Jump to content
Sign in to follow this  
FIMBLE

IP trap Version 3 released

Recommended Posts

@jonanv & @artstyle

This is the behaviour of an IP added to the Whitelist, @jonanv i just tried yours and got blocked and stayed blocked, it is working for me.

Nic

 

You are right, I cleared the whitelist and I was redirected to blocked.php.

 

Quick question in regards to the personal folder. If I have renamed my admin folder to something else, could I rename the personal folder to admin? Do you think that would trap more IPs?

 

Johan

Share this post


Link to post
Share on other sites

You are right, I cleared the whitelist and I was redirected to blocked.php.

 

Quick question in regards to the personal folder. If I have renamed my admin folder to something else, could I rename the personal folder to admin? Do you think that would trap more IPs?

 

Johan

Hello!

 

I think the documentation is a bit incomplete for this addon. I had to chown wwwrun

the IP_Trapped.txt so the Apache can write to it.

The docu says also:

If you want to prevent snoopers from viewing your files in banned folder add

the following to your .HTACCESS file

 

but no instrctions follow.

 

As far as I understand, this addon looks at the robots.txt and bans due to entries

there. I get banned when I call the /personal folder and receive an email. I am

not banned if I call the admin folder although it is also in the robots.txt.

 

In the email I get I read:

Please make sure that this IP number is not a search engine

 

Isn't it so that even a search engine should not be allowed to look in folders

mentioned in the robots.txt?

 

Some clearification please?

 

Andreas

Share this post


Link to post
Share on other sites

I have just spent a couple of hours trying to understand why I couldn't get the whitelist to work with this addon (version 5.2) and think I finally found the answer. I was adding my IP to Whitelist.txt but still getting banned when I tried to access the personal folder.

 

I think the problem was caused by using the cPanel editor on my web hosting to edit Whitelist.txt. This changed the end of line characters from CRLF to LF (DOS format to Unix format) and this stops the whitelist from working. If I edit Whitelist.txt on my Linux PC in DOS format and then upload it to my web host it works and my IP does not get banned.

 

Is there any way IP Trap could be modified so Whitelist.txt doesn't have to be DOS format?

Share this post


Link to post
Share on other sites

I am having an issue with the IP TRAP v 5.2 not working correctly. I have attempted to access the personal folder and it still directs me it the index.php. I have checked and double checked the installation and still am not able to see it. Any help would be greatly appreciated. I have a fresh site and want to get it secure before setting everything up.

 

you can see what I mean by clicking Website

 

Thank you in advance...

 

Mike


Do or Do Not, there is no try.

Share this post


Link to post
Share on other sites

I have just spent a couple of hours trying to understand why I couldn't get the whitelist to work with this addon (version 5.2) and think I finally found the answer. I was adding my IP to Whitelist.txt but still getting banned when I tried to access the personal folder.

 

I think the problem was caused by using the cPanel editor on my web hosting to edit Whitelist.txt. This changed the end of line characters from CRLF to LF (DOS format to Unix format) and this stops the whitelist from working. If I edit Whitelist.txt on my Linux PC in DOS format and then upload it to my web host it works and my IP does not get banned.

 

Is there any way IP Trap could be modified so Whitelist.txt doesn't have to be DOS format?

 

Hello

Have you tried to add / remove VIA FTP Program?

Nic


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

I am having an issue with the IP TRAP v 5.2 not working correctly. I have attempted to access the personal folder and it still directs me it the index.php. I have checked and double checked the installation and still am not able to see it. Any help would be greatly appreciated. I have a fresh site and want to get it secure before setting everything up.

 

you can see what I mean by clicking Website

 

Thank you in advance...

 

Mike

 

Hi Mike,

After making sure it is installed corectly, try removing the IP numbers in the whitelist - see if that cures it

Nic


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

Hello

Have you tried to add / remove VIA FTP Program?

Nic

Hi Nic, thanks for the reply.

 

I'm not sure what you mean by this. FTP is a file transfer program not an editor. Yes, I have used FTP to download the whitelist to my PC, edited the file and used FTP to put it back. This works provided I keep the DOS end of lines when editing. I am in a Linux environment both at the client and server end. I guess that doing the FTP transfers in ascii or binary mode will also have an effect for some people. Binary mode will leave the file unchanged while ascii mode may change the end of line characters depending on the operating systems involved.

 

I have seen many posts on here from people unable to get the whitelist to work and many from people for whom it works perfectly. I am just offering this end of line problem as a possible solution to the problem. It is something I have observed on my installation and keeping the DOS end of line characters solves the problem. I don't think users of IP Trap should have to worry about keeping the file in DOS format if they are working in a Unix / Linux environment, hence my question about whether it is possible to code the addon so that it works with either type of end of line characters.

