DEV Community: Camila Morales

Using Node.js to check for proxy and VPN with IP2Location.io geolocation API

Camila Morales — Thu, 30 Nov 2023 02:21:27 +0000

Intro

Node.js is a popular backend JavaScript runtime environment. It allows developers to run JavaScript codes outside of browsers via the V8 JavaScript engine. There are many packages available for use with Node.js and they can be installed using npm which is the Node Package Manager. One of the useful packages is the IP2Location.io Node.js SDK. This easy-to-use package is a wrapper for the IP2Location.io API that allows developers to query IP geolocation data for a given IP address. In addition, it also can tell the user whether that IP address belongs to a proxy server and if so, what kind of proxy server.

Popular uses for geolocation data

As Node.js can also be used to power websites, having this ability to query IP geolocation is very important. Websites need to be protected against online attackers and by using the IP2Location.io Node.js SDK, it is easy to block attackers by country, region, city and so forth. Marketing folks also perform sales analysis using geolocation to determine how promotional efforts are faring by region. Online stores frequently incorporate IP geolocation for online orders to validate if the user’s billing or shipping address matches the IP geolocation country. There are many uses for geolocation data and using the IP2Location.io API via the Node.js SDK allows developers to quickly leverage the real-time geolocation to accomplish their tasks.

Detecting proxy servers like VPN or residential proxies

Virtual Private Network (VPN) servers are a type of proxy server. Along with residential proxies, they are used to hide one’s identity when surfing on websites. The proxy servers act as middlemen to relay requests from the user to the website and vice-versa. As far as the website knows, the proxy server is the end user. The main difference between VPN and residential proxy is that the VPN server is usually located inside a data center while the residential proxy is running on a home user’s computer. Detecting proxy servers like VPN or residential proxies is effortless when using the IP2Location.io Node.js SDK.

Why is detecting proxies important?

Website operators need to be able to tell if someone is browsing their website while using a VPN or a residential proxy. Aside from privacy reasons, proxy servers are also commonly used by fraudsters to get up to no good. For example, fraudsters will mask their online presence using a VPN when they want to buy things online using a stolen credit card. If the merchant can tell that their IP address is coming from a VPN server, then they have the option to block the order, thereby preventing possible fraud. Same goes for when someone is using a residential proxy. Residential proxies, being home computers, are notoriously hard to label as a proxy. After all, the home user could also be surfing the web using that computer in addition to proxying external traffic. Fortunately, the IP2Location.io API can show if the user is using a residential proxy.

Let’s see how to query geolocation and proxy with the IP2Location.io Node.js SDK

First of all, make sure you have an IP2Location.io API key as the SDK will require that to function. If you don’t have one, just head to IP2Location.io to get the free API plan. For basic geolocation data, the free API plan is more than sufficient. You will also need to have Node.js and npm installed. We won’t cover that in this article. Refer to https://nodejs.org/en/download for installation steps.

Create your project first

First of all, create a folder called test_project and navigate into that folder using the command line. Then create a blank file called test.mjs where we will store our testing code.

Installing the IP2Location.io Node.js SDK

Run the below command to install the IP2Location.io Node.js SDK into the test_project folder.
npm install ip2location-io-nodejs

Sample code to query IP2Location.io

We’ll use the sample code from https://ip2location-io-nodejs.readthedocs.io/en/latest/quickstart.html#installation for our testing.

Copy & paste the below code into the test.mjs file and edit the code to put in your IP2Location.io API key. Then save the file.

import ip2locationio from "ip2location-io-nodejs";
// Configures IP2Location.io API key
let mykey = "YOUR_API_KEY";
let config = new ip2locationio.Configuration(mykey);
let ipl = new ip2locationio.IPGeolocation(config);
let myip = "8.8.8.8";
let lang = "en"; // language parameter is only available for Plus and Security plans
// Lookup ip address geolocation data
ipl.lookup(myip, lang)
  .then((data) => {
    // print the data in json format
    console.log(data)
  })
  .catch((error) => {
    // print the error
    console.log(error)
  });

Run the below command to execute the script and retrieve geolocation & proxy data for the 8.8.8.8 IP address.
node test.mjs

Please note that we are using the Security plan for our API key. Hence, you’ll see all available data fields including proxy details in the results below. You will see less fields if you’re not subscribed to the Security plan.

