Jump to content

Archived

This topic is now archived and is closed to further replies.

sunshynecraftsbeads

Secure your site with an IP trap - Now I am banned

Recommended Posts

Hi

 

I was in the process of adding the IP Trap contribution  and I have been banned and my website will not come up online,

 

According to the contribution, you can see how it works by going to a link provided but then it bans you as well ( my bad. I did not read that part till after the fact).

 

Anyways it says to contact the person who made the contribution to un-ban you but that person has not been online since January and is not active to help with the contribution problems that arise anymore. There are other issues but I am just going to remove this contribution instead of trying to figure it out on my own..

 

http://addons.oscommerce.com/info/5914

 

 

Is there anyone else who knows how to un-ban someone ? If you can you please help me.

 

Thank you in advance.

 

Share this post


Link to post
Share on other sites

The contact me link provided in the contribution does not work either

 

You get the following message when you send your question

 

Ran into problems sending Mail. Response: 535 Incorrect authentication data

 

 

I am lost at this point.

Share this post


Link to post
Share on other sites

I have never installed that contribution so not sure exactly how it works, but I would go into your files via cpanel or your ftp program like Filezilla and find your .htaccess file and see if it has the banning code in there and remove it.

 

Look for similar to the following: --->>> deny from "IP address Here" 

 

Of course make a backup of any files you are planning on overwriting just in case :thumbsup:

 

I always make a full backup of my site files and database every now and then and especially before doing any updates. At least making a copy of any files I plan on changing for any reason. Your website host company may keep backups of your files for a time as well.

Share this post


Link to post
Share on other sites

@@sunshynecraftsbeads

 

Not sure if this is the same add on...I may have an older version but my instructions state:

 

 

o test if your IP Trap Works....

Once you have installed the files, and made the changes call it in your browser
its good advice to test your site first so call the normal site in your browser
to ensure there are no errors being displayed, then add to the end of the URL
/personal, so it looks like
http://www.yoursite.com/catalog/personal (minus the catalog if not present)
and hit enter, you will see the Blocked.php page, and will receive an e-mail informing you of the ban.
Try to get any page on your site, your will be redirected to the banned page,
to remove your self open and remove your IP number from the /banned/IP_Trapped.txt
Now try your site again and you will be able to view it normally.

So if that's the case for you, go into that file via ftp or your sites control panel, navigate to file manager or called something like that, and remove your IP.

 

If your IP is not there, or that doesn't work...it's time for Plan B...which yet to be formulated.


I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Share this post


Link to post
Share on other sites

Leslie,

 

Thank you for your suggestion. I will check this. Right now I am unable to access my .htaccess file through my go daddy file manager. It won't let me show the hidden files and will not allow me to change it so I am dealing with that issue now too.

 

 

Steve,

 

I was banned before I even started to add this contribution to my site and didn't even realize it. I went to the link and nothing happened so I tried to install the IP Trap V6 for 2.2 & 2.3.

 

Because I was having problems installing the contribution in general ( came up with errors )  & the fact that there is no one to contact I did not complete the installation and removed all .php files pertaining to this.

 

There was a manual in the files that told you how to ?rescue=YOUR_STRING.but this did not work for me as I did it before I even installed the contribution.

 

 

I am at a total loss. But thank you for trying to help. It is greatly appreciated.

Share this post


Link to post
Share on other sites

I was banned before I even started to add this contribution to my site and didn't even realize it.

 

Quite possibly you made too many site accesses over a short period of time, and your host detected this as a DoS (Denial of Service) attack and they banned you. If you have no access at all from your usual computer, you should ask your host if you're banned, and if so, to unban you. You will probably need to supply them with your computer's IP address (your ISP can help with this).

Share this post


Link to post
Share on other sites

Hi Phil,

 

Thank you for responding.

 

I am sorry that I did not explain it to well. When I said I was banned before I even started to add this contribution to my site I should have said that my website was fine until this contribution.

