simplicity 0 Posted October 17, 2010 I installed and testing this addon yet when I block myself I am still able to access my website with no issues.. I went to the "personal" folder and got the banned page and got an email saying it banned myself.. Yet I was still easily able to browse my site.. I discovered the same thing. Share this post Link to post Share on other sites
Guest Posted October 18, 2010 I am getting the following warnigs when I launch my pages. Using IP_Trap V 4 + Index.php update Warning: file(home/*username*/public_html/banned/IP_Trapped.txt) [function.file]: failed to open stream: No such file or directory in /home/*username*/public_html/includes/secret.php on line 11 Warning: Invalid argument supplied for foreach() in /home/*username*/public_html/includes/secret.php on line 13 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/*username*/public_html/includes/secret.php:11) in /home/*username*/public_html/includes/functions/sessions.php on line 102 Here are the lines in question: secret.php line 11 - $IPtrap = file ('home/heathe70/public_html/banned/IP_Trapped.txt'); secret.php line 13 - foreach( $IPtrap as $blockip ) sessions.php line 102 - return session_start(); I have looked through the site and changed my file permissions for IP trapped and index to 777, I have checked for white spaces, and I have tried using the given URL's as well as the absolute paths. I still get the same errors. Any suggestions????? Heather Share this post Link to post Share on other sites
toddzy 0 Posted November 2, 2010 Hello Fimble and thank you for your contribution. I have a question for you and possibly a feature request. As far as I understand a banned ip number can be released by the bot and could possibly be re-assigned by an ISP to a potential customer, consequently that potential customer won't be able to view my store unless s/he feels bothered to email me requesting that I (manually) remove their ip number from the blacklist. So I was wondering, would it be unwise to set up a scheduled task, such as a cron job(?), to reset the blacklist file back to its original content to avoid this inconvenience and potential loss of a customer? Or maybe even (manually) re-upload the original blacklist file and overwrite the existing one on the server once per week? What are your thoughts on the matter? p.s. i realize it's unlikely to happen but eventually after thousands of ip numbers are in the blacklist file it will eventually happen, right? thanks in advance for any response. :) Share this post Link to post Share on other sites
altereco 0 Posted November 19, 2010 "Upload the entire contents of the catalog folder to your existing catalog folder on your server via FTP." Do I drag the whole catalog folder from my local site to my remote site and put that whole folder inside of the catalog folder my catalog is already in? Or do I upload each of the files within the catalog folder individually to my current catalog? Share this post Link to post Share on other sites
Guest Posted November 30, 2010 Im a bit late here, i have oscommerce installed on a subdomain. Do i add it like this on the index php - www.subdomain.yourdomain.com ? and how do i check it is all working? do i put something like this in to the url bar? - www.subdomain.yourdomain.com/admin/index.php Share this post Link to post Share on other sites
Guest Posted November 30, 2010 Im a bit late here, i have oscommerce installed on a subdomain. Do i add it like this on the index php - www.subdomain.yourdomain.com ? and how do i check it is all working? do i put something like this in to the url bar? - www.subdomain.yourdomain.com/admin/index.php I have just got an email through, blocking an ip, this may have been me trying to test it Share this post Link to post Share on other sites
jfkafka 0 Posted December 7, 2010 Hi Fimble, Hope all is excellent with you. Thanks for a great Trap. So far, it's caught 7 hackroaches! Re: v4 Catalog/personal/index.php While testing on localhost with xxamp, php5.3, put ip 127.0.0.1 into whitelist.txt and navigated to http://www.localdev.com/public_html/personal/ but was still getting blocked.php UNTIL (commenting out) // $ip = $_SERVER["REMOTE_ADDR"]."\n"; now changed to this: // $ip = $_SERVER["REMOTE_ADDR"]."\n"; $ip = $_SERVER["REMOTE_ADDR"]; Now it recognizes there's a match and behaves properly ($tester = 1 and redirects to root index.php) 2 questions, if I may be so bold: 1. Why was ."\n" appended to $ip? Below that is this code: // If not found in the Whitelist, then continue to add the IP number to the IP_Trapped file and forward to blocked. { $DOCUMENT_ROOT=$_SERVER['DOCUMENT_ROOT']; 2. What is that curly brace in the middle for? (it seems like the foreach and if statements above it are terminated with closing } What am I missing(besides a functioning brain)? Thanks for any enlightenment, jk Share this post Link to post Share on other sites
