simplicity Posted October 17, 2010 Share Posted October 17, 2010 I installed and testing this addon yet when I block myself I am still able to access my website with no issues.. I went to the "personal" folder and got the banned page and got an email saying it banned myself.. Yet I was still easily able to browse my site.. I discovered the same thing. Quote Link to comment Share on other sites More sharing options...
Guest Posted October 18, 2010 Share Posted October 18, 2010 I am getting the following warnigs when I launch my pages. Using IP_Trap V 4 + Index.php update Warning: file(home/*username*/public_html/banned/IP_Trapped.txt) [function.file]: failed to open stream: No such file or directory in /home/*username*/public_html/includes/secret.php on line 11 Warning: Invalid argument supplied for foreach() in /home/*username*/public_html/includes/secret.php on line 13 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/*username*/public_html/includes/secret.php:11) in /home/*username*/public_html/includes/functions/sessions.php on line 102 Here are the lines in question: secret.php line 11 - $IPtrap = file ('home/heathe70/public_html/banned/IP_Trapped.txt'); secret.php line 13 - foreach( $IPtrap as $blockip ) sessions.php line 102 - return session_start(); I have looked through the site and changed my file permissions for IP trapped and index to 777, I have checked for white spaces, and I have tried using the given URL's as well as the absolute paths. I still get the same errors. Any suggestions????? Heather Quote Link to comment Share on other sites More sharing options...
toddzy Posted November 2, 2010 Share Posted November 2, 2010 Hello Fimble and thank you for your contribution. I have a question for you and possibly a feature request. As far as I understand a banned ip number can be released by the bot and could possibly be re-assigned by an ISP to a potential customer, consequently that potential customer won't be able to view my store unless s/he feels bothered to email me requesting that I (manually) remove their ip number from the blacklist. So I was wondering, would it be unwise to set up a scheduled task, such as a cron job(?), to reset the blacklist file back to its original content to avoid this inconvenience and potential loss of a customer? Or maybe even (manually) re-upload the original blacklist file and overwrite the existing one on the server once per week? What are your thoughts on the matter? p.s. i realize it's unlikely to happen but eventually after thousands of ip numbers are in the blacklist file it will eventually happen, right? thanks in advance for any response. :) Quote Link to comment Share on other sites More sharing options...
altereco Posted November 19, 2010 Share Posted November 19, 2010 "Upload the entire contents of the catalog folder to your existing catalog folder on your server via FTP." Do I drag the whole catalog folder from my local site to my remote site and put that whole folder inside of the catalog folder my catalog is already in? Or do I upload each of the files within the catalog folder individually to my current catalog? Quote Link to comment Share on other sites More sharing options...
Guest Posted November 30, 2010 Share Posted November 30, 2010 Im a bit late here, i have oscommerce installed on a subdomain. Do i add it like this on the index php - www.subdomain.yourdomain.com ? and how do i check it is all working? do i put something like this in to the url bar? - www.subdomain.yourdomain.com/admin/index.php Quote Link to comment Share on other sites More sharing options...
Guest Posted November 30, 2010 Share Posted November 30, 2010 Im a bit late here, i have oscommerce installed on a subdomain. Do i add it like this on the index php - www.subdomain.yourdomain.com ? and how do i check it is all working? do i put something like this in to the url bar? - www.subdomain.yourdomain.com/admin/index.php I have just got an email through, blocking an ip, this may have been me trying to test it Quote Link to comment Share on other sites More sharing options...
jfkafka Posted December 7, 2010 Share Posted December 7, 2010 Hi Fimble, Hope all is excellent with you. Thanks for a great Trap. So far, it's caught 7 hackroaches! Re: v4 Catalog/personal/index.php While testing on localhost with xxamp, php5.3, put ip 127.0.0.1 into whitelist.txt and navigated to http://www.localdev.com/public_html/personal/ but was still getting blocked.php UNTIL (commenting out) // $ip = $_SERVER["REMOTE_ADDR"]."\n"; now changed to this: // $ip = $_SERVER["REMOTE_ADDR"]."\n"; $ip = $_SERVER["REMOTE_ADDR"]; Now it recognizes there's a match and behaves properly ($tester = 1 and redirects to root index.php) 2 questions, if I may be so bold: 1. Why was ."\n" appended to $ip? Below that is this code: // If not found in the Whitelist, then continue to add the IP number to the IP_Trapped file and forward to blocked. { $DOCUMENT_ROOT=$_SERVER['DOCUMENT_ROOT']; 2. What is that curly brace in the middle for? (it seems like the foreach and if statements above it are terminated with closing } What am I missing(besides a functioning brain)? Thanks for any enlightenment, jk Quote Link to comment Share on other sites More sharing options...
