Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

IP trap Version 3 released


FIMBLE

Recommended Posts

Hi there!

I just finally got this to sort of work...not really....

 

My ip get's block even though it's on my whilelist.txt file. I deleted the entire content of the whitelist.text file because otherwise I never got to be blocked!!! I tried removing the IP address with only 3 parts (as suggested on earlier posts) and that did not work. So i tried deleting everything and it sort of work.

 

The only way I don't get blocked out is when I removed my ip from the ip trapped text file and get the whilelist text files with only the IP's with 4 parts on it. Like this then I don't think the script works as when I type mysite.com/store/personal/ it goes back to mysite.com/store/index.php

 

Any suggestions as how this is suppose to be working as it should be?

Link to comment
Share on other sites

I installed the trap (changing the name of "personal" to "admin") and was getting redirected to the index page too. I tried changing the file names to all lowercase as suggested by Jörg, but now have an Internal Server Error 500. I deleted the whitelist.txt file but that didn't have any effect.

 

Please help.

Link to comment
Share on other sites

  • 3 weeks later...

Hi all

 

I have installed this add-on as I think it would revolutionise our website and its recent problem.

 

I am working with OSCommerce 2.3.1 on XAMPP set up. I have followed the instructions v.v. carefully and when someone visits the now admin file, they get the blocked page, but The IP Address displays as ::1 on both page and email.

 

Also the Whitelist and banned_IP numbers do not record anything therefore the website can still be accessed.

 

Please advise what I am doing wrong. I noticed in the instructions you have

 

If you want to prevent snoopers from viewing your files in banned folder add

the following to your .HTACCESS file

 

But no code is listed. It just goes straight onto the stop those bots and scammers section

 

Please advise.

Debbie Harrison

 

Link to comment
Share on other sites

  • 2 months later...

I am about to install this addon to my osc 2.3.1 webshop, but there's a question I have;

Could it be that search engines and/or crawlers IP addresses are also getting banned when indexing my page? I'm about to go live and announce it to some search engines, but ofcourse I would not have things like Google be banned from my site ;)

 

And also, why are there a ton of IP addresses in the whitelist.txt already in the version I just downloaded?

 

And one more thing about the install.txt from the addon, I see this:

 

@@@@@@@@@@@@@@@@@@@@@@@@@@@

 

If you want to prevent snoopers from viewing your files in banned folder add

the following to your .HTACCESS file

 

 

Trap those bots and snoopers!

-----------------------------

 

But there's no text or anything there to put in my .htaccess

Link to comment
Share on other sites

No worries, got this one working like a charm now! Thanks for the contri :thumbsup:

 

I made some little twists to make it work:

 

- changed the file names of IP_Trapped and Whitelist without caps and set chmod permissions for ip_trapped to 664

 

- in .htaccess in the /banned/ directory I wrote some extra security like:

<Files .htaccess>

order allow,deny

deny from all

</Files>

<Files ip_trapped.txt>

order allow,deny

deny from all

</Files>

<Files whitelist.txt>

order allow,deny

deny from all

</Files>

 

- added 999.999.999.9999 to the cleared whitelist (what were those IPs doing there?), otherwise my own IP wouldn't get recognized (I think because of a lack of an hard Enter in the list)

 

 

Now I've got this working all I have left to do is change the folder name /personal/ to /admin/ and alter this in my robot.txt

Edited by ShopAdminNL
Link to comment
Share on other sites

  • 1 month later...

Hi

Fimble,

 

thank you very much for your addon,

I had install it and it test ok

 

but now I am in the black list,

I had add the IP into white list and update it

but it is still block me

 

I think maybe this is what you said a dynamic IP and need to

add code to .HTACCESS file to combat it.

 

Can you please help me to add code .HTACCESS file?

 

Sorry I haven't read through the forum and post first!

 

thanks

 

lyn

Link to comment
Share on other sites

  • 4 months later...
  • 2 weeks later...
  • 6 months later...

How to speed up this process....use session variables?

 

I am not trying to bring this thread back from the dead but has anyone else been curious about setting a session variable once the customer is deemed a customer and not a hacker? Instead of checking the file on every page load it just seems it would be much faster to just check if the customer session variable was set once earlier against the file....

 

I have done so but I haven't completely finished resetting the customer session to a bad guy once they break our trusted and try to access items they shouldn't. (still testing this works correctly) Right now it nulls out the session so they have to go through the file check again. Thoughts ?

Edited by WESK
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...