Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

IP trap Version 3 released


FIMBLE

Recommended Posts

Hi i installed version 3.1. everything works fine, besides one thing:

 

When i ad my IP adress on top of the IP_Trapped.txt list, my site visit is blocking my IP ( thats ok )

 

When i ad my IP adress on the second place of the IP_Trapped.txt, my site is not blocking my ip

 

Am i doing something wrong.

 

Thanks

Link to comment
Share on other sites

Hi IT appears the version is more BETA than i had expected, I am rewriting it when time allows.

The next release will i hope be free of problems!

It will also address the PayPal issue some are having with it, for now please use last version 2.

I will release the V3 when i am confident it works for all.

Regards

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

Hi IT appears the version is more BETA than i had expected, I am rewriting it when time allows.

The next release will i hope be free of problems!

It will also address the PayPal issue some are having with it, for now please use last version 2.

I will release the V3 when i am confident it works for all.

Regards

Nic

 

Hi Nic,

 

Thanks for so far and keep up the good innitiative.

 

I did install also version 2, has the same issue as mentioned in my previous question.

 

Fist IP line is blocked, second and other places below none blocking

Link to comment
Share on other sites

Nic,

I have been looking at installing this contribution and found some instances where the installation instructions in v3.1 don't match the code. I just found this thread and see that you are now advising people to go back to v2.x until you release an update, so I won't worry about it and install the previous version.

 

I can shed a little light on the PayPal IPN issue, if you haven't already resolved it, as I have used it for years and know quite a bit about how it works. Problems with updating status are caused by the inability of PayPal to reach the IPN handler, which is usually installed at /catalog/ext/modules/payment/paypal_ipn.php.

 

I would be happy to assist in testing if you need another tester before you release the next version. Just drop me a PM.

 

--Glen

Link to comment
Share on other sites

Hi Steve (Glen)

Thats very kind of you, i did think it was fine as when i wrote and tested it worked fine for me on my PC but obviously not for everyone which makes it useless.

I know the PayPal problem and i have rectified this in the new release (i hope) however i will be glad to have your help and assistance.

I will PM you when i feel i am ready to test again (im upto my eyes with customers presently)

Regards

Nic

Edited by FIMBLE

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

  • 4 weeks later...

Hello Fimble,

 

in personal/index.php:

 

foreach( $IPlist as $Whiteip ) 
{
$test = strcmp($Whiteip,$ipw);
}
if ($test > 0){

 

Should be something like:

 

$found=false;
foreach( $IPlist as $Whiteip ) 
{
 if (strcmp($Whiteip,$ipw)==0)
 {
   $found=true;
 }
}

if ($found)
{		

 

Very nice contrib, thank you.

Regards

Evolved

Link to comment
Share on other sites

I've been asked to elaborate...

 

The contrib is a good starting point to implement a "honey pot".

 

As for the original code:

foreach( $IPlist as $Whiteip ) 
{
$test = strcmp($Whiteip,$ipw);
}
if ($test > 0){

 

The original code above tries to compare all entries in the "white list" with the ip of the current user.

If a user is found he/she gets redirected to the default page, if not the trap gets triggered.

Problem is that the "strcmp" function isn't used correctly.

 

php strcmp function

 

Also the loop has no effect.

With the code as is $test only returns the result of strcmp with the last entry in the list.

 

Personally I would also remove or comment out the entry in application_top which otherwise runs through the list of ips everytime a page is loaded, making the site slower. If you remove the entry users don't get banned but you should get an email that someone ran into the trap. If this happens (a lot) you can uncomment and use the blocking feature again.

 

Hints: try out all changes, make sure you get an email if trap is triggered, reset your router if you need another ip to test with, make sure the robots.txt is at the right location.

 

$found=false;
foreach( $IPlist as $Whiteip ) 
{  
 if (strcmp($Whiteip,$ipw)==0)  
 {    
  $found=true;
  break;  
 }
}

if ($found){   

 

you can also use the keyword "break" to make the loop a bit faster but this is only cosmetics.