jfkafka Posted December 7, 2010 Share Posted December 7, 2010 update on above actually commenting/truncating: $ip = $_SERVER["REMOTE_ADDR"]."\n"; to $ip = $_SERVER["REMOTE_ADDR"]; worked when I only had 1 ip (my local ip 127.0.0.1) in Whitelist.txt when I tried it using the v4 Whitelist.txt, inserting 127.0.0.1 somewhere in the middle of the whitelist I was blocked and clocked! but it did provide a solution (in my case at least) based on that I just changed the line below to trim both if($tester = strcmp(trim($whiteip),trim($ip))== 'true') { and now it works when the ip is in the middle of the list as to why it didn't work beforehand seems like there's different amounts of emptiness jk Quote Link to comment Share on other sites More sharing options...
tstarr Posted December 20, 2010 Share Posted December 20, 2010 Is there a good Blacklist that I can paste into IP_Trapped.txt to get started? I found one here http://addons.oscommerce.com/info/6066 (banned_IP_Numbers.txt) but it uses subnets. Will these type of entries work with IP Trap? 81.169.137.114 74.53.46.98 62.29.0.0/17 62.56.128.0/22 217.194.135.160/28 217.195.192.0/20 Quote Link to comment Share on other sites More sharing options...
TeaToEnjoyAdmin Posted January 22, 2011 Share Posted January 22, 2011 Hi Everyone, I just installed the app and I can see IP addresses being added to the IP_trapped.txt file. But when that same IP address comes around again to another part of the site it can still access my site. I got the impression from reading that the tool would actually block that IP address automatically moving forward. I can easily add the IP address to my cPanel to block it but I wanted to check and make sure I did not do something wrong because it is not being automatically blocked. Thanks Quote Link to comment Share on other sites More sharing options...
♥FIMBLE Posted January 28, 2011 Author Share Posted January 28, 2011 Version 5 of the IP trap just been released. http://addons.oscommerce.com/info/5914 This release clears up the code, and simplifies the installation and update from previous releases * Rewrote the code, removed duplicate Variables * Changed the require to include in application_top.php * This version needs only two lines in two files changed to work * Included a Problem and solutions guide * Changed the link destination to see who the IP belongs to and parsed it to be a complete link with IP number included so just click and view I have tested this over the past few weeks on various environments and sorted out a lot of the problems users were experiencing. Please post your comments here.... I strongly recommend you upgrade to this version. IP Trap is osCommerce version independent, it will work on any of the current "for production" releases. Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
mr_absinthe Posted January 31, 2011 Share Posted January 31, 2011 (edited) If I understand correctly (when I look into robots.txt), we should create folder /admin/ and copy the index.php from personal folder there, right? But that would mean that two "banned" emails will be received - at least that is what is happening right now. And if I don't keep the index.php file in admin folder, nobody is trapped while trying to access it. Edited January 31, 2011 by mr_absinthe Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
♥FIMBLE Posted January 31, 2011 Author Share Posted January 31, 2011 Hello did you read the install file? Maybe I did not make it clear enough, if you use the admin folder example then you do not need to use the personal folder as well, sorry for any confusion. Nic Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
♥FIMBLE Posted January 31, 2011 Author Share Posted January 31, 2011 Sorry Alex that read to aggressively when it is not the intention... let me start over! By default the file is in the personal folder, if you wish to have it in any other folder, say admin then all you need to do is to rename the personal folder to the desired folder name. The admin in the robots.txt harks to an era pre 2.3.1 when upon install admin was your only option. Nic Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
mr_absinthe Posted February 1, 2011 Share Posted February 1, 2011 Thank you Nic, maybe I was going too quick through the install file... It is clear now :thumbsup: Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
♥FIMBLE Posted February 1, 2011 Author Share Posted February 1, 2011 Glad its sorted now anyway Nic Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
johnnybebad Posted February 3, 2011 Share Posted February 3, 2011 query, this may sound stupid so bear with me. if good bots obey robots.txt and bad bots don't. how do I stop good bots entering my real admin folder without tellin the bad ones where it is? as in your file you have disallow:/includes, cgibin personal and admin just wondered if I am to excclude my real admin folder in the list, and do I really want bad bots to know it exists ? Thanks Quote Getting better with mods but no programmer am I. Link to comment Share on other sites More sharing options...
