Edit:
In a separate issue, I noticed in one of the logs:
Basic Proxy Detection: Proxy Headers Found: $_SERVER[HTTP_PROXY_CONNECTION]: Keep-Alive
Is that server variable not being parsed, or is that correct?
That is correct, that is the proxy header that was detect. The bot is using a proxy, and it's a traparent proxy...
Most bot proxys will be detected as:
Possibly Forged IP Address, ReverseDNSIP (somehostname) != ipAddress (xxx.xxx.xxx.xxx)
Or
Possibly Forged IP Address, ipAddress (xxx.xxx.xxx.xxx) == ReverseDNS (xxx.xxx.xxx.xxx)
These 2 methods seem to pick up about 70% of the bot proxies.... and these are often Anonym / High Anonym (not transparent)
For the transparent proxies, I check the header for the following:
'HTTP_VIA', 'HTTP_X_FORWARDED_FOR', 'HTTP_FORWARDED_FOR', 'HTTP_X_FORWARDED',
'HTTP_FORWARDED', 'HTTP_CLIENT_IP', 'HTTP_FORWARDED_FOR_IP', 'VIA',
'X_FORWARDED_FOR', 'FORWARDED_FOR', 'X_FORWARDED', 'FORWARDED',
'CLIENT_IP', 'FORWARDED_FOR_IP', 'HTTP_PROXY_CONNECTION'
If any of the transparents are found, I list them and let you know with the following string:
Proxy Headers Found: $_SERVER['header_index_name']: header value
In your case
Basic Proxy Detection: Proxy Headers Found: $_SERVER[HTTP_PROXY_CONNECTION]: Keep-Alive
The transparent proxies are fairly rare (they kind of defeat the object of using a proxy, since they are easy to detect), but every now and then one pops up. They're almost always free and available, so if a bot user wants to cut corners and not spend any more money / uses a bad list of proxies then sometimes they use transparent proxies (often without realising)
The $_SERVER is not a variable, that's here on purpose, since "HTTP_PROXY_CONNECTION" is a $_SERVER index, and "Keep-Alive" is its value
About the hidden fields that can be tabbed, since you mentioned there is only 3 of them, how about an option for setting these 3 on and off?
That's a fair point, I could add this as an option.. I'll look at doing this next (within the next 5 days)