{
  ip: '8.8.8.8',
  country_code: 'US',
  country_name: 'United States of America',
  region_name: 'California',
  city_name: 'Mountain View',
  latitude: 37.38605,
  longitude: -122.08385,
  zip_code: '94035',
  time_zone: '-08:00',
  asn: '15169',
  as: 'Google LLC',
  isp: 'Google LLC',
  domain: 'google.com',
  net_speed: 'T1',
  idd_code: '1',
  area_code: '650',
  weather_station_code: 'USCA0746',
  weather_station_name: 'Mountain View',
  mcc: '-',
  mnc: '-',
  mobile_brand: '-',
  elevation: 32,
  usage_type: 'DCH',
  address_type: 'Anycast',
  continent: {
    name: 'North America',
    code: 'NA',
    hemisphere: [ 'north', 'west' ],
    translation: { lang: 'en', value: 'North America' }
  },
  district: 'Santa Clara County',
  country: {
    name: 'United States of America',
    alpha3_code: 'USA',
    numeric_code: 840,
    demonym: 'Americans',
    flag: 'https://cdn.ip2location.io/assets/img/flags/us.png',
    capital: 'Washington, D.C.',
    total_area: 9826675,
    population: 331002651,
    currency: { code: 'USD', name: 'United States Dollar', symbol: '$' },
    language: { code: 'EN', name: 'English' },
    tld: 'us',
    translation: { lang: 'en', value: 'United States of America' }
  },
  region: {
    name: 'California',
    code: 'US-CA',
    translation: { lang: 'en', value: 'California' }
  },
  city: {
    name: 'Mountain View',
    translation: { lang: 'en', value: 'Mountain View' }
  },
  time_zone_info: {
    olson: 'America/Los_Angeles',
    current_time: '2023-11-21T22:43:22-08:00',
    gmt_offset: -28800,
    is_dst: false,
    sunrise: '06:55',
    sunset: '16:53'
  },
  geotargeting: { metro: '807' },
  ads_category: 'IAB19-11',
  ads_category_name: 'Data Centers',
  is_proxy: false,
  proxy: {
    last_seen: 21,
    proxy_type: 'DCH',
    threat: '-',
    provider: '-',
    is_vpn: false,
    is_tor: false,
    is_data_center: true,
    is_public_proxy: false,
    is_web_proxy: false,
    is_web_crawler: false,
    is_residential_proxy: false,
    is_spammer: false,
    is_scanner: false,
    is_botnet: false
  }
}

If you want the geolocation details, you can get all the details from the top-level fields.
E.g.
console.log(data.country_code); console.log(data.region_name); console.log(data.city_name);

To access the proxy detection results, the proxy field contains all the relevant proxy details.

Specifically, for detecting VPN and residential proxies, your code can check the data.proxy.is_vpn and the data.proxy.is_residential_proxy fields.
E.g.
console.log(data.proxy.is_vpn); console.log(data.proxy.is_residential_proxy);

If either is true, then you can decide if you wish to block that user or not.

Conclusion

Being able to integrate IP geolocation and proxy data into your website or program in real-time is very useful. These data are key in maintaining security, performing analytics, for regulatory compliance and so much more. Using the IP2Location.io Node.js SDK makes it easy to quickly introduce such features within your own codes.

4 simple tips to prevent a website from being overloaded

Camila Morales — Tue, 25 Jul 2023 05:43:29 +0000

Operating an online store comes with its own set of challenges. E-commerce websites require careful planning, execution, and ongoing management to be successful.

Ensuring your website can handle high traffic and maintain optimal performance is crucial for providing a positive user experience. As with any business, visitor numbers can increase dramatically during sales or promotions. What this means is your website will come under severe load due to the spike in visitor traffic. Without proper mitigation strategies, a website can become overwhelmed with traffic and eventually crash or become inaccessible.

When that happens, the online merchant will lose money for every second that the web server is down. Potential customers will be unable to browse for your products and make purchases. In addition to this legitimate spike in web visitors, websites also often come under attack by bots or scripts. This is known as a Distributed Denial of Service (DDoS) which is perpetrated by hackers or malicious organizations to disrupt your business.

Let's see why overloading happens.

High Traffic Volume: A sudden surge in visitors, especially during marketing campaigns or viral events, can overload the server's capacity to handle requests.

Insufficient Resources: Inadequate server resources, such as CPU, memory, or bandwidth, can lead to performance degradation and eventual crash under heavy load.

Inefficient Code: Poorly optimized code and database queries can cause excessive server load and slow down the website.

DDoS Attacks: Malicious actors may launch DDoS attacks to flood the website with an overwhelming amount of traffic, effectively bringing it down.

Here are some strategies you can implement:

Using a CDN to cache static objects

One of the easiest ways to relieve the stress put on your website during heavy traffic is just to use Content Delivery Network (CDN). A CDN is a network of servers that caches content from an origin server and serves them to the end users. Static objects like images are the most common items to cache via a CDN.

