Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

IP trap Version 3 released


FIMBLE

Recommended Posts

Hi

I have updated the whitelist part and tested on 5 IP numbers, with 100% results.

The Whitelisted IP numbers do not get blocked whilst any other does, problems with being blocked but still being able to get pages has been sorted.

The PayPal issues some seem to have had I have also resolved.

 

Can I ask you to test this once more for me?

What i need is for you to see ensure you can see the site

 

Here

 

 

Then get yourself banned (Please make a note of your IP number)

 

Here

 

 

Try to get the index page again (you should not be able to, please advise if you can)

 

Here

 

 

PM me with your IP number, i will then remove it from the banned list and add it to the whitelist.

Then try to ban yourself again

 

Here

 

you should find yourself redirected to the index.php page, and will not be banned.

 

Thank you all for your time, and help

 

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

Hi

I have updated the whitelist part and tested on 5 IP numbers, with 100% results.

The Whitelisted IP numbers do not get blocked whilst any other does, problems with being blocked but still being able to get pages has been sorted.

The PayPal issues some seem to have had I have also resolved.

 

Can I ask you to test this once more for me?

What i need is for you to see ensure you can see the site

 

Here

 

 

Then get yourself banned (Please make a note of your IP number)

 

Here

 

 

Try to get the index page again (you should not be able to, please advise if you can)

 

Here

 

 

PM me with your IP number, i will then remove it from the banned list and add it to the whitelist.

Then try to ban yourself again

 

Here

 

you should find yourself redirected to the index.php page, and will not be banned.

 

Thank you all for your time, and help

 

Nic

Congratulations Nic on your perserverence under sniper fire. It works exactly as it should. Thanks too for adding me to the whitelist.

Link to comment
Share on other sites

All working well here.

 

After being added to white list I was allowed to enter :)

 

Looking good!

 

Fab, I was confident it would work fine now, but had to get others to test.

Thank you very much for your help i appreciate it a lot.

Do you want me to send you a copy for you to try out on your server?

If so send me your mail addy and i will forward you a copy prior to releasing it

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

Thanks for the thought Nic, still no luck though. I will wait till you get time to update, I'm getting pretty quick at cleaning, been hacked three times this year.

 

One odd thing when testing, trying to access the personal folder, and all others that I tried

http://www.mydollyandme.com.au/personal/ yielded this result

http://www.mydollyandme.com.au/personal/www.mydollyandme.com.au/index.php - neat redirect to nowhere!

 

graeme

just tried the v4 update, still no luck on my site. I don't think the fopen bypass works for me. Works nicely when the server has fopen enabled though, installed on a friends site, she's quite pleased.

 

graeme

Link to comment
Share on other sites

just tried the v4 update, still no luck on my site. I don't think the fopen bypass works for me. Works nicely when the server has fopen enabled though, installed on a friends site, she's quite pleased.

 

graeme

 

 

Same here! It is still a no go and we do have:

 

allow_url_fopen ON

 

If I add my own IP to the Whitelist then go to the personal folder (directory) I am also added to the banned list and have to remove myself from it before I can get back to the home page so for me it works just as it always has.

 

I will double check everything to make sure I follwed the directions a 4th time just to be sure!

Edited by drm1963
Link to comment
Share on other sites

Actually I just noticed when I ran the test on this site

 

http://www.development-server.net/j/personal'>http://www.development-server.net/j/personal

 

is shows the banned page (blocked.php) but then when I try to go to this site

 

http://www.development-server.net

 

everything is like I have not been banned and I can see the page http://www.development-server.net instead of being redirected to the banned page (http://www.development-server.net/blocked.php)

 

Now since I cannot see the IP_Trapped and whitelist on these pages I can only assume they are like my own.

 

I add my IP to my whitelist and then I go to the /personal folder and I get the banned page (blocked.php)

 

Then when I try to return to my site I get the banned page (blocked.php)

 

I check and I am in both the Whitelist and IP_Trapped. I remove myself from the IP_Trapped and I can go to my website again.

 

 

The difference I can see between the two sites is when I am blocked on my site I stay blocked until I remove my IP from the IP_Trapped list and the WHITELIST makes no difference on my site whether my IP is in it or not.

Edited by drm1963
Link to comment
Share on other sites

I went to your site personal and got banned, you are right as when I then went to home page I was allowed in.

The contribution is working great on my live site though.

I set a pm with my IP can you see if its in the banned.txt please.

 

Thanks

Link to comment
Share on other sites

Actually I just noticed when I ran the test on this site

 

http://www.developme....net/j/personal

 

is shows the banned page (blocked.php) but then when I try to go to this site

 

http://www.development-server.net

 

everything is like I have not been banned and I can see the page http://www.development-server.net instead of being redirected to the banned page (http://www.development-server.net/blocked.php)

 

Now since I cannot see the IP_Trapped and whitelist on these pages I can only assume they are like my own.

 

I add my IP to my whitelist and then I go to the /personal folder and I get the banned page (blocked.php)

 

Then when I try to return to my site I get the banned page (blocked.php)

 

I check and I am in both the Whitelist and IP_Trapped. I remove myself from the IP_Trapped and I can go to my website again.

 

 

The difference I can see between the two sites is when I am blocked on my site I stay blocked until I remove my IP from the IP_Trapped list and the WHITELIST makes no difference on my site whether my IP is in it or not.

