Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

View Counter


Recommended Posts

5 hours ago, Smoky Barnable said:

Undefined constant "VIEW_COUNTER_GOOD_IP_LIST"

That's a setting added by the view_counter_db_handler.php file. You have to run that file in a browser. And then click on the rest button to apply new configuration fields.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

3 hours ago, wetzel said:

he html_output change caused an error

That change is to add the missing bootstrap button to older shops. But your version probably already has it. Unfortunately, there's no way to provide exact instructions for all versions, especially Phoenix, because there are so many of them. But other than that and the application_top changes, there aren't any other changes so you should be all set.

There are other files in the change directory but the php files are just for adding the auto-complete code for create account and checkout so they are not required. You should make the change to the roots .htaccess file, if you haven;'t. And you should use the robots file in the extra directory, just be sure to change the two lines with my domain name in them.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 6 months later...

A new version has been updated with these changes:

  • Added countries to the country blocking list to account for differences in names.
  • Added many entries to the hacker checking code. See notes below.
  • Added cross-scripting to the extras .htaccess file.
  • Changed the trap code since it could give false results under rare conditions.
  • Changed the Good IP list setting to a textarea.
  • Changed code to prevent some php notices.
  • Changed code for the IP Details dialog. Should always return the details now.
  • Changed the javascript popup code for checking if an IP is in a cidr to use the messagestack.
  • Changed the .htaccess writing code to properly handle the deny surrounding statements.
  • Changed the .htaccess writing code to use the servers setenv mod for blocking domain names.
  • Changed the IP count on the Monitor page to also show counts for bots and admin.
  • Changed the IP In CIDR button to Check Status. It now checks more places for blocked IP's, though not as many as in the Pro version.
  • Corrected code that prevented hacker code checking in some cases.
  • Corrected code to return correct responses for all bans.
  • Fixed the code for syncing the .htaccess file and database to prevent duplicate entries.
  • Made a number of minor changes for speed improvement.
  • Moved the hacker checking code that was in two files to one file.

PRO VERSION ONLY:

  • Added a Security Test in Tools.
  • Added a Similar IP's report. Allows moving single blocked IP's into CIDR's.
  • Added a table of Amazon IP's and an option to allow blocking them.
  • Added a table of good bot IP's (currently only googles) and an option to skip them so they are not accidentally blocked.
  • Added a cron script to backup the banned and ignored IP's.
  • Added cross-checking of blocked IP's between Honey Pot and View Counter.
  • Added a search by IP to the banned log page.
  • Changed the Banned log to record the count of attempts by an IP.
  • Changed the IP In CIDR button to Check Status. It now checks if the entered IP is blocked or ignored in any way.
  • Corrected typos in the database only blocking code.
  • Improved the email tracking code.
  • Improved the Hosts blocking code.

NOTES:

1 - The Pro version contains many more features and security checks than the free version. It now also communicates with Honey Pot to increase protection. Contact me for a package price for the Pro versions or if you have any questions about what is available.

2 - The Extra directory has an .htaccess that has code to help prevent attacks. It needs to be merged with the existing one. It is not a direct replacement. This is not part of View Counter and is useful for any site.

3 - The Extra directory has a large robots.txt file. If used, be sure to change the two places where the domain is mentioned. If you do not have an XML sitemap for your shop, which is a mistake, be sure to delete the second line mentioning the domain name.

4 - I strongly suggest you install the Custom Server Error Pages addon. Besides adding error pages which many sites don't have, View Counter shows the failures and uses the failed attempts to block hackers. You will be surprised, at least I was, of the number of attempts the hackers make.

5 - If you use any of the following in the shop, the includes/modules/view_counter_hacker_defines.php file will need to be edited to remove it.

ads.txt
assetlinks.json used to check apps may give false positives
Fortinet
humans.txt
leafhacker an app. Not used but may cause false positives.
phpmyadmin
webfig
Wordpress within the shop (unlikely).

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

I was asked about adding to the hacker defines so I thought I would mention it here. The defines are in view_counter_hacker_defines.php. You can add whatever you want there as long as you follow the pattern of enclosing it in quotes and followed by a comma.

If you have installed the custom server error pages as recommended, then to View Counter->Monitor and click on the file name column. Then go through the pages until the server_error.php file is shown. If there are any entries for it, the Parameters column will show what was not found. Some entries may be normal, like missing images, but if there are any that does not apply to your shop then it is probably a hacker looking for a way in. In those cases, copy the parameter and enter it into the above file.

If you post such words here I will add to the next version.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Does view counter work when using CloudFlare CDN? For example, I can only get customers ip using this code:

$customers_ip = $_SERVER["HTTP_CF_CONNECTING_IP"];

 

The water in a vessel is sparkling; the water in the sea is dark. The small truth has words which are clear; the great truth has great silence.