How it works is pretty simple. Someone visits a website and the page uses images that are hosted on the CDN servers. When the image is requested from the nearest CDN server and the image is not found, it is then requested from the origin server, i.e., your website, and stored in that CDN server. Since there is now a copy of the images on the CDN server, any subsequent visitors to the page will now just request the images from the CDN, not your website.

An online store has potentially hundreds or thousands of images of products, so using a CDN will take a huge load off your web server. Your website bandwidth usage will also be reduced greatly with the use of a CDN.

Consider the use of auto-scaling instances

Having just one server to host your website is a pretty outdated concept. Not only is that prone to outages due to heavy traffic, you run the risk of server hardware failure. As we’ve mentioned above, an inaccessible website, whatever the reason, means loss of revenue for the online store.

If the current infrastructure of your website revolves around a single physical server, then consider using a Cloud Hosting Provider such as Amazon Web Services (AWS), Microsoft Azure or Google Cloud. These cloud providers have virtual machines which can automatically scale out based on your website traffic load. More instances of the virtual machines will be spawned as the website traffic grows, ensuring that every website visitor is able to use the website.

With minor changes to your website codes, you can soon be free of worrying about whether your website can withstand a large crowd of online shoppers.

Implement rate-limiting by IP or user agent

This technique is more for alleviating automated attacks by bots or scripts. Operate a website long enough and someone will come along to try to attack it. Common reasons for these sorts of attacks are to brute force login credentials or to scrape content from the website.

When they use only a small subsets of IP addresses or user agents, then this is a suitable mitigation to counter the attacks. Web servers like Apache and Nginx have the ability to block IPs or user agent.

If you’re worried about accidentally blocking legitimate users, then implement rate-limiting instead of blocking. For example, real users will not hit a login page many times within a short period of time, hence rate-limiting will useful here.

Block rotating proxy servers

When the attacks come via specific IP addresses, it is easy to block. Unfortunately, attackers can employ the use of rotating proxy servers to hit the website. This means every request to the website will be using a different IP address. Traditionally, there is no way to block such attacks without blocking real users.

However, there are some IP address solution provider has the ability to detect residential proxy servers which are commonly used by rotating proxy server providers. In IP2Location, the IP2Proxy proxy detection database contains RES proxy types which are the residential proxies. Just query the IP2Proxy data and block the IPs.

Conclusion

There are many other techniques but we’ve selected those that are easy to implement so your website can operate optimally. Implement the above and you can rest easy that your website can keep making money instead of losing money.

Guide to use IP2Location.io PHP SDK in Symfony

Camila Morales — Tue, 13 Jun 2023 04:44:01 +0000

Symfony is a PHP web application framework that is free to use and open-source. It was designed to help in speeding up the web application creation, design and maintenance. It comes with a set of reusable PHP components to help developers in developing web application, for example, form handling and database access. This modularity allows developers to use only the components they need, making the application lightweight and efficient. To add more functionality to the web application, developers also install community created and maintained PHP components.

These community created and maintained PHP components are typically open-source. The source codes are easily found on platforms such as GitHub or GitLab. Those components usually have been published to the Packagist repository. Developers can install them through the most popular PHP package manager called Composer.

In this tutorial, we are going to guide you on how to use IP2Location.io PHP SDK in Symfony to retrieve and display geolocation information, and page redirection by the visitor’s IP address. IP2Location.io PHP SDK is a PHP package that allows users to retrieve a set of geolocation information for an IP address. The information includes country, region, district, city, latitude, longitude, ZIP code, time zone, ASN, ISP, domain, net speed, IDD code, area code, weather station data, MNC, MCC, mobile brand, elevation, usage type, address type, advertisement category and proxy data. The component supports both IPv4 and IPv6 lookup.

Before we get started, please make sure that you have properly installed and set up Symfony and Composer. The IP2Location.io PHP SDK requires an API key to function, just sign up a free API key and you are good to go. Do note that the continent, country, region and city translations are only available in the Plus and Security plans.

