obcbeatle Posted September 10, 2010 Share Posted September 10, 2010 I modified the index.php file that came with IP Trap with my info on lines 15, 50 & 52. But now what? The instructions say upload to my personal folder. By that does it mean upload and replace my existing osC root index.php (after I back it up) ? If so, I did that, but got errors so put back my original index.php. I'm just not sure I'm following the directions correctly. Sorry for the ignorance. Thanks! PS: Line 52 says CHANGE THIS TO YOUR OWN URL. I did but I currently have no blocked.php file. Does blocked.php get created/written or do I have to create it? Again sorry for my confusion. Link to comment Share on other sites More sharing options...
FIMBLE Posted September 10, 2010 Share Posted September 10, 2010 Hello You trap consists of a few folder and php files. The directory tree should be preserved, which means that the includes / secret.php goes to your ready existing includes folder, essentially you are adding a file to the includes folder the banned and personal folder goes either inside your catalog folder or if you do not have one then it goes in the root directory. Then you need to edit the application_top.php with one line of code. The only thing i can think of is that you are trying to upload the update i added a while back on its own? If this is correct then you have to download the previous complete package and install and then update. Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
FIMBLE Posted September 10, 2010 Share Posted September 10, 2010 here is a link to the add on forum http://www.oscommerce.com/forums/index.php?showtopic=340290 Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
obcbeatle Posted September 10, 2010 Author Share Posted September 10, 2010 here is a link to the add on forum http://www.oscommerce.com/forums/index.php?showtopic=340290 Ahhh...per your previous post it sounds like I did NOT get the complete package! What I downloaded had no reference to creating files or the structure (secret.php, etc). I'm still looking for the complete package. I will post here if I can't find it and/or when I have success. Thanks for the help and the quick reply! Link to comment Share on other sites More sharing options...
obcbeatle Posted September 10, 2010 Author Share Posted September 10, 2010 Ahhh...per your previous post it sounds like I did NOT get the complete package! What I downloaded had no reference to creating files or the structure (secret.php, etc). I'm still looking for the complete package. I will post here if I can't find it and/or when I have success. Thanks for the help and the quick reply! OK...got IP Trap installed. I put my IP in IP_Trapped.txt to test, but was still able to access my osC. Is there a better way to test this? Thanks! Link to comment Share on other sites More sharing options...
FIMBLE Posted September 10, 2010 Share Posted September 10, 2010 OK...got IP Trap installed. I put my IP in IP_Trapped.txt to test, but was still able to access my osC. Is there a better way to test this? Thanks! Hiya, Well done for getting this far :-) Now if its installed correctly, and dont miss that bit you have to add to the application_top.php! You should only need to go to www.yoursite.com/personal ( replace yousite with your actual site URL, and i m assuming that the site is not in the catalog folder still, if it is then the url will be www.yoursite.com/catalog/personal) This will / should get you banned Nic Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
obcbeatle Posted September 10, 2010 Author Share Posted September 10, 2010 Hiya, Well done for getting this far :-) Now if its installed correctly, and dont miss that bit you have to add to the application_top.php! You should only need to go to www.yoursite.com/personal ( replace yousite with your actual site URL, and i m assuming that the site is not in the catalog folder still, if it is then the url will be www.yoursite.com/catalog/personal) This will / should get you banned Nic Excellent! 2 browsers I tried (Safari and Firefox) got banned from my ip (I received the emails) and MSIE, while not failing yet, is being blocked (interesting how MSIE keeps trying and has yet to timeout). Anyway...thanks for your assistance! Now on to the .htaccess add-ons... Link to comment Share on other sites More sharing options...
sarahw167 Posted December 10, 2010 Share Posted December 10, 2010 Did you get any further with this? I downloaded the IP trap and all it had was a personal/index.php and a install.txt I've uploaded it a tested it. I got the following message: Warning: file(DOCUMENT_ROOT/../../banned/Whitelist.txt) [function.file]: failed to open stream: No such file or directory in /home/offthera/public_html/catalog/personal/index.php on line 9 Warning: Invalid argument supplied for foreach() in /home/offthera/public_html/catalog/personal/index.php on line 11 Warning: file(DOCUMENT_ROOT/../../banned/IP_Trapped.txt) [function.file]: failed to open stream: No such file or directory in /home/offthera/public_html/catalog/personal/index.php on line 19 Warning: Invalid argument supplied for foreach() in /home/offthera/public_html/catalog/personal/index.php on line 21 Warning: fopen(DOCUMENT_ROOT/../../banned/IP_Trapped.txt) [function.fopen]: failed to open stream: No such file or directory in /home/offthera/public_html/catalog/personal/index.php on line 35 Warning: flock() expects parameter 1 to be resource, boolean given in /home/offthera/public_html/catalog/personal/index.php on line 36 Warning: Cannot modify header information - headers already sent by (output started at /home/offthera/public_html/catalog/personal/index.php:9) in /home/offthera/public_html/catalog/personal/index.php on line 52 Link to comment Share on other sites More sharing options...
Guest Posted December 10, 2010 Share Posted December 10, 2010 Sarah, When downloading contributions, always download and install a FULL PACKAGE before downloading patches or updates. The full package includes the whitelist.txt file that is causing the error saying it is missing. Chris Link to comment Share on other sites More sharing options...