jfkafka 0 Posted December 7, 2010 update on above actually commenting/truncating: $ip = $_SERVER["REMOTE_ADDR"]."\n"; to $ip = $_SERVER["REMOTE_ADDR"]; worked when I only had 1 ip (my local ip 127.0.0.1) in Whitelist.txt when I tried it using the v4 Whitelist.txt, inserting 127.0.0.1 somewhere in the middle of the whitelist I was blocked and clocked! but it did provide a solution (in my case at least) based on that I just changed the line below to trim both if($tester = strcmp(trim($whiteip),trim($ip))== 'true') { and now it works when the ip is in the middle of the list as to why it didn't work beforehand seems like there's different amounts of emptiness jk Share this post Link to post Share on other sites
tstarr 1 Posted December 20, 2010 Is there a good Blacklist that I can paste into IP_Trapped.txt to get started? I found one here http://addons.oscommerce.com/info/6066 (banned_IP_Numbers.txt) but it uses subnets. Will these type of entries work with IP Trap? 81.169.137.114 74.53.46.98 62.29.0.0/17 62.56.128.0/22 217.194.135.160/28 217.195.192.0/20 Share this post Link to post Share on other sites
TeaToEnjoyAdmin 0 Posted January 22, 2011 Hi Everyone, I just installed the app and I can see IP addresses being added to the IP_trapped.txt file. But when that same IP address comes around again to another part of the site it can still access my site. I got the impression from reading that the tool would actually block that IP address automatically moving forward. I can easily add the IP address to my cPanel to block it but I wanted to check and make sure I did not do something wrong because it is not being automatically blocked. Thanks Share this post Link to post Share on other sites
♥FIMBLE 82 Posted January 28, 2011 Version 5 of the IP trap just been released. http://addons.oscommerce.com/info/5914 This release clears up the code, and simplifies the installation and update from previous releases * Rewrote the code, removed duplicate Variables * Changed the require to include in application_top.php * This version needs only two lines in two files changed to work * Included a Problem and solutions guide * Changed the link destination to see who the IP belongs to and parsed it to be a complete link with IP number included so just click and view I have tested this over the past few weeks on various environments and sorted out a lot of the problems users were experiencing. Please post your comments here.... I strongly recommend you upgrade to this version. IP Trap is osCommerce version independent, it will work on any of the current "for production" releases. Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Share this post Link to post Share on other sites
mr_absinthe 0 Posted January 31, 2011 (edited) If I understand correctly (when I look into robots.txt), we should create folder /admin/ and copy the index.php from personal folder there, right? But that would mean that two "banned" emails will be received - at least that is what is happening right now. And if I don't keep the index.php file in admin folder, nobody is trapped while trying to access it. Edited January 31, 2011 by mr_absinthe Absinthe Original Liquor Store Share this post Link to post Share on other sites
♥FIMBLE 82 Posted January 31, 2011 Hello did you read the install file? Maybe I did not make it clear enough, if you use the admin folder example then you do not need to use the personal folder as well, sorry for any confusion. Nic Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Share this post Link to post Share on other sites
♥FIMBLE 82 Posted January 31, 2011 Sorry Alex that read to aggressively when it is not the intention... let me start over! By default the file is in the personal folder, if you wish to have it in any other folder, say admin then all you need to do is to rename the personal folder to the desired folder name. The admin in the robots.txt harks to an era pre 2.3.1 when upon install admin was your only option. Nic Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Share this post Link to post Share on other sites
mr_absinthe 0 Posted February 1, 2011 Thank you Nic, maybe I was going too quick through the install file... It is clear now :thumbsup: Absinthe Original Liquor Store Share this post Link to post Share on other sites
♥FIMBLE 82 Posted February 1, 2011 Glad its sorted now anyway Nic Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Share this post Link to post Share on other sites