Displaying Geolocation Information

First of all, if you have not installed the IP2Location.io PHP SDK, you can run the following command in the console to do so:
composer require ip2location/ip2location-io-php
After that, create a controller file called GeolocationController.php in your symfony_project_root_directory/src/Controller/. Open the file in any text editor.
Paste the following content into the file:

<?php
namespace App\Controller;

use Symfony\Component\HttpFoundation\Response;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;

class GeolocationController extends AbstractController
{
    #[Route('/geolocation', name: 'geolocation')]
    public function display(): Response
    {
        // Configures IP2Location.io API key
        $config = new \IP2LocationIO\Configuration('YOUR_API_KEY');
        $ip2locationio = new \IP2LocationIO\IPGeolocation($config);
        try {
            // Lookup IP address geolocation data
            $result = $ip2locationio->lookup('8.8.8.8');
            // $result->is_proxy = ($result->is_proxy) ? 'TRUE' : 'FALSE';
            $result_response = 'IP Address           : ' . $result->ip . "<br>";
            $result_response .= 'Country Code         : ' . $result->country_code . "<br>";
            $result_response .= 'Country Name         : ' . $result->country_name . "<br>";
            $result_response .= 'Region Name          : ' . $result->region_name . "<br>";
            $result_response .= 'City Name            : ' . $result->city_name . "<br>";
            $result_response .= 'City Latitude        : ' . $result->latitude . "<br>";
            $result_response .= 'City Longitude       : ' . $result->longitude . "<br>";
            $result_response .= 'ZIP Code             : ' . $result->zip_code . "<br>";
            $result_response .= 'Time Zone            : ' . $result->time_zone . "<br>";
            $result_response .= 'ASN                  : ' . $result->asn . "<br>";
            $result_response .= 'AS                   : ' . $result->as . "<br>";
            $result_response .= 'Is Proxy             : ' . (($result->is_proxy) ? 'TRUE' : 'FALSE') . "<br>";
            $result_response .= 'ISP Name             : ' . ($result->isp ?? 'FIELD NOT SUPPORTED') . "<br>";
            $result_response .= 'Domain Name          : ' . ($result->domain ?? 'FIELD NOT SUPPORTED') . "<br>";
            $result_response .= 'Net Speed            : ' . ($result->net_speend ?? 'FIELD NOT SUPPORTED') . "<br>";
            $result_response .= 'IDD Code             : ' . ($result->idd_code ?? 'FIELD NOT SUPPORTED') . "<br>";
            $result_response .= 'Area Code            : ' . ($result->area_code ?? 'FIELD NOT SUPPORTED') . "<br>";
            $result_response .= 'Weather Station Code : ' . ($result->weather_station_code ?? 'FIELD NOT SUPPORTED') . "<br>";
            $result_response .= 'Weather Station Name : ' . ($result->weather_station_name ?? 'FIELD NOT SUPPORTED') . "<br>";
            $result_response .= 'MCC                  : ' . ($result->mcc ?? 'FIELD NOT SUPPORTED') . "<br>";
            $result_response .= 'MNC                  : ' . ($result->mnc ?? 'FIELD NOT SUPPORTED') . "<br>";
            $result_response .= 'Mobile Carrier       : ' . ($result->mobile_brand ?? 'FIELD NOT SUPPORTED') . "<br>";
            $result_response .= 'Elevation            : ' . ($result->elevation ?? 'FIELD NOT SUPPORTED') . "<br>";
            $result_response .= 'Usage Type           : ' . ($result->usage_type ?? 'FIELD NOT SUPPORTED') . "<br>";
            $result_response .= 'Address Type         : ' . ($result->address_type ?? 'FIELD NOT SUPPORTED') . "<br>";
            $result_response .= 'Category Code        : ' . ($result->ads_category ?? 'FIELD NOT SUPPORTED') . "<br>";
            $result_response .= 'Category Name        : ' . ($result->ads_category_name ?? 'FIELD NOT SUPPORTED') . "<br>";
            $result_response .= 'District Name        : ' . ($result->district ?? 'FIELD NOT SUPPORTED') . "<br>";

            if (isset($result->continent)) {
                $result_response .= 'Continent Name        : ' . $result->continent->name . "<br>";
                $result_response .= 'Continent Code        : ' . $result->continent->code . "<br>";
                $result_response .= 'Continent Hemisphere  : ' . (implode(", ", $result->continent->hemisphere)) . "<br>";
                $result_response .= 'Continent Translation : ' . $result->continent->translation->value . ' (' . $result->continent->translation->lang . ')' . "<br>";
            }

            if (isset($result->country)) {
                $result_response .= 'Country Name          : ' . $result->country->name . "<br>";
                $result_response .= 'Country Alpha 3 Code  : ' . $result->country->alpha3_code . "<br>";
                $result_response .= 'Country Numeric Code  : ' . $result->country->numeric_code . "<br>";
                $result_response .= 'Country Demonym       : ' . $result->country->demonym . "<br>";
                $result_response .= 'Country Flag          : ' . $result->country->flag . "<br>";
                $result_response .= 'Country Capital       : ' . $result->country->capital . "<br>";
                $result_response .= 'Country Total Area    : ' . $result->country->total_area . "<br>";
                $result_response .= 'Country Population    : ' . $result->country->population . "<br>";
                $result_response .= 'Country Currency Code : ' . $result->country->currency->code . "<br>";
                $result_response .= 'Country Currency Name : ' . $result->country->currency->name . ' (' . $result->country->currency->symbol . ')' . "<br>";
                $result_response .= 'Country Language      : ' . $result->country->language->name . ' (' . $result->country->language->code . ')' . "<br>";
                $result_response .= 'Country TLD           : ' . $result->country->tld . "<br>";
                $result_response .= 'Country Translation   : ' . $result->country->translation->value . ' (' . $result->country->translation->lang . ')' . "<br>";
            }