Xavier_SG Posted December 12, 2010 Share Posted December 12, 2010 "If you do not do this the Trap will not work : Open File catalog / includes / application_top.php around line 56 add // include the IP Trap require(DIR_WS_INCLUDES . 'secret.php'); Save the file and Close" Hello, regarding the modification on application_top.php, could you show the code just above and below where the "require" instruction should be added? This is because line number (56) alone is not sufficient as I have integrated (as many people have I guess) a number of mods on stock osc that change the line numbering, plus I started with an oscss version. That being said, thanks for this great piece of work! :) This is my line 56 in application_top: /** * Forcefully disable register_globals if enabled * * Based from work by Richard Heyes (http://www.phpguru.org) */ if ((int)ini_get('register_globals') > 0) { if (isset($_REQUEST['GLOBALS'])) { die('GLOBALS overwrite attempt detected'); } // This is line 56 $noUnset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) ? (array)$_SESSION : array()); Link to comment Share on other sites More sharing options...
germ Posted December 12, 2010 Share Posted December 12, 2010 Try after this code: // include the list of project filenames require(DIR_WS_INCLUDES . 'filenames.php'); If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
sarahw167 Posted December 17, 2010 Share Posted December 17, 2010 Sarah, When downloading contributions, always download and install a FULL PACKAGE before downloading patches or updates. The full package includes the whitelist.txt file that is causing the error saying it is missing. Chris Thanks Chris, this explains a lot! I've now managed to install site monitor, htaccess, and security pro. I've installed the complete package of IP trap. I put my ip address on the whitelist, I went to http://www.offtherackweddingdresses.com.au/catalog/blocked.php'>http://www.offtherackweddingdresses.com.au/catalog/blocked.php and recieved an email to say my IP was blocked. My ip address also ended up on the ip_trapped list. I then went to http://www.offtherackweddingdresses.com.au/catalog and could still access it. I then asked my husband to try from work. He got the blocked message but could still access the http://www.offtherackweddingdresses.com.au/catalog url also. In his instance, I didn't recieve an email. Now I'm not sure if it's set up correctly or not. I've since deleted my ip address from the ip_trapped list as I saw the note about making sure an IP address isn't on both lists. Hope this question doesn't drive you nuts. regards, Sarah Link to comment Share on other sites More sharing options...
Guest Posted December 17, 2010 Share Posted December 17, 2010 Sarah, I don't think you have installed it correctly as I 'poked around' your site pretty hard and didn't get blocked. Ensure you have the paths correct in the /personal/index.php file Chris Link to comment Share on other sites More sharing options...
sarahw167 Posted December 17, 2010 Share Posted December 17, 2010 Sarah, I don't think you have installed it correctly as I 'poked around' your site pretty hard and didn't get blocked. Ensure you have the paths correct in the /personal/index.php file Chris Thanks Chris, I think I've found the problem. I pasted this // include the IP Trap require(DIR_WS_INCLUDES . 'secret.php'); into the correct file, but all the code went onto one line which I believe makes the code invalid? I've rectified it and tried and I have now blocked myself from the /catalog folder. I think I read somewhere on this forum that you can apply the same ip trap to your admin function? Link to comment Share on other sites More sharing options...
JeddeJ Posted November 8, 2011 Share Posted November 8, 2011 I have downloaded IP Trap version 5.2. I have just a few questions before i go ahead and add it to my database. It's about the robots file and changing the personal file name to admin. If You do rename your personal folder to something else please ensure you alsoalter the robots.txt file too .... From Disallow: /personal/ To whatever you call the folder. This fine but what about the other admin located in the robots text file? Just delete it? Disallow: /includes/Disallow: /cgi-bin/ Disallow: /personal/ Disallow: /admin/ Also what does this mean below? Do i place the robots.txt file in the folder that i have called my store for example Catalogue. Or is it to be placed in the folder (above) that which contains my store? And since my store is in catalogue i need to adjust all the robot entrys to catalogue/ cgi-bin/ ..or.. catalogue/includes... is this correct? Your robots.txt file needs to be in the ROOT of your store regardless where your actual store is i/e catalog, shop, store, market, etc... and you need to alter the robots text to suit, so if your store is in catalog your robots.txt looks like Disallow: /catalog/personal/ And finally in the personal folder of the IP Trap are the htaccess files, do they need to altered in any way because i have changed the name of the personal folder to admin? I would assume they need changing to admin/index? ErrorDocument 403 /personal/index.phpErrorDocument 401 /personal/index.php ErrorDocument 500 /personal/index.php ErrorDocument 400 /personal/index.php ErrorDocument 404 /personal/index.php I just want to make sure i have understood what is required to make the changes and hopefully get it right first time. These questions may seem completely obvious to an expert but i'm barely a novice!! Link to comment Share on other sites More sharing options...
Taipo Posted November 9, 2011 Share Posted November 9, 2011 I would assume the principle that IP Trap is employing is about banning anything that breaks the code of ethics. Disallow: /admin/ for example is telling net miners not to index the directory called admin, if they do then, ip trap has a surprise waiting for them. You could if you wanted to, have some fun with attackers by copying the contents of the personal directory to directories using some rather more compelling names like www.yoursite.com/passwords/ www.yoursite.com/phpmyadmin/ www.yoursite.com/creditcards/ Disallow: /passwords/ Disallow: /phpmyadmin/ Disallow: /creditcards/ Any ethically programmed automated site miners will disregard those directories because that is the general rule to do so. Any miners or attackers that try to access those directories will get banned by IP Trap. That is how I understand the principle that is behind this addon. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.