 

I just added Site Monitor and my site was fine. This contribution was recommended for security. I wanted to add this one and I was reading the contribution description for this add-on. It stated this;

 

If you want to see it in action go to

REDACTED you will be banned but will also see it working, please contact me to un-ban you!!!

 

This is where I made the mistake.

 

I always have my admin & website up when I add contributions so I can check it to make sure that the I did not make mistakes or mess anything up when adding any contribution to my site so my site was fine prior to this. I went to the link provided in the add-in description. At first I did not realize I was banned but then after trying to do this add on I checked my website to make sure everything was still ok with my site and it was a blank screen.

 

I tried to contact Fimble like it says to do in the contribution description and found that he has not been online since January but I did email him. I also went to the website that he has and the contact form does not work so I could not contact him to un-ban me.

 

The link provided in this contribution is what banned me. I am 100% positive of this. Any suggestions ?

Share this post


Link to post
Share on other sites

I haven't looked at that addon in quite a while but, as Steve mentioned and as I recall, the banned IP's are stored in a file in a directory named banned, for a stock installation. I don't think you can just delete that file but you can overwrite it with the stock one or just edit it. You will need to access it from your hosts control panel or via ftp. 

Share this post


Link to post
Share on other sites

Hi Jack,

 

I did do a search when I received Steve's reply.  I went to my host control panel and it shows that     No IPs are being blocked.

I then went into my cPanel file manager and did a search for     1)   banned  2) ban  3) ip   4) ip address  4) ip trap       All came up with no records.

 

Anything relating to the ip trap has been deleted but I can still access it if I go into my cPanel then file manager and view trash. I review all of those files to see if any of them had my ip address and only one did (datastore/all_iplist.db). I removed it but it did nothing and my site remained blank. All the files are .php folders, pictures and icons from the contribution.

 

RE: Steve's suggestion as above.

 

http://www.yoursite....atalog/personal (minus the catalog if not present) and hit enter,      I did this and got a 404 error page
 
http://www.sunshynecraftsbeads.com/personal  
File not found (404 error)

If you think what you're looking for should be here, please contact the site owner.

 
 
you will see the Blocked.php page,                             No I got the 404 error page
and will receive an e-mail informing you of the ban.    No I did not receive a email
Try to get any page on your site, your will be redirected to the banned page,  Tried over 10 pages on my site and was not redirected just blank pages
to remove your self open and remove your IP number from the /banned/IP_Trapped.txt             No such txt ??
Now try your site again and you will be able to view it normally.                No I can't

 

When I read Steve's comments it sounded like he was referring to me doing this with a installed contribution which was not the case. Like I mentioned I did delete all the files for this contribution because I was getting error messages and then of course it actually banned me.

 

Jack thank you for taking the time to respond to my cry for Help. I am starting to think that I should have never upgraded. At least before my site was secure and up 24/7 365 year with no problems. :(

Share this post


Link to post
Share on other sites

@@sunshynecraftsbeads @@Jack_mcs  

Jack when I visited Tracie's site, I got a blank page.  Her profile has the site. This might be something going on with PHP, which is out of my arena.


I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Share this post


Link to post
Share on other sites

@@sunshynecraftsbeads The blocking of the IP's is done on the site level so they won't show up in your control panel. I downloaded the addon and looked at the instructions and it says you can clear the blockage by visiting your site and adding ?rescue=code to the url, where code is what was set in admin. The default code is 123 so the url would be ...com/?rescue=123 

 

But if you changed that in the settings, then you would need to use the new code. Also, since you deleted things, the url may not work. But you should be able to just upload all of the new files from the addon and then run that command. If you don't remember the new code, then you would have to edit the database manually. 

 

There is a delete database file in the addon package. If you have removed all of the file changes you made for this addon, then running that file should complete the removal.

Share this post


Link to post
Share on other sites

Hi Jack,

 

Thank you for taking the time to download the addon and refreshing yourself with it. Yes, I was aware of the ?rescue=code in the manual provided with the addon. I did try this yesterday morning and made several attempts but had no luck with it. I think I mentioned this earlier. I made several attempts at it using different codes. I did not set up any codes in admin because I did not fully installation this addon because everything was coming up with errors in my admin.

