Jump to content
Sign in to follow this  
FIMBLE

IP trap Version 3 released

Recommended Posts

Hi Fimble (Nic) and thanks for all your help so far.

 

I feel stupid asking this question because it has been asked many times but the answers do not seem to work for me.

 

I have just installed the latest IP Trap V.5.2 and I am still being banned while in the white list.

 

I try to go to the admin folder, previously personal folder, and get banned as I should. I receive the email informing me of this and no matter which page I try to access I am still banned.

 

I look in the iptrap file and my IP number is there as it should be.

 

I remove my IP from the list and I am able to access my site once more. All well and good.

 

I have now put my IP number in the whitelist and tried to access the admin folder again and I am banned again.

 

I have tried this several times to make sure it is not a fluke. I remove my IP from banned list and try again.

I have installed IP Trap 3 previous times with no problems so am stumped as to what is different this time.

 

I am installing it on Osc V2.2 RC2. I have installed it on this version twice before and also on Osc V2.3.1 with no problems.

 

There are no spaces after the IP address either and I have done the app-top file.

 

If I am getting banned while in the white list then wont all the other IPs in that list also get banned?

 

Thanks

 

Michael

Edited by offie

Share this post


Link to post
Share on other sites

I had a problem too with getting banned even on the whitelist... The problem I found was the ip addresses without the 4th octet...

 

So I deleted all expect say 3 (with 4 octets) and it works fine now!

 

 

BTW WHAT A GREAT ADD-ON! SIMPLY AND PERFECT..THANK YOU

Edited by WESK

Share this post


Link to post
Share on other sites

Not sure if this is needed but I added this to my htaccess to limit anyone from viewing my black and white lists.

<Files ~ "\.txt$">
order deny,allow
deny from all
allow from 192.168.0.0/24
</Files>

Share this post


Link to post
Share on other sites

HI Michael

Try disable the osc_sec from working and try again, i think it might be this causing the blank screen.

Once disabled you should see the blocked.php again, please let me know if that works otherwise i would need to have a peek

Regards

 

Nic

 

 

Hey Nic,

 

It must be something to do with osc_sec. I was blocked by ip trap and then was blocked by osc_sec which I intended to do. They both sent emails out after different attempts to gain access and added my ip to the banned list. However, I am getting a blank screen with both contributions. I just wanted to know if that was normal or not, because I should at least see the blocked page from ip trap, i think. What do you think? I might still have you banned as I don't remember your ip and their are about 5 in the list currently. What do you recommend?

 

Thanks for your help,

 

Mike


Do or Do Not, there is no try.

Share this post


Link to post
Share on other sites

I have popped an update out for osC_Sec that should address this issue and not call the 403 header if IP Trap is enabled.


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

IP trap is matching my IP from the white list. I assume the white list that comes with IPT is loaded with many of the common bot/spider IP's since many use a lot of them (like google).

 

 

	$ipw = file ('../banned/Whitelist.txt');
 	$ip = $_SERVER["REMOTE_ADDR"]."\n";
foreach( $ipw as $whiteip )

 

$ipw is a multi-line file. The way you structured "foreach" in secret.php wont do any accurate matching on my servers version of PHP. It is just reading it as a huge blob and saying that my ip is on the whitelist when it is not.

 

Works great for the IP_Trapped.txt though! I think the white/secret will have to be structured similarly to the iptrapped one but actually you need to get away from the \n deal and slurp the file in and do a foreach line or something.... eventually the file will be so large that it will bomb just because the function is a bit weak. At best it is doing a partial match... dont have much more time to trouble shoot it but partial matching will end up blocking a $#!+ load of wanted users :)

Share this post


Link to post
Share on other sites

PS - on my server, even if it (my ip) is the only IP in whitelist it doesnt match it and blocks me. Even if I put two or three others or a couple dozen in there, it still does not match my IP. It only matches it when it does not exist in whitelist, and whitelist has enough of a listing that it does a partial match. Tested it backwards and forward. If I cut out several hundred of the preloaded whitelist IP's, it does not match it whether I put it in there or not.

 

PHP on that server is: 5.2.17 (Old Stable, not supported by PHP but still very common) http://php.net/downloads.php

 

So again:

 

My IP in Whitelist: blocked

My IP not in Whitelist: matches

My IP in in whitelist but white list reduced in size: blocked'

 

*ya, I made doubly sure that I was whacking it out of the blocked list when I tested ;)

Edited by DRIVE

Share this post


Link to post
Share on other sites

Hi.

 

I have just loaded this addon to my osc 2.3.1 site but it fails to work.

 

1. If I type my website address plus /admin I get thrown back to my main start up page. There is no error code in my log files and the date is not being updated on the files.

 

2. If I type my website address and add on banned/IP_Trapped.txt I get 999.999.999.9999 which is the contents of the file.