            if (isset($result->region)) {
                $result_response .= 'Region Name        : ' . $result->region->name . "<br>";
                $result_response .= 'Region Code        : ' . $result->region->code . "<br>";
                $result_response .= 'Region Translation : ' . $result->region->translation->value . ' (' . $result->region->translation->lang . ')' . "<br>";
            }

            if (isset($result->city)) {
                $result_response .= 'City Name        : ' . $result->city->name . "<br>";
                $result_response .= 'City Translation : ' . $result->city->translation->value . ' (' . $result->city->translation->lang . ')' . "<br>";
            }

            if (isset($result->time_zone_info)) {
                $result_response .= 'Olson Time Zone : ' . $result->time_zone_info->olson . "<br>";
                $result_response .= 'Current Time    : ' . $result->time_zone_info->current_time . "<br>";
                $result_response .= 'GMT Offset      : ' . $result->time_zone_info->gmt_offset . "<br>";
                $result_response .= 'Is DST          : ' . (($result->time_zone_info->is_dst)) ? 'TRUE' : 'FALSE' . "<br>";
                $result_response .= 'Sunrise Time    : ' . $result->time_zone_info->sunrise . "<br>";
                $result_response .= 'Sunset Time     : ' . $result->time_zone_info->sunset . "<br>";
            }

            if (isset($result->geotargeting)) {
                $result_response .= 'Metro Code : ' . $result->geotargeting->metro . "<br>";
            }

            if (isset($result->proxy)) {
                $result_response .= 'Proxy Last Seen : ' . $result->proxy->last_seen . "<br>";
                $result_response .= 'Proxy Type      : ' . $result->proxy->proxy_type . "<br>";
                $result_response .= 'Proxy Threat    : ' . $result->proxy->threat . "<br>";
                $result_response .= 'Proxy Provider  : ' . $result->proxy->provider . "<br>";
            }
            return new Response(
                '<html><body>' .$result_response. '</body></html>'
            );
        } catch(\Exception $e) {
            $error_message = $e->getCode() . ": " . $e->getMessage();
            return new Response(
                '<html><body>' .$error_message. '</body></html>'
            );
        }
    }
}

Next, open the routes.yaml file located at your symfony_project_root_directory/config/ in any text editor, and paste the following contents in a new line:
geolocation: path: /geolocation controller: App\Controller\GeolocationController::display
Enter the URL /geolocation and run. You should be able to see the information of 8.8.8.8 IP address.

Redirecting user based on its geolocation

First of all, if you have not installed the IP2Location.io PHP SDK, you can run the following command in the console to do so:
composer require ip2location/ip2location-io-php
Open your controller file in any text editor.
Add the following line before the Class:
use Symfony\Component\HttpFoundation\Request;
Add the following contents in the Class:

public function display(Request $request): Response
    {

        /**
         * @Route("/")
         */

         $ip = $request->getClientIp();

        // Configures IP2Location.io API key
        $config = new \IP2LocationIO\Configuration('YOUR_API_KEY');
        $ip2locationio = new \IP2LocationIO\IPGeolocation($config);
        $result = $ip2locationio->lookup($ip);

        if ($result->country_code == 'US') {
            return $this->redirect('/');
        }
    }

Next, open the routes.yaml, and paste the following contents (You can replace the “test” according to your case): test: path: /test controller: App\Controller\TestController::display

To conclude, you should be able to do an IP geolocation lookup and redirection using the IP2Location.io PHP SDK in the Symfony framework. You can make use of the geolocation information to identify the visitor’s geographical information. Besides, you can also make a proper redirection based on the visitor’s geolocation.

[PHP SDK] IP geolocation, proxy detection and WHOIS lookup

Camila Morales — Tue, 23 May 2023 07:48:26 +0000

The IP2Location IO PHP SDK is an all-in-one solution that encapsulates the implementation of IP2Location, IP2Proxy, and IP2WHOIS services into a unified SDK.