 

So I tried the following;

 

https://www.sunshynecraftsbeads.com/?rescue=default -  No

https://www.sunshynecraftsbeads.com/?rescue=admin -  No

https://www.sunshynecraftsbeads.com/?rescue=personal - No

 

Now   https://www.sunshynecraftsbeads.com/?rescue=123 - No

 

 

I also looked again at all of the. htaccess files (9) that Steve was mentioning earlier to triple check that my IP address was not anywhere. Nothing came up.

 

There are about 4  .htaccess files that include the following. I don't know if this means anything.

<Files *>
  Order Deny,Allow
  Deny from all
</Files>
 

You mentioned a delete database file. I have 2 - neither have been deleted nor do I have one in my trash.

 

public_html/includes/functions/database.php

public_html/default/includes/functions/database.php

 

 

I can not believe that this is so hard to fix. I am sure that others have gone to that link over the years without installing the addon and clicked it only to have to contact fimble to be un-banned. Sorry I am just so surprised that this can happen.

 

Should I try re-installing it again in the hopes that it works this time and I can attempt to remove myself from being banned ?

 

Thanks a million times over Jack. I hope I am not messing up your weekend too bad,

Share this post


Link to post
Share on other sites

When I mentioned the delete database file, I was referring to the one included in the addon. Likewise, there is an install database file that you have to run when installing it.  So, to be clear, did you run the install_db.php file? If not, the addon won't work and may be the cause of the problem.

 

If you did do that, in the includes/application_top.php file, find the line near the top that starts with error_reporting and add this beneath it

  ini_set('display_errors','1'); 

Then try loading a page on the shop. If it displays errors, that may lead you to where the problem is at. You should remove that line once you are done with it.

Share this post


Link to post
Share on other sites

Hi Jack,

 

All I did as far as this addon was upload the files in the sitesafe 2.3xx folder , I did not upload all of them (ie; the docs folder or the extra's folder). This was Step 1.

 

No I did not do step 2  -  Run the install_db.php in your browser,[http://www.yoursite.com/install_db.php]it will install the required database settings .

 

Just on the off chance I did put that code in includes/application_top.php. Did not do anything. Site is still the same.

 

I am going to try to re-install it again. Can't do any more harm. My site has already been down for 2 days now......

 

Your the Best !!!

Share this post


Link to post
Share on other sites

Just a follow up on this post.  I attempted to install the IP trap contribution ( addon ) and was not successful. Nothing but errors and problems.

 

Step 6  is Wrong -

 

 

Open file

 catalog / includes / languages / english / english.php          The second " english,php "  file that they want something added to Does Not even exist

   Just before the last ?> add.

 

 

Step 7 is Wrong -

 

Open File

catalog / includes / application_top.php

Add to the end before the final ?>                       ?> isn't even in the file

 

Step. 9   Does not apply.

 

 

The result

 

My admin panel it does have a Linuxuk Site Safe tab now which includes;

 

Ban Bad Bots  -  click it on  and you get  

Linuxuk Ban Bad Bots - Version 7

1146 - Table 'BeadStore.linuxuk_ban_bots' doesn't exist

 

select count(*) as total from linuxuk_ban_bots

 

[TEP STOP]

 

OR

 

Edit IP Trap click it on and get a page that says

 

1146 - Table 'BeadStore.linuxuk_iptrap' doesn't exist

 

DELETE FROM linuxuk_iptrap WHERE date < FROM_UNIXTIME(UNIX_TIMESTAMP()- LINUX_ERROR_DELETE_RECORD*24*60*60)

 

[TEP STOP]

 

OR

 

Linuxuk HTTP Errors   click it on and get a page that says

 

1146 - Table 'BeadStore.linuxuk_error_log' doesn't exist

 

DELETE FROM linuxuk_error_log WHERE linuxuk_error_log_date < FROM_UNIXTIME(UNIX_TIMESTAMP()- LINUX_ERROR_DELETE_RECORD*24*60*60)

 

[TEP STOP]

 

 

I am even getting a error message when I click on some of my tabs in my admin that I didn't have before -   error.gif WARNING: Your images directory is not protected by a .htaccess file.