- Rabindranath Tagore

Link to comment
Share on other sites

CloudFlare replaces the IP that View Counter sees so it won't work properly. The code works fine but the displayed IP's belong to CloudFlare and so they are useless. There used to be a module CF offered to show the real IP but that no longer works. They have a different way of doing it now but I could never get it to work. CF wanted to run tests to see why but it was a live shop so that wasn't possible.

They never mentioned that SERVER variable. If that is always available and valid, then you change the following in includes/modules/view_counter.php

$thisIP = $_SERVER['REMOTE_ADDR']; //increase scope
 
 switch (true) {  

to

 $thisIP = $_SERVER['HTTP_CF_CONNECTING_IP']; //increase scope
 
 switch (false) {  
 

 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

7 hours ago, Jack_mcs said:

CloudFlare replaces the IP that View Counter sees so it won't work properly. The code works fine but the displayed IP's belong to CloudFlare and so they are useless. There used to be a module CF offered to show the real IP but that no longer works. They have a different way of doing it now but I could never get it to work. CF wanted to run tests to see why but it was a live shop so that wasn't possible.

They never mentioned that SERVER variable. If that is always available and valid, then you change the following in includes/modules/view_counter.php


$thisIP = $_SERVER['REMOTE_ADDR']; //increase scope
 
 switch (true) {  

to


 $thisIP = $_SERVER['HTTP_CF_CONNECTING_IP']; //increase scope
 
 switch (false) {  
 

 

It actually was getting most IPv4's ok but for IPv6 this code seems to get both when using CloudFlare.

if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])){
$thisIP = $_SERVER['HTTP_CF_CONNECTING_IP'];
}else{
$thisIP = $_SERVER['REMOTE_ADDR'];
}

 

The water in a vessel is sparkling; the water in the sea is dark. The small truth has words which are clear; the great truth has great silence.

- Rabindranath Tagore

Link to comment
Share on other sites

5 hours ago, Smoky Barnable said:

It actually was getting most IPv4's ok but for IPv6 this code seems to get both when using CloudFlare.

Were the IPV4's those of customers or of CF? IPV6 isn't fully supported in VC so you should return out of the module for those.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 1 month later...

Hello @Jack_mcs
I have view-counter v1.8 installed on Frozen today I get error on the admin side 
 

1213 - Deadlock found when trying to get lock; try restarting transaction

 update view_counter set view_count = 5, ip_active=1, last_date = now() where file_name = 'edit_orders_add_product.php' and arg = 'oID=24126&action=add_product' and language_id = 4 and ip_number = INET_ATON('XX.XX.XXX.XXX' ) and session_id = '6f18e74135e1d2eef63e03c199ea109f'

INET_ATON('XX.XX.XXX.XXX' ) was admin IP address I just change it before I post here

and this one 
 

1213 - Deadlock found when trying to get lock; try restarting transaction

delete from view_counter where last_date < '2022-03-11 23:59:59'

 I am not sure why I get this errors,
 I appreciate your help
Omar

Get the latest Responsive osCommerce CE (community edition) here .

Link to comment
Share on other sites

@Omar_oneI've never seen that happen before so I don't have a quick answer for you. But the current version is 1.12 and there have been a very large number of changes in it compared to version 1.8 that have to do with handling the database so I suggest you upgrade first to see if that fixes it. 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 2 months later...

I've got view counter working on my local xampp server with PHP 8 and MySQL 5.5 however when I uploaded to my host I see the database query in view_counter.php returning an empty result set. This query returns data on my xampp server but is empty on my production site:

select *, TIME_TO_SEC( UNIX_TIMESTAMP( now( ) ) - UNIX_TIMESTAMP( last_date ) ) as time, DATE_FORMAT(last_date, '%a, %D %T') as date_time from view_counter where ip_active=1 and language_id = 1 and isbot = 0 and ( (isadmin <> '/admin/')) order by last_date desc limit 20 offset 0

I should note that on my test server there is also some warnings "#1292 Incorrect time value". I'm wondering if this might be because my live site is using MySQL 5.7?

Edited by Smoky Barnable

The water in a vessel is sparkling; the water in the sea is dark. The small truth has words which are clear; the great truth has great silence.

- Rabindranath Tagore

Link to comment
Share on other sites

I don't have a shop set up with View Counter that will run with php 8 so I can't test this.

6 hours ago, Smoky Barnable said:

#1292 Incorrect time value

 But that error is due to an invalid timestamp value so my first guess is that you have changed the time format entry in the View Counter settings. 

But since it is only failing on the server I think it more likely that the servers mysql version has strict mode set. The code should work even with that set but until I am able to test it that might be a quick fix. 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 4 weeks later...

