Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Recommended Posts

Posted

Hi there!

I just finally got this to sort of work...not really....

 

My ip get's block even though it's on my whilelist.txt file. I deleted the entire content of the whitelist.text file because otherwise I never got to be blocked!!! I tried removing the IP address with only 3 parts (as suggested on earlier posts) and that did not work. So i tried deleting everything and it sort of work.

 

The only way I don't get blocked out is when I removed my ip from the ip trapped text file and get the whilelist text files with only the IP's with 4 parts on it. Like this then I don't think the script works as when I type mysite.com/store/personal/ it goes back to mysite.com/store/index.php

 

Any suggestions as how this is suppose to be working as it should be?

Posted

I installed the trap (changing the name of "personal" to "admin") and was getting redirected to the index page too. I tried changing the file names to all lowercase as suggested by Jörg, but now have an Internal Server Error 500. I deleted the whitelist.txt file but that didn't have any effect.

 

Please help.

  • 3 weeks later...
Posted

Hi all

 

I have installed this add-on as I think it would revolutionise our website and its recent problem.

 

I am working with OSCommerce 2.3.1 on XAMPP set up. I have followed the instructions v.v. carefully and when someone visits the now admin file, they get the blocked page, but The IP Address displays as ::1 on both page and email.

 

Also the Whitelist and banned_IP numbers do not record anything therefore the website can still be accessed.

 

Please advise what I am doing wrong. I noticed in the instructions you have

 

If you want to prevent snoopers from viewing your files in banned folder add

the following to your .HTACCESS file

 

But no code is listed. It just goes straight onto the stop those bots and scammers section

 

Please advise.

Debbie Harrison

 

  • 2 months later...
Posted

I am about to install this addon to my osc 2.3.1 webshop, but there's a question I have;

Could it be that search engines and/or crawlers IP addresses are also getting banned when indexing my page? I'm about to go live and announce it to some search engines, but ofcourse I would not have things like Google be banned from my site ;)

 

And also, why are there a ton of IP addresses in the whitelist.txt already in the version I just downloaded?

 

And one more thing about the install.txt from the addon, I see this:

 

@@@@@@@@@@@@@@@@@@@@@@@@@@@

 

If you want to prevent snoopers from viewing your files in banned folder add

the following to your .HTACCESS file

 

 

Trap those bots and snoopers!

-----------------------------

 

But there's no text or anything there to put in my .htaccess

Posted (edited)

No worries, got this one working like a charm now! Thanks for the contri :thumbsup:

 

I made some little twists to make it work:

 

- changed the file names of IP_Trapped and Whitelist without caps and set chmod permissions for ip_trapped to 664

 

- in .htaccess in the /banned/ directory I wrote some extra security like:

<Files .htaccess>

order allow,deny

deny from all

</Files>

<Files ip_trapped.txt>

order allow,deny

deny from all

</Files>

<Files whitelist.txt>

order allow,deny

deny from all

</Files>

 

- added 999.999.999.9999 to the cleared whitelist (what were those IPs doing there?), otherwise my own IP wouldn't get recognized (I think because of a lack of an hard Enter in the list)

 

 

Now I've got this working all I have left to do is change the folder name /personal/ to /admin/ and alter this in my robot.txt

Edited by ShopAdminNL
  • 1 month later...
Posted

Hi

Fimble,

 

thank you very much for your addon,

I had install it and it test ok

 

but now I am in the black list,

I had add the IP into white list and update it

but it is still block me

 

I think maybe this is what you said a dynamic IP and need to

add code to .HTACCESS file to combat it.

 

Can you please help me to add code .HTACCESS file?

 

Sorry I haven't read through the forum and post first!

 

thanks

 

lyn

Posted

continue the questions I had:

 

I did not receive email and I check the index.php file and make sure I put the right email address (still didn't receive anything though)

 

if I change the admin folder, when I try to login, say www.mysite.com/newadmin/login.php it just say page can not be found

 

any suggestions?

 

Thanks!

 

lyn

  • 4 months later...
Posted (edited)

Hi all, I just installed this IP trap and I'm getting this warning, any idea what I am doing wrong? :

 

ip-test.jpg

post-304837-0-87001600-1349275618_thumb.jpg

Edited by croth
  • 2 weeks later...
Posted

Thanks for this great contrib!

 

I'm now looking forward to trap the first one and had an idea while waiting.

How about if I add to the ip_trapped.txt some IP-list from Project Honeypot (for example Directory of Malicious IPs)?

http://www.projecthoneypot.org/

Would that be ok and wise?

 

Cheers,

yadetar

  • 6 months later...
Posted (edited)

How to speed up this process....use session variables?

 

I am not trying to bring this thread back from the dead but has anyone else been curious about setting a session variable once the customer is deemed a customer and not a hacker? Instead of checking the file on every page load it just seems it would be much faster to just check if the customer session variable was set once earlier against the file....

 

I have done so but I haven't completely finished resetting the customer session to a bad guy once they break our trusted and try to access items they shouldn't. (still testing this works correctly) Right now it nulls out the session so they have to go through the file check again. Thoughts ?

Edited by WESK

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...