 

 

So a long story short. I no longer have a site that the public can see and I have a admin full of errors. Backups really don't matter from what I have been told. When a IP Address is banned, a back up will not fix it.

 

The only thing that resulted from trying to add this security feature to my site is that I banned myself from my own site and could NOT be fixed or get help from the creator. This has been a very costly error since I just paid for 3 years for this website for a site that will not be seen thanks to a link provided with the addon I hope nobody else makes my mistake.

 

I do however want to thank Jack & Steve for there time and attempts to help me. It was greatly appreciated. I just wish the result turned out differently.

Share this post


Link to post
Share on other sites

@@sunshynecraftsbeads  Hi Tracie, I'm sorry your dealing with this situation. I can relate.

 

As a shop owner I've been in situation where my site affected by something and it's frustrating. I'm not an expert, but it might be that a backup could pull you out of this, on the assumption that the ban is coming from within the site itself, generated by the coding of that particular add on. So a roll back may work in that case. The roll back would get rid of any database and file changes, including htaccess where some of this stuff comes from.

 

If you had a back up of the shop and database that were done right before you got involved in this they might help.  If they are older backups, you could roll back to a time you really don't want to.

 

If you didn't do backups yourself, sometimes the host will have those. In my case, that's iffy but who knows what your host has.

 

All that said, if the roll back isn't possible...then this....

 

You might well consider getting someone who is a professional to sort this out. There's a forum to post in to ask for that here.


I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Share this post


Link to post
Share on other sites

Thank you, thank you, thank you. You were absolutely right !!  Who said you shouldn't assume lol

 

I did a full website backup yesterday morning so I uploaded it and there it is. My Site is back online. Yeah !!!!

 

Again thank you Steve.

 

 

Cheers :beer:

Share this post


Link to post
Share on other sites

Great. Happy selling.


I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Share this post


Link to post
Share on other sites

After following this topic from the beginning I'm prompted to make the following observations.

 

1. Godaddy's file manager is not a reliable way to view your files at the best of times. Godaddy work on the presumption all its clients are idiots.

2. The only way to discover what files that are on your site and what they contain is to use a reliable FTP client. Filezilla is not a reliable FTP client. It always tries to upload and or download several instances of the same file when trying to make backups or restore them.

3. The first line of defense against this sort of happening should always be to load the backup you made prior to tampering with the file system. Installing unproven plugins or add-ons to a live site is tampering with the file system. There are easier and more proven was to protect your site than installing an IP blocker which coincidentally... Cpanel already has available for your site-wide use. I'm continually amazed at how many people think just because a plugin is available, it should be used.

 

I'm glad your site is back on-line, by the way.

Share this post


Link to post
Share on other sites

Advice for future readers, as this thread is a perfect example of what can go wrong and often does go wrong...

 

1. ALWAYS make a backup prior to abusing your site.

2. ALWAYS consult your error_log when an error occurs.

 

So, what does the error_log say? Some missing file? Some PHP error?

 

Whatever...Can you fix it?

 

Yes: fix it. Does the site now work?

No: go back to #2, rinse, repeat.

 

Still not working?

Rollback to the backup you made at #1

 

General addon advice:

 

a/ addons more than 2 years old are obviously not meant to be used on the Responsive osCommerce

b/ addon makers who have disappeared, avoid their addons in most cases

c/ remember that you are not a coder or a developer, so you are not expected to do things right 100% of the time

d/ just because a post from 10 years ago says to install something...doesn't mean the same advice applies now


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest Responsive osCommerce CE (community edition) here

Share this post


Link to post
Share on other sites

and @@sunshynecraftsbeads maybe be a little more careful about what you post ... I removed SIX links to your shops admin area from one of your posts in this thread.


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest Responsive osCommerce CE (community edition) here

Share this post


Link to post
Share on other sites

@@burt

 

Thanks for embarrassing and making me feel dumber than I already feel.