 

Hope that helps

 

Regards

Evolved

Link to comment
Share on other sites

I've been asked to elaborate...

 

The contrib is a good starting point to implement a "honey pot".

 

As for the original code:

foreach( $IPlist as $Whiteip ) 
{
$test = strcmp($Whiteip,$ipw);
}
if ($test > 0){

 

The original code above tries to compare all entries in the "white list" with the ip of the current user.

If a user is found he/she gets redirected to the default page, if not the trap gets triggered.

Problem is that the "strcmp" function isn't used correctly.

 

php strcmp function

 

Also the loop has no effect.

With the code as is $test only returns the result of strcmp with the last entry in the list.

 

Personally I would also remove or comment out the entry in application_top which otherwise runs through the list of ips everytime a page is loaded, making the site slower. If you remove the entry users don't get banned but you should get an email that someone ran into the trap. If this happens (a lot) you can uncomment and use the blocking feature again.

 

Hints: try out all changes, make sure you get an email if trap is triggered, reset your router if you need another ip to test with, make sure the robots.txt is at the right location.

 

$found=false;
foreach( $IPlist as $Whiteip ) 
{  
 if (strcmp($Whiteip,$ipw)==0)  
 {    
  $found=true;
  break;  
 }
}

if ($found){   

 

you can also use the keyword "break" to make the loop a bit faster but this is only cosmetics.

 

Hope that helps

 

Regards

Evolved

 

Hi Evolved,

Thanks for the heads up, i am still developing a better solution at present with a few members testing for me, results are good at present. As always paid work comed first

I will post a message when it is ready

Regards

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

As neat as this add-on seems, it will not work for me. I have tried all versions. I see that Australian sites are high on the "doesn't work list".

 

I noticed that personal/index.php uses fopen(), this could be the reason it refuses to work for me as my hosting company, along with many others, have globally disabled fopen() citing "Security issues affecting some websites".

 

graeme

Link to comment
Share on other sites

As neat as this add-on seems, it will not work for me. I have tried all versions. I see that Australian sites are high on the "doesn't work list".

 

I noticed that personal/index.php uses fopen(), this could be the reason it refuses to work for me as my hosting company, along with many others, have globally disabled fopen() citing "Security issues affecting some websites".

 

graeme

 

Yes i have had issues with fopen being disabled, you can use a php ini to get it working,

Create a text file add this line to it

allow_url_fopen = On;

save it as php.ini you will need to add it to all folders where you want it to work.

I was testing it with coopco, but have been busy with other work, i will give it some attention very soon

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

Yes i have had issues with fopen being disabled, you can use a php ini to get it working,

Create a text file add this line to it

allow_url_fopen = On;

save it as php.ini you will need to add it to all folders where you want it to work.

I was testing it with coopco, but have been busy with other work, i will give it some attention very soon

Nic

Link to comment
Share on other sites

Thanks for the try Nic but same no result. I will wait till you get time to update and try again.

 

One odd thing when IPTrap is operational and I attempt access to the personal folder http://www.mydollyandme.com.au/personal/, or any other folder for that matter, I get

http://www.mydollyandme.com.au/personal/www.mydollyandme.com.au/index.php, basically just appends my url to the end.

 

graeme

Link to comment
Share on other sites

Yes i have had issues with fopen being disabled, you can use a php ini to get it working,

Create a text file add this line to it

allow_url_fopen = On;

save it as php.ini you will need to add it to all folders where you want it to work.

I was testing it with coopco, but have been busy with other work, i will give it some attention very soon

Nic

 

Thanks for the thought Nic, still no luck though. I will wait till you get time to update, I'm getting pretty quick at cleaning, been hacked three times this year.

 

One odd thing when testing, trying to access the personal folder, and all others that I tried

http://www.mydollyandme.com.au/personal/ yielded this result

http://www.mydollyandme.com.au/personal/www.mydollyandme.com.au/index.php - neat redirect to nowhere!