Edited by osc_david

Share this post


Link to post
Share on other sites

Hi Mike,

After making sure it is installed corectly, try removing the IP numbers in the whitelist - see if that cures it

Nic

 

Hey Nic,

 

I really like this contribution. I did have a hacked site and finally cleaned it out. I think it would be best to upgrade to os v 2.3.1 and ass some security. What do you think? I also reased all ip's from the whitelist and the contribution works. Thank you. I did notice that I had to change the permissions to 777, is that alright?

 

Thank you again for such a great contribution.

 

Mike


Do or Do Not, there is no try.

Share this post


Link to post
Share on other sites

I am having an issue with the IP TRAP v 5.2 not working correctly. I have attempted to access the personal folder and it still directs me it the index.php. I have checked and double checked the installation and still am not able to see it. Any help would be greatly appreciated. I have a fresh site and want to get it secure before setting everything up.

 

you can see what I mean by clicking Website

 

Thank you in advance...

 

Mike

 

 

May I ask to have someone test the site to check to see if the IP Trap is working correctly. I would greatly appreciate it. It is kinda of a hit and miss when I am testing it out.

 

Thank you in advance...

 

Mike


Do or Do Not, there is no try.

Share this post


Link to post
Share on other sites

Hi Mike

I just tested it and got banned and remiand banned.

If you have a rapidly changing IP number then it will give the apearance of not working as the IP you got banned with has changed.

As for your question about 777, it is not safe to run with permissions so high and you are running the very real risk of being hacked once again.

For folders you should be looking at a max of 755 and files 644 (unless they need to be read / write, in this case 666)

777 will get you hacked again and its not a matter of if but when

Nic


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

Hi Mike

I just tested it and got banned and remiand banned.

If you have a rapidly changing IP number then it will give the apearance of not working as the IP you got banned with has changed.

As for your question about 777, it is not safe to run with permissions so high and you are running the very real risk of being hacked once again.

For folders you should be looking at a max of 755 and files 644 (unless they need to be read / write, in this case 666)

777 will get you hacked again and its not a matter of if but when

Nic

 

 

Nic,

 

Thanks, I did reset the permissions to 644 and everything seems to be working. I did check the site from another IP and it blocked it as well. I also see your ip address in there as well. I have removed and put it in a white list.

 

Thank you so much for your help. I guess my next step would be to rename the admin and so forth. What else would you recommend for protection on the site. I have the Site Monitor and IP Trap so far.

 

Mike


Do or Do Not, there is no try.

Share this post


Link to post
Share on other sites

Nic,

 

Thanks for the great contribution for this IP Trap.

 

I had got a few problems and questions and i hope you can assist me further.

I had read some posts from this thread as well, and follow some instructions mentioned, but still have no luck.

On my first installation yesterday, it did worked like a charm... But, when i play further today, without changing anything, it seems doesnt work again.

 

Here is my condition now :

- i am using OS 2.3.1 & IP v5.2

- i cleaned up the contains inside IP_Trapped.txt and Whitelist.txt [which is good, it worked yesterday, but not now....]

- Both IP_Trapped txt and Whitelist.txt i CHMOD to 666

- banned folder i CHMOD to 755

- I am using PC, and website was host by others

- I am using CuteFTP

- all CHMOD setting was done using the CuteFTP

- I had renamed my admin folder, but not yet renamed my personal folder

 

My problems :

1) After i visit my page http://store.yangscreation.com/personal'>http://store.yangscreation.com/personal it showed me the blocked.php [which is good]

Problem is:

- i still can visit the main page http://store.yangscreation.com [showing me the index.php file] or any other pages such as http://store.yangscreation.com/includes

- my IP was not recorded into the IP_Trapped file [but, from my ftp program, i did see the modified time for that file was up to date

- I did received email stating that the IP had been blocked

 

Any idea what i am missing here? Is it something to do with permission CHMOD settings? but, i had set to 666 as mentioned above. If i need to check the error log, how do i do it? Searching for some error.php files inside my /catalog/ ???

 

2) From my understanding, this IP trap thing was only to trap the spammers when the spammers visit the personal folder ONLY. This won't work when the spammers visit some other pages/folders among my site http://store.yangscreation.com Am I correct?