johnnybebad 3 Posted February 3, 2011 query, this may sound stupid so bear with me. if good bots obey robots.txt and bad bots don't. how do I stop good bots entering my real admin folder without tellin the bad ones where it is? as in your file you have disallow:/includes, cgibin personal and admin just wondered if I am to excclude my real admin folder in the list, and do I really want bad bots to know it exists ? Thanks Getting better with mods but no programmer am I. Share this post Link to post Share on other sites
♥FIMBLE 82 Posted February 3, 2011 hi Jonny i think its a better idea to make sure you admin has been renamed and you have htaccess protection enabled, there is more than one way of finding your admin folder name and changing the name will not stop attacks to it, it will prevent automated scripts from attacking it as they are hardcoded mostly for "admin". So ensure you have done all you can to prevent attacks to your admin whatever it is called. Regards Nic Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Share this post Link to post Share on other sites
johnnybebad 3 Posted February 3, 2011 cool, just wanted to get that straight. so I can have my admin directory and my ip trap admin directory in my robots.txt file Getting better with mods but no programmer am I. Share this post Link to post Share on other sites
♥FIMBLE 82 Posted February 17, 2011 Hello all IP trap updated and now is able to block user agents as well as IP numbers Nic Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Share this post Link to post Share on other sites
kenkja 5 Posted February 21, 2011 I've just installed the IP Trap but have not yet tried the testing routines, 2 things I'm a little confused about. Firstly the robots.txt file, as suggested in the insallation notes I've renamed the personal folder and according the robots.txt file. I notice it has entry disallowing the admin folder & see in the posts above that this goes back to when admin was the only option, am I right in assuming that this line should be altered to my renamed admin folder ? Secondly, in the installation notes after the code changes for application_top.php, "If you want to prevent snoopers from viewing your files in banned folder add the following to your .HTACCESS file" but there doesn't appear to be anything to add Post 1418818 included "SetEnvIfNoCase Request_URI IP_Trapped\.txt ban <Files ~ "^.*$"> order allow,deny allow from all deny from env=ban </Files> SetEnvIfNoCase Request_URI Whitelist\.txt ban <Files ~ "^.*$"> order allow,deny allow from all deny from env=ban </Files> To your .htaccess file, the one inside your catalog folder" Is this it ? thanks Ken Os-commerce v2.3.3 Security Pro v11 Site Monitor IP Trap htaccess Protection Bad Behaviour Block Year Make Model Document Manager X Sell Star Product Modular Front Page Modular Header Tags Share this post Link to post Share on other sites
♥FIMBLE 82 Posted February 21, 2011 Hi Ken, Yes you are correct on both counts. Well done, and sorry for confusing you! Nic Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Share this post Link to post Share on other sites
kenkja 5 Posted February 21, 2011 Nic Thanks very much, now tested and all working ken Os-commerce v2.3.3 Security Pro v11 Site Monitor IP Trap htaccess Protection Bad Behaviour Block Year Make Model Document Manager X Sell Star Product Modular Front Page Modular Header Tags Share this post Link to post Share on other sites
kenkja 5 Posted February 21, 2011 Hello Nic Just when I thought i was getting the hang of this stuff !! I on a 2.3.1 install and seem to successfully added the htaccess directory protection through osc admin options. SO then went back to to adding the code required to htaccess file, then came my senior moment. Am I adding this to code the file in the renamed admin folder or to the one in root or both ? thanks Ken Os-commerce v2.3.3 Security Pro v11 Site Monitor IP Trap htaccess Protection Bad Behaviour Block Year Make Model Document Manager X Sell Star Product Modular Front Page Modular Header Tags Share this post Link to post Share on other sites
♥FIMBLE 82 Posted February 21, 2011 the "SetEnvIfNoCase Request_URI IP_Trapped\.txt ban <Files ~ "^.*$"> order allow,deny allow from all deny from env=ban </Files> SetEnvIfNoCase Request_URI Whitelist\.txt ban <Files ~ "^.*$"> order allow,deny allow from all deny from env=ban </Files> goes into your store main htaccess file, where the main files are like index, account, product_info etc... Nic Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Share this post Link to post Share on other sites