IP trap Version 3 released

[simplicity]

I installed and testing this addon yet when I block myself I am still able to access my website with no issues.. I went to the "personal" folder and got the banned page and got an email saying it banned myself.. Yet I was still easily able to browse my site..

 

 

I discovered the same thing.

[Guest]

I am getting the following warnigs when I launch my pages. Using IP_Trap V 4 + Index.php update

 

Warning: file(home/*username*/public_html/banned/IP_Trapped.txt) [function.file]: failed to open stream: No such file or directory in /home/*username*/public_html/includes/secret.php on line 11

 

Warning: Invalid argument supplied for foreach() in /home/*username*/public_html/includes/secret.php on line 13

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/*username*/public_html/includes/secret.php:11) in /home/*username*/public_html/includes/functions/sessions.php on line 102

 

Here are the lines in question:

secret.php line 11 - $IPtrap = file ('home/heathe70/public_html/banned/IP_Trapped.txt');

secret.php line 13 - foreach( $IPtrap as $blockip )

sessions.php line 102 - return session_start();

 

 

I have looked through the site and changed my file permissions for IP trapped and index to 777, I have checked for white spaces, and I have tried using the given URL's as well as the absolute paths. I still get the same errors.

 

Any suggestions?????

 

Heather

[toddzy]

Hello Fimble and thank you for your contribution.

 

I have a question for you and possibly a feature request.

 

As far as I understand a banned ip number can be released by the bot and could possibly be re-assigned by an ISP to a potential customer, consequently that potential customer won't be able to view my store unless s/he feels bothered to email me requesting that I (manually) remove their ip number from the blacklist. So I was wondering, would it be unwise to set up a scheduled task, such as a cron job(?), to reset the blacklist file back to its original content to avoid this inconvenience and potential loss of a customer? Or maybe even (manually) re-upload the original blacklist file and overwrite the existing one on the server once per week? What are your thoughts on the matter?

 

p.s. i realize it's unlikely to happen but eventually after thousands of ip numbers are in the blacklist file it will eventually happen, right?

 

thanks in advance for any response. :)

[altereco]

"Upload the entire contents of the catalog folder to your existing catalog folder on your server via FTP."

Do I drag the whole catalog folder from my local site to my remote site and put that whole folder inside of the catalog folder my catalog is already in? Or do I upload each of the files within the catalog folder individually to my current catalog?

[Guest]

Im a bit late here, i have oscommerce installed on a subdomain. Do i add it like this on the index php - www.subdomain.yourdomain.com ?

 

 

and how do i check it is all working? do i put something like this in to the url bar? - www.subdomain.yourdomain.com/admin/index.php

[Guest]

Im a bit late here, i have oscommerce installed on a subdomain. Do i add it like this on the index php - www.subdomain.yourdomain.com ?

 

 

and how do i check it is all working? do i put something like this in to the url bar? - www.subdomain.yourdomain.com/admin/index.php

 

 

I have just got an email through, blocking an ip, this may have been me trying to test it

[jfkafka]

Hi Fimble,

 

Hope all is excellent with you. Thanks for a great Trap.

So far, it's caught 7 hackroaches!

 

Re: v4

 

Catalog/personal/index.php

 

While testing on localhost with xxamp, php5.3,

put ip 127.0.0.1 into whitelist.txt and navigated to

http://www.localdev.com/public_html/personal/

but was still getting blocked.php

 

UNTIL (commenting out)

// $ip = $_SERVER["REMOTE_ADDR"]."\n";

 

now changed to this:

// $ip = $_SERVER["REMOTE_ADDR"]."\n";

$ip = $_SERVER["REMOTE_ADDR"];

 

Now it recognizes there's a match and behaves properly

($tester = 1 and redirects to root index.php)

 

2 questions, if I may be so bold:

 

1. Why was ."\n" appended to $ip?

 

Below that is this code:

// If not found in the Whitelist, then continue to add the IP number to the IP_Trapped file and forward to blocked.

{

 

$DOCUMENT_ROOT=$_SERVER['DOCUMENT_ROOT'];

 

2. What is that curly brace in the middle for?

(it seems like the foreach and if statements above it are terminated with closing }

What am I missing(besides a functioning brain)?

 

Thanks for any enlightenment,

jk

[jfkafka]

update on above

 

actually commenting/truncating:

$ip = $_SERVER["REMOTE_ADDR"]."\n";

to

$ip = $_SERVER["REMOTE_ADDR"];

 

worked when I only had 1 ip (my local ip 127.0.0.1) in Whitelist.txt

when I tried it using the v4 Whitelist.txt, inserting 127.0.0.1

somewhere in the middle of the whitelist

I was blocked and clocked!

but it did provide a solution (in my case at least)

 

based on that

I just changed the line below to trim both

if($tester = strcmp(trim($whiteip),trim($ip))== 'true') {

and now it works when the ip is in the middle of the list

 

as to why it didn't work beforehand

seems like there's different amounts of emptiness

 

jk

[tstarr]

Is there a good Blacklist that I can paste into IP_Trapped.txt to get started?

I found one here http://addons.oscommerce.com/info/6066 (banned_IP_Numbers.txt) but it uses subnets.

Will these type of entries work with IP Trap?