 

3) If my above statement is correct, just wonder, why it must be on personal folder only? Does personal folder usually contain important information? *Do apologise for this general question, I am new with OS commerce, and still learning*

 

4) Based from what i see on some posts in this thread, I can renamed personal folder to admin folder, to trap more IPs (I believe as soon as i rename the personal folder to admin, i have to make some changes inside my php file) But, should I create a blank personal folder again, so I can trap IPs that try to visit BOTH admin and personal folder. If i am correct, what should i do if i try to create a new empty personal folder?

 

5) I can put my own IP into the IP trapped txt file, but it seems like it only banned me from main page and personal folder. It seems like not banning me from some other folders such as catalog/includes/ or catalog/images/ Can you please advise?

 

6) From previous posts, i also noticed that i need to include the following into my HTACCESS file (which is located on my /catalog/ folder) for more protection (due to the incomplete statement inside the IP trap manual)

 

"SetEnvIfNoCase Request_URI IP_Trapped\.txt ban

<Files ~ "^.*$">

order allow,deny

allow from all

deny from env=ban

</Files>

 

SetEnvIfNoCase Request_URI Whitelist\.txt ban

<Files ~ "^.*$">

order allow,deny

allow from all

deny from env=ban

</Files>

 

If i copy paste the above statement, can i put it anywhere inside my htaccess file? or, it has to be specific in certain spot inside that file? Please advise. Also, the first statement of the above commands comes with the aposthropy "SetEnvIfNoCase ... while the second statement SetEnvIfNoCase doesnt comes with aposthropy. Am I correct ?

 

 

 

Thank you for the attention, and do appreciate your reply and help. Thank you :)

Edited by IyangTjipto

Share this post


Link to post
Share on other sites

Good Morning

First off have you made sure that you have added the application_top.php code just after the filemanager.php include?

 

IP Trap is not and was never intended to block anything but an explicit call to the personal folder, once trapped it will ban the user form the site until it is sprung then it does no other type of protection, for this I would suggest security pro, and sec_osC from the add on's area as proactive defence is their function, IP Trap is more reactive.

 

The htacess code can go anywhere within the htaccess file, the “ should not be there please remove prior to adding, the code incidentally prevents anyone from calling the text files in their browser and viewing the contents.

 

Please get back if the trap still refuses to work.

 

 

 

Rgds

 

Nic

 

 


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

Nic,

 

Thank you for your quick reply. I did followed the instruction on the manual, which is as shown below. I did re-check the application top.php file again before i type this post. And it is still the same as per your instruction on the manual shown below.

 

NEW INSTALL...

--------------

OPEN FROM THE IP Trap V5 / CATALOG / PERSONAL / INDEX.php

 

Edit line 22

$emailad = 'you@yoursite.com';

change the you@yoursite.com to your email address, ensure you keep within the apostrophes.

Save your file.

END OF IP Trap V5 / CATALOG / PERSONAL / INDEX.php EDITS

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Upload the file to your site maintaining the file structure, where your site is root, ignore the "catalog" part and upload the contents, all files are new and do not overwrite your core files.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

OPEN FILE - CATALOG / INCLUDES / APPLICATION_TOP.PHP

 

FIND....

 

// include the list of project filenames

require(DIR_WS_INCLUDES . 'filenames.php');

 

Add AFTER

// IP Trap V5

include(DIR_WS_INCLUDES . 'secret.php');

 

So it looks like ....

 

// include the list of project filenames

require(DIR_WS_INCLUDES . 'filenames.php');

// IP Trap V5

include(DIR_WS_INCLUDES . 'secret.php');

 

Thats it done!!

 

But, the problem still persists. Any advise what should i do? Problems remain the same as i mentioned above...

Share this post


Link to post
Share on other sites

Hello,

Add your IP number manually to the banned/IP_Trapped.txt and see if you are them able to get the index.php, or contact_us etc.. pages.

Suspect that as you said the IP's are not being added to the list that there is a problem with permissions still.

Have you checked your error logs for any permissions errors, though these would normally display at the time.

Nic


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

Hello,

Add your IP number manually to the banned/IP_Trapped.txt and see if you are them able to get the index.php, or contact_us etc.. pages.

Suspect that as you said the IP's are not being added to the list that there is a problem with permissions still.

Have you checked your error logs for any permissions errors, though these would normally display at the time.

Nic

 

Hello Nic,

I finally managed to find out what is wrong with it. The solution is that I "HAVE TO" include 999.999.999.999 on BOTH IP_Trapped and Whitelist text file. If I leave both text file blanks, it won't work at all.

 

Anyway, the problems seems like to be fixed now. but, i have another 2 questions :

1) I had edited my htaccess file with the command on my previous post, excluding the apostrophe. How do i find out that this is working?