♥FIMBLE Posted February 3, 2011 Author Share Posted February 3, 2011 hi Jonny i think its a better idea to make sure you admin has been renamed and you have htaccess protection enabled, there is more than one way of finding your admin folder name and changing the name will not stop attacks to it, it will prevent automated scripts from attacking it as they are hardcoded mostly for "admin". So ensure you have done all you can to prevent attacks to your admin whatever it is called. Regards Nic Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
johnnybebad Posted February 3, 2011 Share Posted February 3, 2011 cool, just wanted to get that straight. so I can have my admin directory and my ip trap admin directory in my robots.txt file Quote Getting better with mods but no programmer am I. Link to comment Share on other sites More sharing options...
♥FIMBLE Posted February 17, 2011 Author Share Posted February 17, 2011 Hello all IP trap updated and now is able to block user agents as well as IP numbers Nic Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
kenkja Posted February 21, 2011 Share Posted February 21, 2011 I've just installed the IP Trap but have not yet tried the testing routines, 2 things I'm a little confused about. Firstly the robots.txt file, as suggested in the insallation notes I've renamed the personal folder and according the robots.txt file. I notice it has entry disallowing the admin folder & see in the posts above that this goes back to when admin was the only option, am I right in assuming that this line should be altered to my renamed admin folder ? Secondly, in the installation notes after the code changes for application_top.php, "If you want to prevent snoopers from viewing your files in banned folder add the following to your .HTACCESS file" but there doesn't appear to be anything to add Post 1418818 included "SetEnvIfNoCase Request_URI IP_Trapped\.txt ban <Files ~ "^.*$"> order allow,deny allow from all deny from env=ban </Files> SetEnvIfNoCase Request_URI Whitelist\.txt ban <Files ~ "^.*$"> order allow,deny allow from all deny from env=ban </Files> To your .htaccess file, the one inside your catalog folder" Is this it ? thanks Ken Quote Os-commerce v2.3.3 Security Pro v11 Site Monitor IP Trap htaccess Protection Bad Behaviour Block Year Make Model Document Manager X Sell Star Product Modular Front Page Modular Header Tags Link to comment Share on other sites More sharing options...
♥FIMBLE Posted February 21, 2011 Author Share Posted February 21, 2011 Hi Ken, Yes you are correct on both counts. Well done, and sorry for confusing you! Nic Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
kenkja Posted February 21, 2011 Share Posted February 21, 2011 Nic Thanks very much, now tested and all working ken Quote Os-commerce v2.3.3 Security Pro v11 Site Monitor IP Trap htaccess Protection Bad Behaviour Block Year Make Model Document Manager X Sell Star Product Modular Front Page Modular Header Tags Link to comment Share on other sites More sharing options...
kenkja Posted February 21, 2011 Share Posted February 21, 2011 Hello Nic Just when I thought i was getting the hang of this stuff !! I on a 2.3.1 install and seem to successfully added the htaccess directory protection through osc admin options. SO then went back to to adding the code required to htaccess file, then came my senior moment. Am I adding this to code the file in the renamed admin folder or to the one in root or both ? thanks Ken Quote Os-commerce v2.3.3 Security Pro v11 Site Monitor IP Trap htaccess Protection Bad Behaviour Block Year Make Model Document Manager X Sell Star Product Modular Front Page Modular Header Tags Link to comment Share on other sites More sharing options...
♥FIMBLE Posted February 21, 2011 Author Share Posted February 21, 2011 the "SetEnvIfNoCase Request_URI IP_Trapped\.txt ban <Files ~ "^.*$"> order allow,deny allow from all deny from env=ban </Files> SetEnvIfNoCase Request_URI Whitelist\.txt ban <Files ~ "^.*$"> order allow,deny allow from all deny from env=ban </Files> goes into your store main htaccess file, where the main files are like index, account, product_info etc... Nic Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.