_SERVER vars are already strings, don't need to typecast them.

Also you may wanna use regex instead of strpos in the '// ban certain IPs' loop. It will be slower (microseconds slower) but more accurate. E.g. banned ip is '192.168', will ban '*.*.192.168' and '*.192.168.*' and '192.168.*.*'. Using regex you can say it starts with that, not just contains it. Example: '#^192.168#'

The code is fine though really. But it won't help in detecting most proxies since there is no real efficient way to do that.

Also 'ip' is a unique field in the table so you don't need a while loop. Just one call of mysql_fetch_assoc will do.