Access Blocker Support Thread

Quote:

---

Originally Posted by mcpisik

Thanks for the plugin.
Just wondering if there would be a way to block by the Company name field, in account creation?
Eg. My 1000+ fake accounts all use 'google' as the company name.

---

I've created a GitHub issue (https://github.com/lat9/access_blocker/issues/7) to track your request.

I've just submitted v1.1.0 of the Access Blocker for review by the Zen Cart plugin moderators and will post back when it's available for download.

This release contains changes associated with the following GitHub issues:


#6: Don't require ipdata.co access if otherwise blocked
#7: Add blocking by company name during the create-account process

Quote:

---

Originally Posted by lat9

I've just submitted v1.1.0 of the Access Blocker for review by the Zen Cart plugin moderators and will post back when it's available for download.

This release contains changes associated with the following GitHub issues:


#6: Don't require ipdata.co access if otherwise blocked
#7: Add blocking by company name during the create-account process

---

Now available for download: https://www.zen-cart.com/downloads.php?do=file&id=2237

Hi Cindy - thanks for this great plugin - likely a dumb question but can we use the one single API key from ipdata.co for multiple websites?

cheers,
Mike

Thanks, Mike. You'll need to contact ipdata.co regarding the usage of that API key's use on multiple sites.

Quote:

---

Originally Posted by lat9

Thanks, Mike. You'll need to contact ipdata.co regarding the usage of that API key's use on multiple sites.

---

Hi Cindy, ipdata.co say 1 key is fine for multiple sites - quota limit per key (free version) is 1500 daily.

cheers, Mike

Hmm.... not having much luck so far. Entered my API key and turned on Access Blocker, then entered country codes CN,HK (the source of the bad traffic.)

However, there's no downward movement in Who's Online.

Also tried setting the top 2 octets of the IP and even the Organization for good measure, but not seeing any changes. Getting new sessions by the second from the bad guy address.

I may have misunderstood the design intent. If this plugin only blocks access to the create account (etc.) pages, I wonder if it would be possible to extend it to block access to ALL pages based on the configuration.

Quote:

---

Originally Posted by swguy

I may have misunderstood the design intent. If this plugin only blocks access to the create account (etc.) pages, I wonder if it would be possible to extend it to block access to ALL pages based on the configuration.

---

Yes, Access Blocker is a pseudo-recaptcha in that it does all its blocking at the server level (nothing for the script-kiddies to grab on).

What you're looking for, IMO, is an automatic .htaccess generator (dangerous to do on the fly for busy shops).

I quite agree it would be risky to attempt to update the .htaccess file as part of storefront processing (because of the danger of having it done simultaneously by multiple threads). But what if the logic was to add these bad IPs to a table, and have a separate process regenerate the .htaccess from a cron job ?