Jump to content
Sign in to follow this  
FIMBLE

IP trap Version 3 released

Recommended Posts

Hi Travis,

The IP trap will have no impact upon any other aspect of your site, certainly not the log in or checkout systems.

The only thing that might cause this is if you used the XSS add ons, which have been known to block real customers from checking out, i did get a fair amount of messages about this, and it always turned out to be an XSS script which gave a similar message.

The logic of the trap is that a user has to call teh personal folder in their browser to activiate the trap, the chances of trapping an actual customer is remote.

 

Nic

 

 

Hello Nic,

I need help. You said put this around line 56:

 

// include the IP Trap

require(DIR_WS_INCLUDES . 'secret.php');

 

I do not know how to tell what line is what number. How do I know what line 56 is?

 

I have done everything else you said and I am getting this error in my admin:

 

Warning: main(includes/application_bottom.php): failed to open stream: No such file or directory in /home/content/s/c/i/scitechadmin/html/catalog/admin/login.php on line 159

 

Warning: main(includes/application_bottom.php): failed to open stream: No such file or directory in /home/content/s/c/i/scitechadmin/html/catalog/admin/login.php on line 159

 

Fatal error: main(): Failed opening required 'includes/application_bottom.php' (include_path='.:/usr/local/lib/php') in /home/content/s/c/i/scitechadmin/html/catalog/admin/login.php on line 159

 

What does this mean and how can I fix this?

 

Thanks,

Hope

Share this post


Link to post
Share on other sites

I've read through the readme file and through this topic, but have a question about uploading.

 

The readme file says to "Upload the entire contents of the catalog folder to your existing catalog folder on your server via FTP."

 

There is also a DOCS folder. Am I supposed to do anything with that folder?

Share this post


Link to post
Share on other sites

I've read through the readme file and through this topic, but have a question about uploading.

 

The readme file says to "Upload the entire contents of the catalog folder to your existing catalog folder on your server via FTP."

 

There is also a DOCS folder. Am I supposed to do anything with that folder?

 

 

No the docs folder just contains info for the ireadme file, you do not need to upload it.

Nic


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

Hi Nic,

 

I have just added version 4 of IP Trap to my store and all seems to work OK when I try to access the personal folder (ie. get the block page message) but I am still able to access my site and checking the IP_Trapped file my IP address has not been added and the 999.999.999.999 address has been removed. Any thoughts on what I am doing wrong.

 

Thanks in advance for any assistance you can provide.

 

Tim

Share this post


Link to post
Share on other sites

This so called IPTrap is far from stable. I highly doubt it will ever be stable as I found a topic here where it was created by other forum members. This fimble guy just copied what was in the forum and packaged it like it was his work. Now he cant seem to make a stable release. This IPTrap will block certain payment modules from sending data to your shop. I would stay far away from it and wait for something to come out by people that know what they are doing.

Share this post


Link to post
Share on other sites

I am about to release version 3 of the IP Trap,

Updated features

Cleaned code,

Added a Whitelist, with Search engine IP numbers loaded

Redesigned the Blocked.php page.

Added correct syntax for robots.txt

Updated install file.

 

Any comments, questions first see the readme in the contribution then ask here.

 

http://addons.oscommerce.com/info/5914

 

 

Enjoy

Nic

 

Hi, thanks for your efforts.

 

Maby this http://www.kloth.net/internet/bottrap.php can be of use?

 

Sara

Share this post


Link to post
Share on other sites

Great contribution indeed.

 

Just to get something straight, in the case of Biancoblu, (where she got automatically IP Trapped when all she intends doing is Whitelist herself), - i have a similar story- does it mean she leaves everything as it is since Nic tested it independently?

Edited by ogwinilo

Share this post


Link to post
Share on other sites

Great contribution indeed.

 

Just to get something straight, in the case of Biancoblu, (where she got automatically IP Trapped when all she intends doing is Whitelist herself), - i have a similar story- does it mean she leaves everything as it is since Nic tested it independently?

 

Hello

Thank you for your kind words, im not too sure what you mean.

Do you have a dynamic IP like Isa ?

The point of the white list is not so much to stop you from being banned as you know the IP trap is there, it is intended to be a cushion to prevent Search engines like Google and Yahoo, who's IP numbers are in the whielist from being banned.

So even if your IP number is dynamic and you do get banned just dont go in the trap.

Nic


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

Great contribution indeed.

 

Just to get something straight, in the case of Biancoblu, (where she got automatically IP Trapped when all she intends doing is Whitelist herself), - i have a similar story- does it mean she leaves everything as it is since Nic tested it independently?

