How to detect if a user tries to access my web service using proxies/vpn?
I believe this question is covered as the problem is straightforward. But, as I am building a web service from scratch, I'd like to have some advice on how to do it better.
Let's say my web service gives some bonus tokens to any new user when they click a button "Get my bonus". As they can collect and transfer these tokens to each other, it can be lucrative for them to switch between vpn or proxy servers, register as new users and get all the tokens in order to move them all to one account.
I suppose there is no 100% working solution as they can clean cookies, and keep no sign between multiple attempts to get tokens. But, as these tokens build the economy of the web app, I'd like to prevent this behaviour, at least to some degree.
How can I approximately detect these ways of cheating?