 

81.169.137.114

74.53.46.98

62.29.0.0/17

62.56.128.0/22

217.194.135.160/28

217.195.192.0/20

[TeaToEnjoyAdmin]

Hi Everyone,

I just installed the app and I can see IP addresses being added to the IP_trapped.txt file. But when that same IP address comes around again to another part of the site it can still access my site. I got the impression from reading that the tool would actually block that IP address automatically moving forward. I can easily add the IP address to my cPanel to block it but I wanted to check and make sure I did not do something wrong because it is not being automatically blocked.

 

Thanks

[♥FIMBLE]

Version 5 of the IP trap just been released.

 

 

http://addons.oscommerce.com/info/5914

 

This release clears up the code, and simplifies the installation and update from previous releases

 

* Rewrote the code, removed duplicate Variables

* Changed the require to include in application_top.php

* This version needs only two lines in two files changed to work

* Included a Problem and solutions guide

* Changed the link destination to see who the IP belongs to and parsed it to be a complete link with IP number included so just click and view

 

I have tested this over the past few weeks on various environments and sorted out a lot of the problems users were experiencing.

Please post your comments here....

 

I strongly recommend you upgrade to this version.

 

IP Trap is osCommerce version independent, it will work on any of the current "for production" releases.

[mr_absinthe]

If I understand correctly (when I look into robots.txt), we should create folder /admin/ and copy the index.php from personal folder there, right? But that would mean that two "banned" emails will be received - at least that is what is happening right now. And if I don't keep the index.php file in admin folder, nobody is trapped while trying to access it.

Edited January 31, 2011 by mr_absinthe

[♥FIMBLE]

Hello did you read the install file?

 

Maybe I did not make it clear enough, if you use the admin folder example then you do not need to use the personal folder as well, sorry for any confusion.

Nic

[♥FIMBLE]

Sorry Alex that read to aggressively when it is not the intention... let me start over!

 

By default the file is in the personal folder, if you wish to have it in any other folder, say admin then all you need to do is to rename the personal folder to the desired folder name.

The admin in the robots.txt harks to an era pre 2.3.1 when upon install admin was your only option.

 

Nic

[mr_absinthe]

Thank you Nic, maybe I was going too quick through the install file... It is clear now :thumbsup:

[♥FIMBLE]

Glad its sorted now anyway

Nic

[johnnybebad]

query, this may sound stupid so bear with me.

 

if good bots obey robots.txt and bad bots don't.

 

how do I stop good bots entering my real admin folder without tellin the bad ones where it is?

 

as in your file you have disallow:/includes, cgibin personal and admin

 

just wondered if I am to excclude my real admin folder in the list, and do I really want bad bots to know it exists ?

 

Thanks

[♥FIMBLE]

hi Jonny

i think its a better idea to make sure you admin has been renamed and you have htaccess protection enabled, there is more than one way of finding your admin folder name and changing the name will not stop attacks to it, it will prevent automated scripts from attacking it as they are hardcoded mostly for "admin".

So ensure you have done all you can to prevent attacks to your admin whatever it is called.

 

Regards

Nic

[johnnybebad]

cool, just wanted to get that straight. so I can have my admin directory and my ip trap admin directory in my robots.txt file

[♥FIMBLE]

Hello all

IP trap updated and now is able to block user agents as well as IP numbers

Nic

[kenkja]

I've just installed the IP Trap but have not yet tried the testing routines, 2 things I'm a little confused about.

 

Firstly the robots.txt file, as suggested in the insallation notes I've renamed the personal folder and according the robots.txt file. I notice it has entry disallowing the admin folder & see in the posts above that this goes back to when admin was the only option, am I right in assuming that this line should be altered to my renamed admin folder ?

 

Secondly, in the installation notes after the code changes for application_top.php, "If you want to prevent snoopers from viewing your files in banned folder add the following to your .HTACCESS file" but there doesn't appear to be anything to add

 

Post 1418818 included

 

"SetEnvIfNoCase Request_URI IP_Trapped\.txt ban

<Files ~ "^.*$">

order allow,deny

allow from all

deny from env=ban

</Files>

 

SetEnvIfNoCase Request_URI Whitelist\.txt ban

<Files ~ "^.*$">

order allow,deny

allow from all

deny from env=ban

</Files>

 

To your .htaccess file, the one inside your catalog folder"

 

Is this it ?

 

thanks

 

Ken

[♥FIMBLE]

Hi Ken,

Yes you are correct on both counts.

Well done, and sorry for confusing you!

Nic

[kenkja]

Nic

 

Thanks very much, now tested and all working

 

ken

[kenkja]

Hello Nic

 

Just when I thought i was getting the hang of this stuff !!

 

I on a 2.3.1 install and seem to successfully added the htaccess directory protection through osc admin options.

 

SO then went back to to adding the code required to htaccess file, then came my senior moment.

 

Am I adding this to code the file in the renamed admin folder or to the one in root or both ?

 

thanks

 

Ken

[♥FIMBLE]

the

 

"SetEnvIfNoCase Request_URI IP_Trapped\.txt ban

<Files ~ "^.*$">

order allow,deny

allow from all

deny from env=ban

</Files>

 

SetEnvIfNoCase Request_URI Whitelist\.txt ban

<Files ~ "^.*$">

order allow,deny

allow from all

deny from env=ban

</Files>

 

 

goes into your store main htaccess file, where the main files are like index, account, product_info etc...

 

Nic