cwh Posted January 9, 2012 Share Posted January 9, 2012 Hi there! I just finally got this to sort of work...not really.... My ip get's block even though it's on my whilelist.txt file. I deleted the entire content of the whitelist.text file because otherwise I never got to be blocked!!! I tried removing the IP address with only 3 parts (as suggested on earlier posts) and that did not work. So i tried deleting everything and it sort of work. The only way I don't get blocked out is when I removed my ip from the ip trapped text file and get the whilelist text files with only the IP's with 4 parts on it. Like this then I don't think the script works as when I type mysite.com/store/personal/ it goes back to mysite.com/store/index.php Any suggestions as how this is suppose to be working as it should be? Quote Link to comment Share on other sites More sharing options...
MichelleDW Posted January 17, 2012 Share Posted January 17, 2012 I installed the trap (changing the name of "personal" to "admin") and was getting redirected to the index page too. I tried changing the file names to all lowercase as suggested by Jörg, but now have an Internal Server Error 500. I deleted the whitelist.txt file but that didn't have any effect. Please help. Quote Link to comment Share on other sites More sharing options...
dvharrison Posted February 1, 2012 Share Posted February 1, 2012 Hi all I have installed this add-on as I think it would revolutionise our website and its recent problem. I am working with OSCommerce 2.3.1 on XAMPP set up. I have followed the instructions v.v. carefully and when someone visits the now admin file, they get the blocked page, but The IP Address displays as ::1 on both page and email. Also the Whitelist and banned_IP numbers do not record anything therefore the website can still be accessed. Please advise what I am doing wrong. I noticed in the instructions you have If you want to prevent snoopers from viewing your files in banned folder addthe following to your .HTACCESS file But no code is listed. It just goes straight onto the stop those bots and scammers section Please advise. Quote Debbie Harrison Link to comment Share on other sites More sharing options...
dvharrison Posted February 2, 2012 Share Posted February 2, 2012 Does it work like this because I am on localhost? If thats the case then fair enough. Quote Debbie Harrison Link to comment Share on other sites More sharing options...
ShopAdminNL Posted April 24, 2012 Share Posted April 24, 2012 I am about to install this addon to my osc 2.3.1 webshop, but there's a question I have; Could it be that search engines and/or crawlers IP addresses are also getting banned when indexing my page? I'm about to go live and announce it to some search engines, but ofcourse I would not have things like Google be banned from my site ;) And also, why are there a ton of IP addresses in the whitelist.txt already in the version I just downloaded? And one more thing about the install.txt from the addon, I see this: @@@@@@@@@@@@@@@@@@@@@@@@@@@ If you want to prevent snoopers from viewing your files in banned folder add the following to your .HTACCESS file Trap those bots and snoopers! ----------------------------- But there's no text or anything there to put in my .htaccess Quote Link to comment Share on other sites More sharing options...
ShopAdminNL Posted April 25, 2012 Share Posted April 25, 2012 (edited) No worries, got this one working like a charm now! Thanks for the contri :thumbsup: I made some little twists to make it work: - changed the file names of IP_Trapped and Whitelist without caps and set chmod permissions for ip_trapped to 664 - in .htaccess in the /banned/ directory I wrote some extra security like: <Files .htaccess> order allow,deny deny from all </Files> <Files ip_trapped.txt> order allow,deny deny from all </Files> <Files whitelist.txt> order allow,deny deny from all </Files> - added 999.999.999.9999 to the cleared whitelist (what were those IPs doing there?), otherwise my own IP wouldn't get recognized (I think because of a lack of an hard Enter in the list) Now I've got this working all I have left to do is change the folder name /personal/ to /admin/ and alter this in my robot.txt Edited April 25, 2012 by ShopAdminNL Quote Link to comment Share on other sites More sharing options...
ce7 Posted June 1, 2012 Share Posted June 1, 2012 Hi Fimble, thank you very much for your addon, I had install it and it test ok but now I am in the black list, I had add the IP into white list and update it but it is still block me I think maybe this is what you said a dynamic IP and need to add code to .HTACCESS file to combat it. Can you please help me to add code .HTACCESS file? Sorry I haven't read through the forum and post first! thanks lyn Quote Link to comment Share on other sites More sharing options...
ce7 Posted June 1, 2012 Share Posted June 1, 2012 continue the questions I had: I did not receive email and I check the index.php file and make sure I put the right email address (still didn't receive anything though) if I change the admin folder, when I try to login, say www.mysite.com/newadmin/login.php it just say page can not be found any suggestions? Thanks! lyn Quote Link to comment Share on other sites More sharing options...
croth Posted October 3, 2012 Share Posted October 3, 2012 (edited) Hi all, I just installed this IP trap and I'm getting this warning, any idea what I am doing wrong? : Edited October 3, 2012 by croth Quote Link to comment Share on other sites More sharing options...
yadetar Posted October 11, 2012 Share Posted October 11, 2012 Thanks for this great contrib! I'm now looking forward to trap the first one and had an idea while waiting. How about if I add to the ip_trapped.txt some IP-list from Project Honeypot (for example Directory of Malicious IPs)? http://www.projecthoneypot.org/ Would that be ok and wise? Cheers, yadetar Quote Link to comment Share on other sites More sharing options...
WESK Posted May 9, 2013 Share Posted May 9, 2013 (edited) How to speed up this process....use session variables? I am not trying to bring this thread back from the dead but has anyone else been curious about setting a session variable once the customer is deemed a customer and not a hacker? Instead of checking the file on every page load it just seems it would be much faster to just check if the customer session variable was set once earlier against the file.... I have done so but I haven't completely finished resetting the customer session to a bad guy once they break our trusted and try to access items they shouldn't. (still testing this works correctly) Right now it nulls out the session so they have to go through the file check again. Thoughts ? Edited May 9, 2013 by WESK Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.