This IP2Location IO PHP SDK bundled with pre-built libraries of IP address lookup services, such as geolocation data lookup, proxy detection, and WHOIS information that help developers streamline development. This ready-to-use modules is designed to be developer-friendly that accelerate development and helps developers to reduce the amount of code when integrating the SDK into their projects.

Of course, some of the developers may still prefer to to write from scratch or use the REST API directly. In this case, you may visit IP2Location.io website to check on the REST API documentation. You are free to choose which approach best suits your needs.

Below I am going to show you the steps to install the SDK and perform the API calling in a PHP page. To start, please make sure you have PHP and Composer pre-installed in your environment. I will skip the steps to install PHP and Composer, but you may visit the respective sites to learn more.

Step 1: Install IP2Location IO PHP SDK

At your project root directory, run the below command:

composer require ip2location/ip2location-io-php

The above command will install IP2Location IO PHP into your project. If you have not installed any modules previously using Composer, you should notice that the composer.json, composer.lock, and a vendor folder will be created in your directory.

Step 2: Create a PHP test file and write the codes

Create a test file named test.php. Open the file with your preferred text editor, and write the below codes:

<?php
 require "vendor/autoload.php";

 $config = new \IP2LocationIO\Configuration('YOUR_API_KEY');
 $ip2locationio = new IP2LocationIO\IPGeolocation($config);

 // Lookup ip address geolocation data
 try{
            $result = $ip2locationio->lookup('8.8.8.8');
            print_r($result);
 }
 catch (Exception $e){
            die ("Error found: " . $e->getMessage());
 }

The IP2Location IO requires an API key to work. You may sign up for a free plan and see the difference it can make in your workflow.

What the above code did is to instantiate an IP2LocationIO object that you could use for the geolocation lookup. In the above example, the input IP address is 8.8.8.8. Look at the result below.

stdClass Object
(
    [ip] => 8.8.8.8
    [country_code] => US
    [country_name] => United States of America
    [region_name] => California
    [city_name] => Mountain View
    [latitude] => 37.405992
    [longitude] => -122.078515
    [zip_code] => 94043
    [time_zone] => -08:00
    [asn] => 15169
    [as] => Google LLC
    [is_proxy] =>
)

The structure of the returned object depend on your subscribed plan. The example above is for the Free plan. If you subscribe to a higher plan, you will receive more detailed information, such as usage type, mobile data, ISP, domain, district, ASN, and more.

As shown in the above example, IP2Location and IP2Proxy information are returned together in a single lookup call, which helps to minimize coding overhead and reduces the need to make multiple calls. To check if a given IP address is a proxy, simply look at the “is_proxy” field, which will return either “True” or “False”. If you require additional information on the proxy, such as its type, provider, and so on, you may need to subscribe to a higher plan.

In addition to the IP2Location and IP2Proxy information, this SDK also includes the ability to query IP2WHOIS data. The IP2WHOIS domain lookup is also available in the Free plan for up to 500 lookups per month. Let’s look at the example of an IP2WHOIS domain lookup below:

$domainwhois = new IP2LocationIO\DomainWhois($config);

 // Lookup domain information
 try{
  $result = $domainwhois->lookup('locaproxy.com');
  print_r($result);
 }
 catch (Exception $e){
  die ("Error found: " . $e->getMessage());
 }

The above code will instantiate a DomainWhois object and later will lookup for the domain information of locaproxy.com. Below is the example of the results returned.

In addition to the above lookup function, the SDK also provide several useful functions such as

Convert Normal Text to Punycode
Convert Punycode to Normal Text
Get Domain Name from an URL
Get Domain Extension from an URL

Overall, the IP2Location IO PHP SDK provides a comprehensive solution for IP address lookup, geolocation, proxy detection, and WHOIS domain information. With this unified SDK, developers can easily integrate IP2Location IP geolocation services into their projects, and improve their efficiency and productivity. The SDK is available on Composer, making it easy to install and use. Additionally, the IP2Location IO website provides comprehensive documentation for the REST API to facilitate integration into projects, so developers can choose which approach best suits their needs.

How to Spot Fraud and What Next?

Camila Morales — Wed, 01 Mar 2023 02:49:42 +0000

Fraud is becoming a growing concern in our society, affecting individuals, businesses, and even entire economies. According to Statista, e-commerce losses to online payment fraud is estimated to hit 48 billion U.S. dollars in 2023. It is important to be vigilant and actively spot fraud in order to protect yourself from financial loss.

Criminals employ a wide range of deceptive practices to attain some unauthorized benefits for themselves or others, be it money, goods, or confidential information. The goal is ultimately to directly or indirectly enrich themselves financially.

