Guide

Block VPN, proxy & Tor at signup

Add a lightweight risk check to signup, trials, or checkout using the anonymisation flags.

1. Check the flags for the user's IP

import requests

def risky(ip):
    d = requests.get("https://ipquery.info/api", params={
        "apiKey": "YOUR_API_KEY", "ip": ip,
    }).json()[0]
    return d.get("is_vpn") or d.get("is_proxy") or d.get("is_tor_exit_node") or d.get("is_cloud")

2. Decide what to do

Rather than hard-blocking, many teams add friction for risky IPs — require email verification, a card pre-auth, or a CAPTCHA. is_proxy is true when is_vpn or is_tor_exit_node is; is_cloud (with cloud_provider) flags datacentre traffic that's rarely a real consumer. is_spam reflects Spamhaus DROP/eDROP listings.

3. Log the decision

Pass a tag like signup-risk so you can see the volume of flagged traffic on your Statistics dashboard over time.