 

3. I have not changed my htaccess file as this is protected by a package called SafeZone which is an addon from my hosting company

 

4. My application_top.php files has been amended to show

// include the list of project filenames

require(DIR_WS_INCLUDES . 'filenames.php');

 

// IP Trap V5

include(DIR_WS_INCLUDES . 'secret.php');

 

5. I don't have a catalog directory but have added the directories as supplied by you and renamed personal to admin

 

6. If I manually add my IP address I do get blocked out.

 

Any ideas please because the last site was hacked very badly and I note from the logs file that there have been attempts to look for the admin folder and some file names.

 

Thanks

 

Ian

Edited by caseoli

Theory is an exact science that rarely works in practice!

Share this post


Link to post
Share on other sites

Further to my problem. I have discovered the following error messages in my logs...

 

[sat Jul 23 06:45:04 2011] [warn] mod_fcgid: stderr: PHP Warning: file(/banned/user_agents.txt) [<a href='function.file'>function.file</a>]: failed to open stream: No such file or directory in /home/linweb04/c/copyboards.co.uk-23133835/user/htdocs/includes/secret.php on line 32

[sat Jul 23 06:45:04 2011] [warn] mod_fcgid: stderr: PHP Warning: Invalid argument supplied for foreach() in /home/linweb04/c/copyboards.co.uk-23133835/user/htdocs/includes/secret.php on line 34

[sat Jul 23 06:50:29 2011] [warn] mod_fcgid: stderr: PHP Parse error: syntax error, unexpected '<' in /home/linweb04/c/copyboards.co.uk-23133835/user/htdocs/includes/secret.php on line 18

 

If I am reading the code correctly in this addon, a whitelist IP will get thrown back to the main index page for the website. This is clearly not happening.

 

Can anyone enlighten me please?


Theory is an exact science that rarely works in practice!

Share this post


Link to post
Share on other sites

I have managed to get it working after a fashion....

 

In the end I deleted the whitelist.txt file and now the site works as it should when the 'banned' directory is accessed.

 

Now all I need to do is find out how to get the whitelist to work so I can get access to my admin section without having to play around with the file structure....

 

Love the idea of this app though :thumbsup:


Theory is an exact science that rarely works in practice!

Share this post


Link to post
Share on other sites

I was having similar problems with version 5.2 and 2.2 RC2. Banning was not working, and attempts to go to the trap redirected to the site index.

 

In the end I deleted all the IP addresses in the whitelist that had only 3 parts, and left all the 4 part addresses intact.

 

Now it seems to ban correctly, and the whitelist seems to work properly (I think). When my IP is on the whitelist and not the banned list I am redirected to the index.php.

 

Not sure what the problem is (could be too many addresses in there, or some other error), but there's a workaround that might work for some.

Share this post


Link to post
Share on other sites

Having problems with IP Trap version 5.2 and 2.2 RC2.

 

Followed all the instructions, uploaded all new files, made edit to includes/application_top.php, and renamed personal folder to admin.

 

When I access my site at mysite.com/admin it simply redirects me to mysite/index.php instead of banning me.

 

Help please?

 

Thanks!

Share this post


Link to post
Share on other sites

Further to my post above, when I add my ip address to /banned/IP_Trapped.txt I get the banned page, but when I try to access mysite/admin for some reason I am not added to the banned list.

 

Thanks.

Share this post


Link to post
Share on other sites

Do what I did just prior to your post and you should be alright.

 

I tried that, didn't work.

Share this post


Link to post
Share on other sites

I have installed IP Trap 5.2 on a 2.2rca shop. It looks as if everything just works fine, except the whitelist does not recognize me. I tried what someone advised earlier: remove the short IP addresses. With no result.

 

Even if my IP Address is the only one in whitelist.txt (and it is removed from ip_trapped.txt) it doesn´t recognize me.

 

This is no big problem. I am just asking for better understanding.

 

One other question is: For what reason would I want to have all these IP Addresses into the whitelist?

Share this post


Link to post
Share on other sites

I recently installed IP_Trap on a client's 2.2rc2 site. The installation went well; but when I tried to test I found that (as others have reported), I was also being redirected to the store's ../index.php whenever I tried to visiit "catalog/personal" rather than being banned. After analyzing the code a bit, I realized there was a loop through the whitelist file built into "catalog/personal/index.php" that redirects the user back to "../index.php" if a match on the IP address is found in the "banned/Whitelist.txt" file. Yet, I was SURE my IP address must NOT be in that file and a quick check confirmed I was NOT there.

 

Puzzled by this situation, I then made a small patch to the "foreach" loop code which originally looked like this:

 

foreach( $ipw as $whiteip )
{
  $test = strcmp($whiteip,$ip);
   if($test == 1)
  {
  header ("location:"."../index.php");
  exit;
  }
}

 

foreach( $ipw as $whiteip )
{
  $test = strcmp($whiteip,$ip);
   if($test == 1)
  {
//   header ("location:"."../index.php");
print $whiteip . ' ' . $ip;
  exit;
  }
}

 

To my great surprise when I tested using this code I found my new "print" command produced the following...

 

8.6.48 75.161.49.58

 

In short, my IP address (75.161.49.58) was producing a false positive match in the Whitelist.txt file with the IP string (8.6.48) ?