 

My problem was that I kept getting banned even though my IP was in the whitelist, upon checking the trapped list and the whitelist I noticed my IP had ended up in both lists as if the trapped list was getting written to regardless of the IP having been added to the whitelist. This only happened a few times then not anymore, I don't know the reason behind it. Now it works as intended, and has been tested at length.

 

Nic, I can't remember if you've edited something at all in the files after I had the problem?


~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

Nic, I can't remember if you've edited something at all in the files after I had the problem?

 

Hi Isa

No i'm not sure, the only thing we worked on after removal of your IP from the trap file banned/IP_Trapped.txt (which must be done or you will be banned) was to work on the admin version of the trap.

Someone earlier said that they removed the "\n" from the end of $ip = $_SERVER["REMOTE_ADDR"]."\n"; and made it work.

They did not make it work as it then only checked the first line, so they did not mend it they broke it!

Most people who have a problem seem to foget to add the application_top.php line.

Regards

Nic

Edited by FIMBLE

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

Hi Nic,

actually you're right, I remember now, all we did was remove the IP from the trapped list.

Then the subsequent tests were regarding the admin version not the regular version. :)


~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

Hi Nic,

actually you're right, I remember now, all we did was remove the IP from the trapped list.

Then the subsequent tests were regarding the admin version not the regular version. :)

 

 

Appreciate your posts.

1. Please enlighten me a bit, "Then the subsequent tests were regarding the admin version not the regular version." What does this entail?

2. Nic, can you please direct me to a thread regarding your brilliant Bubble Ready Stores. I have installed all the recommended security measures by yourself, by Spooks (found here: http://forums.oscommerce.com/topic/313323-how-to-secure-your-site/) etc. Now I'm ready for the store configuration and the look and feel using one of your templates. Now do I replace all the files (eg application_top) I've made security changes to as I upload your template, or what do i do? Whats the easiest and painless way to do this?

Sory for hijacking this valuable thread.

 

 

Regards

 

Felix

Share this post


Link to post
Share on other sites

Appreciate your posts.

1. Please enlighten me a bit, "Then the subsequent tests were regarding the admin version not the regular version." What does this entail?

2. Nic, can you please direct me to a thread regarding your brilliant Bubble Ready Stores. I have installed all the recommended security measures by yourself, by Spooks (found here: http://forums.oscomm...ure-your-site/) etc. Now I'm ready for the store configuration and the look and feel using one of your templates. Now do I replace all the files (eg application_top) I've made security changes to as I upload your template, or what do i do? Whats the easiest and painless way to do this?

Sory for hijacking this valuable thread.

 

 

Regards

 

Felix

 

Hi

There is no forum address for the bubble stores, there has never really been a reason to have one, to be sure you have done it all correctly i would suggest you install the bubble store, and then add the security measures onit once installed.

The quoted line you are refering to is an add on to the IP trap for the admin older that i worked on with Coopco and Biancoblu but i have not released it.

The way it works is that it protects your admin folder by adding code to your login.pgp (for 2.2RC2A) or index.php (for 2.2ms) you have to be in the whitelist, if not calling the admin folder will ban you.

I decided not to release this due to the obvious problems that would start with people who have a dynamic IP numbers that would be getting banned constantly.

Hope this helps you out

NIc


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

Hi

There is no forum address for the bubble stores, there has never really been a reason to have one, to be sure you have done it all correctly i would suggest you install the bubble store, and then add the security measures onit once installed.

The quoted line you are refering to is an add on to the IP trap for the admin older that i worked on with Coopco and Biancoblu but i have not released it.

The way it works is that it protects your admin folder by adding code to your login.pgp (for 2.2RC2A) or index.php (for 2.2ms) you have to be in the whitelist, if not calling the admin folder will ban you.

I decided not to release this due to the obvious problems that would start with people who have a dynamic IP numbers that would be getting banned constantly.

Hope this helps you out

NIc

 

 

 

Thanks, quite helpful

Share this post


Link to post
Share on other sites

 

 

 

Thanks, quite helpful

 

 

Hi there Nlc

 

I have installed the bubble store. After running Sitimonitor, i get the following files as possibly hacked:

 

Checked 223 directories containing a total of 1173 files. Skipped 851 files. 20 suspected hacked files found.

Hacked Files Found

power/fckeditor/fckeditor.afp

power/fckeditor/fckeditor.asp

power/fckeditor/fckeditor.cfc

power/fckeditor/fckeditor.cfm

power/fckeditor/fckeditor.js

power/fckeditor/fckeditor.lasso

power/fckeditor/fckeditor.pl

power/fckeditor/fckeditor.py

power/fckeditor/fckeditor_php4.php

power/fckeditor/fckeditor_php5.php

power/fckeditor/editor/fckdialog.html

power/fckeditor/editor/dialog/fck_docprops.html

power/fckeditor/editor/dialog/fck_flash.html

power/fckeditor/editor/dialog/fck_image.html

power/fckeditor/editor/dialog/fck_link.html

power/fckeditor/editor/dialog/fck_paste.html

power/fckeditor/editor/dialog/fck_spellerpages.html

power/fckeditor/editor/filemanager/connectors/test.html

power/fckeditor/editor/filemanager/connectors/uploadtest.html

power/fckeditor/editor/js/fckdebug.html

 

 

I don't believe they've been hacked, could there be an explanation for this?