A new version has been uploaded with these changes:

Free Version

  • Added the clear_ip_manually sql file (in Extras) to allow clearing of an IP that blocks you from admin.
  • Added visitor count to the header.
  • Added tool to whitelist an IP.
  • Changed the blocking code when the bad bot trap is tripped to only store the IP once - it was storing it twice.
  • Changed the status function to return violations if Honey Pot is used.
  • Corrected a database query in admin that caused intermittent errors.
  • Fixed problem that could occur in multi-language shops.
  • Fixed the prolem in Tools that prevented the selected tool from staying open.
  • Moved some code out of a loop to improve speed in admin.
  • Moved some code to common functions.

Pro Version:

  • Added more hacker defines.
  • Added a function to check if a customer exists to prevent accidental blocking. Requires Honey Pot.   
  • Added code to identify an IP that was banned by Honey Pot in the Banned Log. Requires Honey Pot.
  • Added code to allow checking IP's on abusepdb.com.
  • Added a tool to check for blocked customers.
  • Added a search option to the Monitor page.
  • Fixed the banned log code to set the initial sort method correctly.
  • Changed how the blocking code works when a block is done in Honey Pot's Maintenance section. Requires honey Pot.
  • Changed the code to track errors to use SCRIPT_NAME instead of REFERER for better results.
  • Changed the wording of the report text to better identify where the error occurred.
  • Removed the timeout value in CURL for downloading the database to allow for larger databases.
  •  

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 9 months later...

A new version has been uploaded with these changes:

Free Version:

  • Added missing countries and other variations to the countries list.
  • Added the unique IP counts to the visitor count line in Monitor.
  • Added a line to the header of Monitor to display the counts of banned logs.
  • Added a clean tool in the Maintenance section to remove duplicate IP's;
  • Added code to prevent an IP from being blocked if it is in the country blocking list.
  • Changed delete customers code to also delete from View Counters customer table.
  • Changed code in the shops .htaccess file to prevent looping on traps.
  • Changed the code for blocking CIDR's to catch invalid entries.
  • Changed the four input boxes on Monitor to clear when clicked into.
  • Changed some tep_ calls to generic ones for better compatibility.
  • Changed the size of the countries field in the block table to hold longer country names.
  • Changed the code so a hacker check checks both bots and non-bots in admin.
  • Changed the spoofing checker code to improve speed and accuracy.
  • Changed the Clean Database tool to remove blocked IP's that are being blocked by country.
  • Converted the admin to use a class instead of function.
  • Corrected code mistake when checking existing customers.
  • Made many changes to the Monitor GUI for easier use.
  • Moved the code to clear the database tables to a cron job.Moved the Warning code to the hidden area, renamed it and populated with ajax to improve speed.

PRO Version:

  • Added a setting to control the rating returned from abuseipdb.
  • Added a setting to block IP's that are spoofing.
  • Added a link to add an IP to the abuseipdb table from the popup checker.
  • Added a cron job to clean the database of duplicates.
  • Added many entries to the hacker definition file
  • Added tables to store known good google and Bing Ip's and the code to ignore them.
  • Changed the log recording code to account for the source IP if Cloudflare is used.
  • Changed the Danger warning to a link so the hacker IP can be seen with a click.
  • Removed ads.txt from the hacker defines since google needs it for their scripts.
  • Rewrote some of the IP checking code. Saved 15 seconds on a site with 12,000 daily visits.

Notes:

  • This version has moved the code that updates the database to a cron job. For busier sites, this greatly increases the speed of the code. So be sure to remove the code previously added to both application_top files or the hook for that if your shop uses hooks.
  • This version now uses a class for most of the work in admin. The function file is now used to provide compatibility between the various versions of oscommerce. Just upload all of the new files to apply these changes.
  • I discovered that the names for countries that IP2location uses in its database does not always match the actual country name. I have edited the country list used by View Counter to account for this.  So of the names are longer than the field the database uses. The database script will adjust this but you will need to check the selected blocked countries to make sure the ones you want to block are checked.
  • For the Pro version, I haven't added a limit to the abuseipdb entries yet. I am still testing how it affects a sites speed. So far, we have over 115,000 entries in that table and it has not made any noticeable difference in speed. And it has resulted in over 1,400 blocked hits.
  • In the last six months, or so, more than one person downloaded a list of all of the old addons and created a script to check for any of them on a site. Some old addons had serious security holes so if you have one installed, it could provide a way for hackers to get in. The pro version provides a way to check for this. For the free version, be sure to double check your isntallations.
  • I have also noticed that hackers are, more and more, using multiple IP's for checking a site. This is meant to prevent shop owners from noticing an IP that is skimming data.  Some single IP's can hit a site several thousand times in a matter of hours. By using multiple IP's, the hits are spread out making it appear that the site is just busier but in a normal way. You can change the Skimmer setting in View Counter to catch such hits.
  • Whether you use View Counter or not, you should use the changes that are in the extra directory for the .htaccess and robots file since they will help your shop. For the .htaccess file, copy its contents into yours (don't replace yours with it). for the robots file, be sure to change the first and last lines to reference your site.
  • Works with all oscommerce versions through Phoenix 1.0.8.21.
Edited by Jack_mcs

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...