In this article, we will explore what is fraud, who are the targeted victims, how to spot fraud and steps after discovering fraud. Whether you are a business owner, consumer, or simply concerned about the increasing prevalence of fraud, this article will provide valuable insights and information to help you stay informed and protected.

What is fraud?

Frauds can be classified into either offline or online frauds. Online frauds refer to fraudulent activities that are carried out using the internet and digital technologies. These include:

Phishing scams, where individuals are tricked into giving up their personal information or passwords.
E-commerce fraud, where someone’s credit card information is stolen during an online transaction.
Other forms of online fraud include lottery scams, investment scams, and Ponzi schemes.

Meanwhile, offline frauds refer to fraudulent activities that are not carried out using digital technologies. Some examples of offline frauds:

Impersonation fraud, where someone pretends to be someone else to obtain money or sensitive information.
Credit card fraud, where a criminal uses a stolen or forged credit card at a physical store.
Identity theft, where someone uses someone else’s personal information for unauthorized purposes.

Who are the targeted fraud victims?

Fraud victims can come from all walks of life and can include individuals, businesses, and even entire communities.

Consumers can be victims of fraud through scams, such as phishing or phone scams, or through identity theft, where their personal information is stolen and used for fraudulent purposes.

Small businesses can be particularly vulnerable to fraud, as they may have less resources to detect and prevent it. Common forms of fraud affecting small businesses include payment fraud, and invoicing fraud. If the business accepts credit card payments, then chargeback fraud is one of the major concerns for them as it has been increasing year by year.

Older individuals can be more susceptible to fraud, as they may be more trusting and less familiar with modern technology, making them targets for scams and identity theft. Social isolation and loneliness can also make them more susceptible to fraud, as they may be more likely to engage with strangers who reach out to them.

Investors can be victims of securities fraud, Ponzi schemes, or other investment scams, where they are promised high returns but ultimately lose their money.

How to spot fraud (for merchant/business owner)

Hackers and fraudsters are skilled at concealing their activities. Keep an eye for the red flags below:

First-time customers using free email address or disposable email address.
Web visitors using anonymous proxy or VPN.
Bigger than average order amounts.
Large quantity of the same product.
Shipping orders to multiple locations.
Shipping address and billing address are not the same.
Several credit cards used from the same IP address.
Many transactions in a short amount of time.
Blacklisted IP address, email address, credit card or device.

Steps after discovering fraud (for merchant/business owner/consumers)

Secure the evidence: Once fraud is discovered, it is important to secure all evidence related to the fraud, such as documents, emails, and computer files. The evidence may be needed for investigation, legal proceedings, or disciplinary actions.
Report the fraud: Report the fraud to the appropriate authority, such as the fraud department of your organization, law enforcement, or regulatory agencies. Reporting fraud is critical to protect your organization and prevent similar incidents in the future.
Investigate the fraud: Investigate the fraud to determine the scope of the problem and identify the individuals involved. Depending on the nature and complexity of the fraud, you may need to engage an outside investigation firm or legal counsel to assist you.
Notify affected parties: Notify any affected parties, such as customers or vendors, about the fraud and any potential impacts on them. Be transparent and provide them with any necessary information or assistance.
Take corrective action: Take corrective action to address the fraud and prevent it from happening again. This may include tightening controls, implementing new policies and procedures, or taking disciplinary action against individuals involved in the fraud.
Monitor for future fraud: Monitor your systems and processes to detect any future instances of fraud. This may involve enhanced monitoring and reporting mechanisms, employee training and awareness programs, and regular risk assessments.

Steps that can be taken to help mitigate future fraud and losses

With the rise of cyber crime, it is more important than ever to develop strategies to spot fraud and prevent financial losses.

Educate yourself and your employees: Make sure that you and your employees are aware of the different types of fraud and how they can be prevented. Provide training and resources to help identify potential scams and fraudulent activities.
Secure your systems and data: Implement robust security measures to protect your systems and data from cyber-attacks. These can include firewalls, antivirus software, and encryption.
Monitor financial transactions: Keep a close eye on financial transactions, including bank statements and credit card bills, to quickly identify any unauthorized transactions.
Verify identity and credentials: When dealing with new customers, vendors, or employees, verify their identity and credentials to prevent impostors from gaining access to sensitive information. In addition, utilizing advanced analytics and data mining techniques can help businesses spot fraud in real-time and prevent financial losses.
Use background checks: Conduct background checks on potential employees, vendors, and partners to identify any red flags or potential risks.
Develop and enforce policies: Develop clear policies and procedures for handling sensitive information and financial transactions, and enforce them consistently to minimize the risk of fraud.
Stay informed: Keep up to date with the latest fraud trends and techniques, and be aware of any new regulations or laws related to fraud prevention. Businesses may implement fraud detection software and tools that can help to identify and prevent fraudulent activities.