 

graeme

Link to comment
Share on other sites

This so called IPTrap is far from stable. I highly doubt it will ever be stable as I found a topic here where it was created by other forum members. This fimble guy just copied what was in the forum and packaged it like it was his work. Now he cant seem to make a stable release. This IPTrap will block certain payment modules from sending data to your shop. I would stay far away from it and wait for something to come out by people that know what they are doing.

Link to comment
Share on other sites

This so called IPTrap is far from stable. I highly doubt it will ever be stable as I found a topic here where it was created by other forum members. This fimble guy just copied what was in the forum and packaged it like it was his work. Now he cant seem to make a stable release. This IPTrap will block certain payment modules from sending data to your shop. I would stay far away from it and wait for something to come out by people that know what they are doing.

 

Thank you for your comments, they are always welcome.

it does say on the contribution ...

 

Contribution is a culmination of various forums and some work of my own, thank you to all those who have been part of the topic, I cannot remember who they are but let me know and I will put your credit on file.

 

 

Thinking it was a good idea to package it and develop it further, it also says earlier on this post to please use version two which is stable.

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

I dont think any version is stable. As I said; IT BLOCKS CERTAIN PAYMENT MODULES FROM SENDING DATA TO ONES SHOP!It is a shame that you released it on 30th April after grabbing it from a topic started on 23rd of April, but could not remember who really wrote the code, so people could get better help from there. http://www.oscommerce.com/forums/topic/300238-ip-banishment/page__hl__list If you can not improve the code for stability then why release it with no public uploads available?

Link to comment
Share on other sites

I dont think any version is stable. As I said; IT BLOCKS CERTAIN PAYMENT MODULES FROM SENDING DATA TO ONES SHOP!It is a shame that you released it on 30th April after grabbing it from a topic started on 23rd of April, but could not remember who really wrote the code, so people could get better help from there. http://forums.oscomm.../page__hl__list If you can not improve the code for stability then why release it with no public uploads available?

 

OK i had enough of you now,

I found out who it was and PM'd him to ask if it was OK to publish he said yes, this was after i had done so but could have had it taken down, (you can of course PM him and ask him if i did or not) if you are so hot then sort it yourself and release it, some people seem to only want to complain and you seem to be one of them, rather than be constructive you choose to attack.

If i'm so bad then why has HPDL been asking me to help him with some work?

People like YOU make people like me wonder why the hell i bother at all

I have helped thousands of people here and release a LOT of contributions. If you do not like them then do not use them.

Taking an idea and releasing it as a contribution when no-one else seems to want to for the benefit of all is not a new thing it happens a fair amount.

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

You miss my point completely. Why upload it with permissions of "no public uploads allowed?" If you let others contribute to it it could be a good mod. The idea behind it is good, at least it was. And I am not here to insult, only ask questions in hope for production. I do not care who ask who anything. I wont reply anymore, so don't worry about me wasting your time anymore. It was important that people know where this came from and its downfalls before they waste their time installing it. Now go make another template or something. In the meantime I will create a real IP Trap.

Link to comment
Share on other sites

I have recoded part of the Trap, and removed the offending code that impacted upon PayPal return.

Please can those who have had problems getting to work on the test site, try it out again?

 

It works on my PC + Laptop with a different Internet connection, but it always has!

A few members have also tested it and so far its 100%

 

Test

 

 

Please also try to enter the site once blocked,

 

Here

 

 

Please post your feedback here

 

Thanks

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

I have recoded part of the Trap, and removed the offending code that impacted upon PayPal return.

Please can those who have had problems getting to work on the test site, try it out again?

 

It works on my PC + Laptop with a different Internet connection, but it always has!

A few members have also tested it and so far its 100%

 

Test

 

 

Please also try to enter the site once blocked,

 

Here

 

 

Please post your feedback here

 

Thanks

 

I did "here" first..got through (of course)

Then did "test" .....got banned.

Then did "here" again and still am banned.

 

So for me anyway...it worked.

 

Thanks

I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Link to comment
Share on other sites

I did "here" first..got through (of course)

Then did "test" .....got banned.

Then did "here" again and still am banned.

 

So for me anyway...it worked.

 

Thanks

Yes, that worked for me too. My previous post referred to another test.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...