 

Say WHAT?

 

So I then removed the (8.6.48) IP address from Whitelist.txt and tested again. To my surprise I was banned as I should have been earlier in the very next test.

 

I noted that one user theorized he thought the cause of false positives in the Whitelist.txt file issue was ANY 3 part IP address, while another suspected the cause of false positives might be the failure to include a standard DOS line-ending CR/LF pair at the end of each line in the Whitelist file. So checking further, I found that the foreach loop had NOT gotten false postives on ANY 3 part IPs that occured in Whitelist.txt BEFORE the 8.6.48 IP address appeared, I also double-checked using a hex-file-editor and confirmed that there was a standard DOS CR/LF pair character on the line in Whitelist.txt containing 8.6.48 AND on all lines before and after that.

 

After checking and confirming 8.6.48 was one of the IP blocks used by the google spider, I decided I could NOT leave that IP block out of Whitelist.txt. Lacking any further explanation for why the FOREACH loop concluded 8.6.48 was the same as 75.161.49.58, I decided to relace 8.6.48 with the 255 IP addresses from 8.6.48.1 to 8.6.48.255. That didn't work either because 8.6.48.1 was "judged" the same as 75.161.49.58! So much for the theory the problem had something to do with 3-part IP addresses!

 

Next, I tried changing my IP address to see what happened. That resulted in my NEW IP address matching an entirely different 3 part IP number in Whitelist.txt. Arghhhhh!

 

Then I took a deep breath, stopped, sat back and thought about the situation for a minute. By definition, if a visitor is wandering through these directories they're disobeying my stated robots.txt rules. AFAIK, NO spiders should EVER be allowed to disobey those rules. Frankly, I don't want to grant ANY spider... even Google's spider -- a "pass" if it's trying to search my forbidden areas. So in the end, I decided it was best to delete ALL rows in Whitelist.txt and thus block every visitor that tries to access those areas.

 

Conclusion for FIMBLE: At best, this Whitelist code is buggy as hell and needs to be totally rewritten so that it's reliable.

 

Question: Am I overlooking something critical here or thinking about this blocking disobedient spiders situation wrong? If so, can someone please explain why I need this Whitelist feature at all?

 

Thanks!

Share this post


Link to post
Share on other sites

Hello,

 

Excellent IP Trap tool! The only problem is the Whitelist.txt doesn't work for me at all. I deleted all except mine and work, but no one would get banned. So, I removed my IP from the Whitelist and still I was directed to the index.php with only one IP in the list. I haven't tried removing all of them, but when I removed the file Whitelist.txt, it works perfectly. I would like to be able to use the whitelist function though. Please let me know if there is any correded code for some file in this Contribution.

 

Thanks,

 

Bob

Share this post


Link to post
Share on other sites

Just a quick question in the file IP_Trapped.txt, should all the IP addresses added get a new line?

 

Because all the IP's in my trap run together so how does the system know where to split them ? Or is it as simple as a number check on a string?

 

Although if that is the case then some IP's might get banned by accident.

Share this post


Link to post
Share on other sites

I had the same problems. My website was redirecting me every time to the home page when trying to go to /personal. It also was not blocking me or even adding my ip to the iptrapped file. The main problem was the whitelist text file. At the very bottom there are spaces that need to be deleted. Once I deleted all those out it works. I also encountered a 500 internal server error when I first started and to fix that just change the permissions on all the files from 0777 to 0644. You can test it at my website to see it working; email me to unblock you. Good luck!

http://www.storageshedsonsale.com/

Share this post


Link to post
Share on other sites

Whitelist does not like some ip addresses. If Whitelist does not like the ip address entered it will make the trap not work at all and redirect anyone going to /personal to the index page. Somehow it is being picky about how many characters are in each block. Here is an example of an ip that Whitelist allows and one that Whitelist does not.

 

72.167.191.30 <-- added to Whitelist and trap works

97.74.139.193 <-- added to Whitelist and trap redirects to index

 

Fimble please help :)

Share this post


Link to post
Share on other sites

I now have a solution, but my problem was that I have a security scanner that ignores robots.txt and scans all directories. This spider hits the trap every time and the whitelist will not work for some of it's ips for reasons stated in my last post. I have no idea how to fix this contribution to not be picky about certain ips and I need to keep this spider out of the /personal folder. To do this I simply added this to the .htaccess file in /personal directory. You can add more deny lines for more ips to keep them out if needed.

 

order allow,deny

deny from 97.74.139.192

deny from 97.74.139.193

allow from all

Share this post


Link to post
Share on other sites

Found Solution to problem quite a few people had, that by accessing /personal they would only get forwarded to the index file but not get blocked.

The solution that worked for me was simple: rename Whitelist.txt and IP_Trapped.txt to lower case.

Then change it in the same way in all places where those filenames appear, in these files:

includes/secret.php

personal/index.php

 

Now it works perfectly.

My host is linux, php

5.1.5

 

 

Good Coding,

 

Jörg

Edited by blue7hand

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×