is necessary since allow_url_fopen is disabled by default in php.ini in PHP >5.
function my_file_get_contents($file_path) {
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $file_path);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 1);
$buffer = curl_exec($ch);
curl_close($ch);
return $buffer;
}
function getInfoFromIP(){
// get correct IP in case of a proxy
if (!empty($_SERVER['HTTP_CLIENT_IP'])){ // shared ip
$real_ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){ // ip is from proxy
$real_ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else{
$real_ip=$_SERVER['REMOTE_ADDR'];
}
//verify the IP address for the
ip2long($real_ip)== -1 || ip2long($real_ip) === false ? trigger_error("Invalid IP Passed: ", E_USER_ERROR) : "";
$ipDetailArray=array(); //initialize a blank array
$ipDetailArray['ip'] = $real_ip; //assign ip number to the array
//get the XML result from hostip.info using custom lookup function
$xml = my_file_get_contents("http://api.hostip.info/?ip=".$real_ip);
//regex to get the country name from <countryName>INFO</countryName>
preg_match("@<countryName>(.*?)</countryName>@si",$xml,$countryInfoArray);
$ipDetailArray['country'] = $countryInfoArray[1]; //assign country name to the array
//get the country name inside the node <countryName> and </countryName>
preg_match("@<countryAbbrev>(.*?)</countryAbbrev>@si",$xml,$ccInfoArray);
$ipDetailArray['country_code'] = $ccInfoArray[1]; //assign country code to array
//return the array containing ip, country and country code
return $ipDetailArray;
}
Then I've been manually checking and removing ones that show up outside of the US (which is where the bar and survey takers must be located to participate). I'm STILL finding lots of suspect ones that are listed with US based IPs (which I'm sure are spoofed).
Not sure if my code is incomplete or if there's a better solution I haven't been able to find. Thanks