 

 

 

Hi

The IP trap is more effective when your store is in root, but then it still only protects the set of files it resides in, ie if your store is in the catalog folder, only your catalog folder will be affected, its not holistic.

Make sure that your IP number only exists in one list, either the IP_Trapped.txt or the Whitelist.txt, if yours does exist in both then you will be banned, the IP_Trapped.txt will override any entry in the whitelist.

 

Make sure you CHMOD both files to 666

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

hi Nic,

 

I have installed v4 and encountered a few problems:

 

After getting to the personal folder I got myself banned and my ip was added to the IP_trapped.txt file. I couldn't view any of the site.

 

I removed my ip from IP_trapped.txt and added it to whitelist.txt.

 

I tried to ban myself again (by visiting personal folder) and got banned again even though my IP was in whitelist.txt, I didn't get redirected to index.php. It's as if it ignores whitelist.txt.

The IP got written in IP_Trapped.txt even though it was in Whitelist.txt.

 

I didn't have this problem with version 3.1. Just thought I'd let you know, hopefully this will be of some use. Thanks for the great work you do.

 

Isa

Edited by Biancoblu

~ Don't mistake my kindness for weakness ~

Link to comment
Share on other sites

This may or may not have any bearing on the problems some are presenting but thought I would post it.

 

I was testing in Fire Fox and EI, then all off a sudden I couldn't get to index even though I was white-listed.

 

But as it was having a Dynamic IP here at the house it is subject to change and it just changed from this AM. I added the new IP to white-list and all is well again.

Link to comment
Share on other sites

This may or may not have any bearing on the problems some are presenting but thought I would post it.

 

I was testing in Fire Fox and EI, then all off a sudden I couldn't get to index even though I was white-listed.

 

But as it was having a Dynamic IP here at the house it is subject to change and it just changed from this AM. I added the new IP to white-list and all is well again.

 

 

Yes this happened to me testing with a USB conection the IP kept changing during testing, which was why having you and others test it for me was so important.

 

@ Isa,

It might be beneficial if i can look on your server, providing you are ok with this, i ask you as i have been there a few times already and you know you can trust me!

IF you agree please Email me you details, i take it you still have my email?

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

Nic

 

thanks for offering to look at my server....he usually listens to you better than he listens to me :-" I've just emailed you.

 

Actually I think I have dynamic IP's but somehow this never caused a problem with the IP trap v3.1, once one of my IP's was on the whitelist I was always allowed in, perhaps it wasn't functioning the way it should have been either?

 

Isa

Edited by Biancoblu

~ Don't mistake my kindness for weakness ~

Link to comment
Share on other sites

Hi Isa,

I will look at the server tonight, all i will do is test it with my IP number and add / remove the IP number from the IP_Trapped and Whitelist.

To my error i found out that the version you used let anyone back in once any IP number as added, as it worked during my own testing i mistakenly assumed it was working when it was not, this is why i have asked other people to help test it so the same error cannot happen again!

 

I will let you know once i have had a look

 

Nic

 

 

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

Isa,

It is as you suspected your IP number, i have banned myself and been blocked from all access then i removed my IP from the IP_Trapped and added it to the whitelist and i was able to gain access.

It functions perfectly well, but this does show that its not a be all end all solution just one link in your chain of security.

 

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

Nic,

thanks for testing it, but what I don't understand is that in my case, I get banned with the same IP I've just removed from the trapped list and added to the whitelist, and then it writes that same IP to the trapped list again. That doesn't make sense, does it?

 

thanks for your time.

Isa

Edited by Biancoblu

~ Don't mistake my kindness for weakness ~

Link to comment
Share on other sites

Nic,

thanks for testing it, but what I don't understand is that in my case, I get banned with the same IP I've just removed from the trapped list and added to the whitelist, and then it writes that same IP to the trapped list again. That doesn't make sense, does it?

 

thanks for your time.

Isa

 

Hi Isa,

Go to your site and get yourself banned, i will then pick up your IP number

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

Came back to say that I've tested it again. Sometimes I get unbanned alright and stay unbanned, other times it bans me again even though the IP already is on the whitelist. Right now I'm banned.

Edited by Biancoblu

~ Don't mistake my kindness for weakness ~

Link to comment
Share on other sites

Came back to say that I've tested it again. Sometimes I get unbanned alright and stay unbanned, other times it bans me again even though the IP already is on the whitelist. Right now I'm banned.

I know this is pretty basic, but are you sure it's not a browser cache issue?

Link to comment
Share on other sites

I thought the exact same thing, so I emptied my browser cache and cookies, and it made no difference. I use FF 3.5.3, haven't tried it in IE. But like I said before, sometimes it works and sometimes not.

Is there some kind of cache on servers as well? (---> sorry if this is a stupid question).

~ Don't mistake my kindness for weakness ~

Link to comment
Share on other sites

I thought the exact same thing, so I emptied my browser cache and cookies, and it made no difference. I use FF 3.5.3, haven't tried it in IE. But like I said before, sometimes it works and sometimes not.

Is there some kind of cache on servers as well? (---> sorry if this is a stupid question).

It worked for me in IE6, I am now banned from your site. BTW, my IP does not change.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...