2) If I renamed my personal folder to admin folder to trap more IPs, do i need to create another personal folder without any files inside? What I mean is, if i am having both admin and personal folder, then both folder can work hard to trap more bad IPs instead of one folder. Any comments? Also, just for your info, I had renamed my original admin folder to another name.

 

Again, do thank you so much for your help, Nic

 

Regards,

iyang

Share this post


Link to post
Share on other sites

Hi Iyang

1) call the IP_Trapped.txt in your browser you should get a 403 message. www.yoursite.com/banned/IP_Trapped.txt

2) you can do that, you can have one called admin and one called personal, you are not limited to just the one folder, just a bit pointless; if you change the folder to admin then remove the line in the robots text for Disallow: /personal/ no-one is going to look for the folder.

Regards

Nic


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

Hi Iyang

1) call the IP_Trapped.txt in your browser you should get a 403 message. www.yoursite.com/banned/IP_Trapped.txt

2) you can do that, you can have one called admin and one called personal, you are not limited to just the one folder, just a bit pointless; if you change the folder to admin then remove the line in the robots text for Disallow: /personal/ no-one is going to look for the folder.

Regards

Nic

 

Hi again, Nic

 

1) i tested it, and it is working :) thank you... But, just for your info, instead of showing 403 error message, it actually showed me the following. I hope this shouldnt be a problem

 

Directory has no index file.

 

Browsing this site or directory without an index file is prohibited.

If you are the site's webmaster, you can remedy this problem by creating a default HTML page with one of the following names:

 

index.html

index.htm

default.htm

Default.htm

home.html

Home.chtml

NOTE: Filenames are case sensitive, i.e., Home.html is not the same as home.html

 

 

2) Noted. seems like i am starting to understand how your contribution works. GREAT :) Thanks a lot, Nic :)

Share this post


Link to post
Share on other sites

Hi Mike,

There are many different add ons for security out there, but i would say

Security Pro

osC_Sec

Nic

 

 

Hey Nic,

 

I was able to actually get the IP Trap working.

 

I had to do the following:

* Insert 999.999.999.999 inside the IP_Trapped.txt file

* Leave the Whitelist.txt blank

 

I have a few contributions installed such as osC_Sec, Security Pro, Site Monitor and of course IP Trap. Now, when I attempt to access the folder I get the blocked.php page with the message and my ip becomes blocked. I attempt to access any page on the site after becoming blocked, I only see a blank page. Is this common? Do you think one of the contributions could have affected your contribution?

 

See if it happens to you...Click Here

 

Thank you in advance.

 

Mike

Edited by ctec2001

Do or Do Not, there is no try.

Share this post


Link to post
Share on other sites

HI Michael

Try disable the osc_sec from working and try again, i think it might be this causing the blank screen.

Once disabled you should see the blocked.php again, please let me know if that works otherwise i would need to have a peek

Regards

 

Nic


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

Hi Fimble, hope you are well.

 

This has nothing to do with IP Trap but it is about another of your contributions called "htaccess Protection Scripts".

I do not know where else to ask as this contribution has no forum at present.

 

I have amended the yoursite.com text to my site details as described in the readme file but do I then copy and paste the whole of the code into my current .htaccess file

in the root of my store or do I upload the file "htaccess_protection.htm"

 

Thanks

 

Michael

Share this post


Link to post
Share on other sites

Hello

Sorry for the wait i've been busy.

You paste the sections you want to use in your own HTACCESS file.

Rgds

Nic

 

 

Thanks, worked a treat after a couple of small amendments. In your HTML file which you open to choose which items to use you have a few lines with the hash character missing form the beginning of the line.

 

These are:

 

BAN IP NUMBERS, ALL OF TURKEY

 

FORCE TYPE

 

It took me a little while to realise what was happening when my store kept breaking but got there in the end.

 

Thanks again

 

Michael

Share this post


Link to post
Share on other sites

HI Michael

Try disable the osc_sec from working and try again, i think it might be this causing the blank screen.

Once disabled you should see the blocked.php again, please let me know if that works otherwise i would need to have a peek

Regards

 

Nic

 

 

Hello Nic,

 

I would have liked to responded sooner, but just got real busy with the site. Anyway, I am going to attempt to remove osc Sec and see if that helpes the issue, but I am kind of leary on if I should now. Today I recv'd my first email from IP Trap as the following ip number was banned: 87.209.87.48. How would I check to see if this a hacker or bot or something. Just a little paranoid since I had to redesign th esite in oscommerce 2.3.1.

 

Any help would be appreciated.

 

Mike


Do or Do Not, there is no try.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×