 

My Advice    Everyone BACK UP BACK UP BACK UP your files before doing anything. That saved my butt here.

 

Just a little followup on the comments (or advice) made to my post;

 

a/ addons more than 2 years old are obviously not meant to be used on the Responsive osCommerce   -  I am sure this is true as you would know better than I obviously but when a very experienced current member highly recommends you to add a contribution you would trust that they know what they are talking about and would not provide you with bad advice on purpose.

b/ addon makers who have disappeared, avoid their addons in most cases    -    Just because a person has been offline for 4 months doesn't mean he has disappeared? I don't know this person nor their person situation to know why they haven't been online. This person has been connected to this forum since 2003. To me that said a lot and that they could be trusted. I do check out people prior to doing anything that they suggest.

c/ remember that you are not a coder or a developer, so you are not expected to do things right 100% of the time  -  Your absolutely right. I am not a coder or a developer like yourself hence this is why there is a forum so that people like myself can ask for help or so I thought ? I do a lot of research on this forum so I avoid asking questions that have been asked before or may have been answered.

 

First let me say before going any further that I am not directing my comments to everyone who try to help us because there are some amazing people out there who go out of there way to try to help. But lately the majority of every response recommends paying a developer (like yourself) to do the work instead of trying to actual help. The responses received are vague and instructions are not clear or in plain English so people understand. You are expected to know the lingo of the coder or developers world. Doing this just leaves people with more questions than answers. Maybe in the hopes that we will give up and just pay someone from the commercial support team to do it for us. People asking for help may not be experts but we should not be treated like idiots or talked down too either.

d/ just because a post from 10 years ago says to install something...doesn't mean the same advice applies now - Actually I was doing a addon that was posted in February, 2016 and it was that person who highly recommended installing the addon in question on their instruction page. So no, it was not a post from 10 years ago like you assumed but a recommendation from a person who created a addon 3 months ago............

 

Lesson I learned from this experience.You can not trust anyone here anymore and that a forum is not longer about helping people who are not experienced in this area but just a place to make you feel stupid or a way for others to try to make a buck on those who need help.

 

Pardon me for making a mistake. Pardon me for trying to learn. Pardon me for asking for help. But most of all Pardon me for not being as smart as you.

 

Moral of the Story;

 

Everyone BACK UP BACK UP BACK UP your files before doing anything !!!!!!!!!!!!

Share this post


Link to post
Share on other sites

The post was aimed at FUTURE READERS who want to abuse their site.

 

The post aimed at YOU was one where I let you know I removed six links to your Admin Area.

You're welcome.


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest Responsive osCommerce CE (community edition) here

Share this post


Link to post
Share on other sites

But lately the majority of every response recommends paying a developer (like yourself) to do the work instead of trying to actual help.

I (rather quickly) scanned back through my own posts all the way back to May 2015.

In a whole years worth of posting, I have advised FOUR times to post at the Commercial Area.

 

I took a look at the Commercial Area, and see 31 shopowner posted projects posted during 2016.

Of those, I'm guessing and hoping that the majority of these shopowners have been helped out appropriately.

 

I could tell you exactly how many of those 31 projects I have personally worked on...you'd probably be surprised at the answer...

 

Put simply:

Developers do not get jobs from these boards.


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest Responsive osCommerce CE (community edition) here

Share this post


Link to post
Share on other sites

@@sunshynecraftsbeads

History repeats itself and probably everyone here has done at least one stupid thing, but the key is learning from others mistakes.  Don't take criticism too personally, but learn and grow from it.  You have to assume that every hacker and bad guy on the planet is reading these posts and not just someone to help you.  Don't post admin links and don't post any critical data about your site.  You basically said you were a little careless in what you had done but I think you know now you can cause yourself stress and headaches by not being careful.  It's dangerous to practice on a live site you want to make money with.  Think about making a test site to practice with first.  You'll be amazed how much you can learn if you try.

 

In the past I've done some really stupid things mainly because I was lazy or careless.  I don't recomend it.


I'm not really a dog.

Share this post


Link to post
Share on other sites

×