Conclusion

Fraud is constantly evolving with new innovations in technology. This has enabled fraudsters to become more adept at bypassing security and screening tools. Fighting fraud is a difficult and challenging task to accomplish. With the right tools though, fraud mitigation is a possibility.

It’s important to note that spotting fraud is only the first step. Everyone should beware of the risks and to take steps to protect themselves. Learn to mitigate the risk of fraud and minimize the potential losses associated with it.

Payment gateway worldwide

Camila Morales — Mon, 20 Feb 2023 07:01:13 +0000

Ever bought anything from a website? Wondered how the website actually accepts payment? All the payment related functionality in a website is thanks to the payment gateway. Payment gateway is a merchant service that authorizes credit card or other forms of payments on behalf of the merchant. This 3rd party service enables merchants to easily integrate e-commerce into their websites by accepting online payments in a secure fashion. According to Grand View Research, the global payment gateway market size was valued at USD 22.09 billion in 2021.

How does it works?

Let’s take a look at how websites process online payments using the payment platform. To start, the buyer needs to select their desired items and add them to a virtual shopping cart. Once they are done with their shopping, they can go into their cart and then perform a checkout.

Usually, at this point of the process, the buyer is prompted to key in their credit card details or select e-wallets for payment. For credit card payments, the buyer will have to key in their card number, card verification value (CVV) and expiry date.

Existing customers may be asked to select their payment methods like saved credit card. Upon submission, the payment info is sent to the payment processing gateway. In the case of credit card payments, the payment gateway will contact the card issuing bank to authenticate the card details. If the bank approves the transaction, then the payment merchant will indicate to the website that payment has been transferred to the merchant and completes the order. On the other hand, if the bank rejects the transaction, it will inform the website which will then prompt the buyer to try another credit card.

The above process is just a generalization of how the online payment is processed. However, payment merchants can be classified into 2 types; hosted and non-hosted payment gateway. Depending on the type, the payment processing flow may differ slightly.

Hosted payment gateway

With a hosted payment gateway, the customer is redirected to the payment merchant’s website upon checkout. The customer will have to key in all their credit card info into the hosted payment gateway website.

If the payment transaction went through successfully, then the customer will be redirected back to the shopping website to complete their order. However, if the payment transaction was unsuccessful, the customer will see a payment declined message after being redirected back to the shopping website. In that case, the website may prompt the user to key in another credit card to reattempt payment.

Small e-commerce sites prefer this type of gateway as it is easier to setup and integrate into their website. In addition, all sensitive data is keyed in directly into the payment gateway website which means customers can rest assured the credit card info is being handled in a secure manner. For example, the PayPal is commonly used in this manner.

Non-hosted payment gateway

E-commerce sites that prefer to customize their payment process will opt for a non-hosted payment gateway. Integrating with the payment gateway in this manner entails calling Application Programming Interfaces (APIs) provided by the gateway. The web developer for the e-commerce sites can programmatically call the gateway APIs inside their own website codes.

From the customer’s point of view, they are never redirected to a 3rd party website for payment. That means it is a more seamless checkout process for the buyer vs. the process for the hosted payment gateway. Customers feel more comfortable with this form of checkout and are less likely to abort their purchases.

Besides that, merchants can customize the payment page design as well as collect customer data for future marketing purposes. An example of a non-hosted payment gateway provider is Stripe.

The relationship between payment gateway and chargebacks

A chargeback is a dispute between a customer and a merchant over a payment transaction. Chargebacks occur when a customer disputes a charge on their credit card statement and requests that the payment be reversed. Chargebacks can be initiated for a variety of reasons, such as fraud, unauthorized transactions, or a dispute over the quality or delivery of goods or services. The relationship between payment gateways and chargebacks is that payment gateways are often used to help merchants manage and prevent chargebacks.

In recent years, the advancement of artificial intelligence and machine learning has helped to enhance the payment processing system and add additional services including fraud screening, address verification and card verification. It definitely helps merchants to reduce the risks of credit card fraud and reduce the likelihood of fraudulent transactions that might result in chargebacks. Additionally, payment gateways may offer chargeback management tools to help merchants respond to chargebacks and provide evidence to support their case.

Conclusion

In summary, payment gateways are a critical component in eCommerce and online payment industries for managing payment transactions. It doesn’t matter which type of payment processing gateway is employed by the e-commerce website as long as it provides a scalable system with basic security measures to authenticate any customer’s card details. Ultimately, it’s up to the website developers to make that happen.