Jump to content



Photo
- - - - -

IP trap Version 3 released


  • Please log in to reply
310 replies to this topic

#301   cwh

cwh
  • Members
  • 2 posts
  • Real Name:Maria

Posted 09 January 2012 - 10:31

Hi there!
I just finally got this to sort of work...not really....

My ip get's block even though it's on my whilelist.txt file. I deleted the entire content of the whitelist.text file because otherwise I never got to be blocked!!! I tried removing the IP address with only 3 parts (as suggested on earlier posts) and that did not work. So i tried deleting everything and it sort of work.

The only way I don't get blocked out is when I removed my ip from the ip trapped text file and get the whilelist text files with only the IP's with 4 parts on it. Like this then I don't think the script works as when I type mysite.com/store/personal/ it goes back to mysite.com/store/index.php

Any suggestions as how this is suppose to be working as it should be?

#302   MichelleDW

MichelleDW
  • Members
  • 22 posts
  • Real Name:Michelle Walls

Posted 17 January 2012 - 01:25

I installed the trap (changing the name of "personal" to "admin") and was getting redirected to the index page too. I tried changing the file names to all lowercase as suggested by Jörg, but now have an Internal Server Error 500. I deleted the whitelist.txt file but that didn't have any effect.

Please help.

#303   dvharrison

dvharrison
  • Members
  • 365 posts
  • Real Name:Deb
  • Gender:Female
  • Location:Essex, UK

Posted 01 February 2012 - 11:20

Hi all

I have installed this add-on as I think it would revolutionise our website and its recent problem.

I am working with OSCommerce 2.3.1 on XAMPP set up. I have followed the instructions v.v. carefully and when someone visits the now admin file, they get the blocked page, but The IP Address displays as ::1 on both page and email.

Also the Whitelist and banned_IP numbers do not record anything therefore the website can still be accessed.

Please advise what I am doing wrong. I noticed in the instructions you have

If you want to prevent snoopers from viewing your files in banned folder add
the following to your .HTACCESS file


But no code is listed. It just goes straight onto the stop those bots and scammers section

Please advise.
Debbie Harrison

#304   dvharrison

dvharrison
  • Members
  • 365 posts
  • Real Name:Deb
  • Gender:Female
  • Location:Essex, UK

Posted 02 February 2012 - 11:17

Does it work like this because I am on localhost? If thats the case then fair enough.
Debbie Harrison

#305   ShopAdminNL

ShopAdminNL
  • Members
  • 15 posts
  • Real Name:LeoS

Posted 24 April 2012 - 15:22

I am about to install this addon to my osc 2.3.1 webshop, but there's a question I have;
Could it be that search engines and/or crawlers IP addresses are also getting banned when indexing my page? I'm about to go live and announce it to some search engines, but ofcourse I would not have things like Google be banned from my site /wink.png' class='bbc_emoticon' alt=';)' />

And also, why are there a ton of IP addresses in the whitelist.txt already in the version I just downloaded?

And one more thing about the install.txt from the addon, I see this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@

If you want to prevent snoopers from viewing your files in banned folder add
the following to your .HTACCESS file


Trap those bots and snoopers!
-----------------------------


But there's no text or anything there to put in my .htaccess

#306   ShopAdminNL

ShopAdminNL
  • Members
  • 15 posts
  • Real Name:LeoS

Posted 25 April 2012 - 09:54

No worries, got this one working like a charm now! Thanks for the contri /thumbsup.gif' class='bbc_emoticon' alt=':thumbsup:' />

I made some little twists to make it work:

- changed the file names of IP_Trapped and Whitelist without caps and set chmod permissions for ip_trapped to 664

- in .htaccess in the /banned/ directory I wrote some extra security like:
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files ip_trapped.txt>
order allow,deny
deny from all
</Files>
<Files whitelist.txt>
order allow,deny
deny from all
</Files>


- added 999.999.999.9999 to the cleared whitelist (what were those IPs doing there?), otherwise my own IP wouldn't get recognized (I think because of a lack of an hard Enter in the list)


Now I've got this working all I have left to do is change the folder name /personal/ to /admin/ and alter this in my robot.txt

Edited by ShopAdminNL, 25 April 2012 - 10:07.


#307   ce7

ce7
  • Members
  • 244 posts
  • Real Name:lyn

Posted 01 June 2012 - 00:28

Hi
Fimble,

thank you very much for your addon,
I had install it and it test ok

but now I am in the black list,
I had add the IP into white list and update it
but it is still block me

I think maybe this is what you said a dynamic IP and need to
add code to .HTACCESS file to combat it.

Can you please help me to add code .HTACCESS file?

Sorry I haven't read through the forum and post first!

thanks

lyn

#308   ce7

ce7
  • Members
  • 244 posts
  • Real Name:lyn

Posted 01 June 2012 - 05:06

continue the questions I had:

I did not receive email and I check the index.php file and make sure I put the right email address (still didn't receive anything though)

if I change the admin folder, when I try to login, say www.mysite.com/newadmin/login.php it just say page can not be found

any suggestions?

Thanks!

lyn

#309   croth

croth
  • Members
  • 3 posts
  • Real Name:Curt

Posted 03 October 2012 - 14:45

Hi all, I just installed this IP trap and I'm getting this warning, any idea what I am doing wrong? :

[img]https://lh4.googleusercontent.com/-W8p9orqHb7Q/UGwx2cHmQ5I/AAAAAAAABgk/p53ghntYCpA/s566/ip-test.jpg[/img]

Attached Files


Edited by croth, 03 October 2012 - 14:47.


#310   yadetar

yadetar
  • Members
  • 24 posts
  • Real Name:Janina
  • Gender:Female

Posted 11 October 2012 - 22:27

Thanks for this great contrib!

I'm now looking forward to trap the first one and had an idea while waiting.
How about if I add to the ip_trapped.txt some IP-list from Project Honeypot (for example Directory of Malicious IPs)?
http://www.projecthoneypot.org/
Would that be ok and wise?

Cheers,
yadetar

#311   WESK

WESK
  • Members
  • 36 posts
  • Real Name:Wes

Posted 09 May 2013 - 16:20

How to speed up this process....use session variables?

I am not trying to bring this thread back from the dead but has anyone else been curious about setting a session variable once the customer is deemed a customer and not a hacker? Instead of checking the file on every page load it just seems it would be much faster to just check if the customer session variable was set once earlier against the file....

I have done so but I haven't completely finished resetting the customer session to a bad guy once they break our trusted and try to access items they shouldn't. (still testing this works correctly) Right now it nulls out the session so they have to go through the file check again. Thoughts ?

Edited by WESK, 09 May 2013 - 16:22.