 

Thanking you for your great work, we'll be PMing you in due course regarding some other stuff relating to your work

 

Felix

 

 

 

Felix

Share this post


Link to post
Share on other sites

After installing the green buble store, the mechanics of the store seem to be working fine for now, i am able to start the transaction from the beginning to payment. However, apart from 'the possibly hacked files'- (i dont think they are), I can't find the said 'edit page' in admin. Secondly, infobox images, both the left and right ones don't appear, it shows blank spaces with red-crossed boxes instead of an image. What could be causing these and how can I rectify them?\\

 

Thanks

Share this post


Link to post
Share on other sites

After installing the green buble store, the mechanics of the store seem to be working fine for now, i am able to start the transaction from the beginning to payment. However, apart from 'the possibly hacked files'- (i dont think they are), I can't find the said 'edit page' in admin. Secondly, infobox images, both the left and right ones don't appear, it shows blank spaces with red-crossed boxes instead of an image. What could be causing these and how can I rectify them?\\

 

Thanks

 

Why are you posting this on the IP trap page?


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

Hi

 

For some reason this is not working on my server. All changes made but it seems it's not getting the full FS Path.

 

[client *********] PHP Warning: file(): Unable to access DOCUMENT_ROOT/../banned/IP_Trapped.txt in /var/www/vhosts/******.co.uk/httpdocs/catalog/includes/secret.php on line 11, referer: http://******.co.uk/catalog/index.php

 

[client ********] PHP Warning: file(DOCUMENT_ROOT/../banned/IP_Trapped.txt): failed to open stream: No such file or directory in /var/www/vhosts/******.co.uk/httpdocs/catalog/includes/secret.php on line 11, referer: http://******.co.uk/catalog/index.php

 

Where is the var DOCUMENT_ROOT derived? Should I hard code the full path to make it work?

 

or use the OSC var DIR_FS_CATALOG ?

 

 

Permissions set to 666 for the files and 755 for the dir.

 

Wayne.....

Edited by Wayne Weedon

Share this post


Link to post
Share on other sites

I installed. Added my IP to the banned list, yet I still was able to get through. I don't get any errors and the install is pretty straight forward. I'm on a windows server, but I feel pretty confident that I have permissions correct.

 

Anything I should be looking for? Or test in another way?

Share this post


Link to post
Share on other sites

I installed. Added my IP to the banned list, yet I still was able to get through. I don't get any errors and the install is pretty straight forward. I'm on a windows server, but I feel pretty confident that I have permissions correct.

 

Anything I should be looking for? Or test in another way?

 

Hi Did you add the line in your application_top.php?

Nic


Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

When somebody goes to /personal and gets banned..it says please email webmaster@ this site. Is there a way to change this?

 

Also, even though my ip is on the whitelist, everytime I go to domain.com/personal I get blocked..

Edited by sarafina

Contributions installed: Purchase without Account / STS/ All Products/ Header Tags Controller

Share this post


Link to post
Share on other sites

Yes you need to eidt the file catalog / blocked.php

its on line 19

 

 

Have you removed your ip number from the IP_Trapped.txt also?

Nic

Edited by FIMBLE

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Share this post


Link to post
Share on other sites

Yes you need to eidt the file catalog / blocked.php

its on line 19

 

 

Have you removed your ip number from the IP_Trapped.txt also?

Nic

 

Yes I have followed instructions.

 

Changed all the files. Made permission 755 for folder and 666 for files.

 

I go to /personal... Get banned. Took my ip of ip_trapped.txt and put it on whitelist and go back and get banned again. I have cleared cookies, opened new windows etc. Even if my ip is on the whitelist I always get banned when visiting /personal.


Contributions installed: Purchase without Account / STS/ All Products/ Header Tags Controller

Share this post


Link to post
Share on other sites

Ok soooo I got it to work but IF and only IF my IP is at the top of the list. I added it to the bottom of the list (whitelist) and I was instantly blocked upon visiting /personal directory. When I added myself to the top of the list I was not blocked.

 

I would invite anybody who has this working to take their IP and put it at the bottom of the whitelist and see if they get the same results. FIMBLE, hopefully you can test and look into this.


Contributions installed: Purchase without Account / STS/ All Products/ Header Tags Controller

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×