AbuseIPDB Integration module

That's exactly it. A completely blank page with (in my case) a 403 response. I guess you could set a custom static 403 page via .htaccess to inform the user that their IP is blocked. I couldn't find what was throwing the headers already sent error when using your plugin, so I just worked backwards from the program flow documentation and added the check IP code as early as possible in the code base.

I've hit another issue. Even though I've signed up as a webmaster & put the button on my website to increase API calls to 5000 on abuseipdb.com, I've hit my ip lookup api limit within 3 hours of a 24-hour period. Does the plugin also cache clean IP's or will it simply look up the same clean IP on every page view, meaning each page view equals one api hit?

Yes, the plugin caches both clean and abusive IPs. It only makes an API call if the abuse score is not in the cache or if it has expired.

Instead of adding a new notifier (NOTIFY_HEADER_START) in includes/templates/YOUR_TEMPLATE/common/tpl_header.php you could also use the existing notifier NOTIFY_HTML_HEAD_START in includes/templates/YOUR_TEMPLATE/common/html_header.php and change in the observer class from NOTIFY_HEADER_START to NOTIFY_HTML_HEAD_START.
This way there is no change of existing core files required when installing the plugin.

I'm not sure if the caching is working correctly. I've woken up just now & almost exhausted my API limit for the day at 7:47am

I just enabled debug mode to check the logs & it would seem it's making a fresh call even for the same ip.

From the bottom of the first debug log

[25-May-2023 07:46:22 Europe/London] Checking cache for IP: 54.236.1.11
[25-May-2023 07:46:22 Europe/London] API call made for IP: 54.236.1.11 with score: 63
[25-May-2023 07:46:22 Europe/London] IP 54.236.1.11 blocked from API call

and then the second

[25-May-2023 07:46:39 Europe/London] Checking cache for IP: 54.236.1.11
[25-May-2023 07:46:39 Europe/London] API call made for IP: 54.236.1.11 with score: 63
[25-May-2023 07:46:39 Europe/London] IP 54.236.1.11 blocked from API call

the third

[25-May-2023 07:46:43 Europe/London] Checking cache for IP: 54.236.1.11
[25-May-2023 07:46:44 Europe/London] API call made for IP: 54.236.1.11 with score: 63
[25-May-2023 07:46:44 Europe/London] IP 54.236.1.11 blocked from API call

So it would seem they are all the same IP address but they are looking up each time if I'm not mistaken.

Quote:

---

Originally Posted by webchills

Instead of adding a new notifier (NOTIFY_HEADER_START) in includes/templates/YOUR_TEMPLATE/common/tpl_header.php you could also use the existing notifier NOTIFY_HTML_HEAD_START in includes/templates/YOUR_TEMPLATE/common/html_header.php and change in the observer class from NOTIFY_HEADER_START to NOTIFY_HTML_HEAD_START.
This way there is no change of existing core files required when installing the plugin.

---

Just changed the observer as mentioned here & removed my code from index.php - it does indeed work, blocking works & it also avoids the headers already sent issue I received before. Great observation. Now I just need to solve this caching issue as I'm about to run out of API calls for another day thanks to the same IP's

Quote:

---

Originally Posted by johnjlarge

I'm not sure if the caching is working correctly. I've woken up just now & almost exhausted my API limit for the day at 7:47am

I just enabled debug mode to check the logs & it would seem it's making a fresh call even for the same ip.

From the bottom of the first debug log

[25-May-2023 07:46:22 Europe/London] Checking cache for IP: 54.236.1.11
[25-May-2023 07:46:22 Europe/London] API call made for IP: 54.236.1.11 with score: 63
[25-May-2023 07:46:22 Europe/London] IP 54.236.1.11 blocked from API call

and then the second

[25-May-2023 07:46:39 Europe/London] Checking cache for IP: 54.236.1.11
[25-May-2023 07:46:39 Europe/London] API call made for IP: 54.236.1.11 with score: 63
[25-May-2023 07:46:39 Europe/London] IP 54.236.1.11 blocked from API call

the third

[25-May-2023 07:46:43 Europe/London] Checking cache for IP: 54.236.1.11
[25-May-2023 07:46:44 Europe/London] API call made for IP: 54.236.1.11 with score: 63
[25-May-2023 07:46:44 Europe/London] IP 54.236.1.11 blocked from API call

So it would seem they are all the same IP address, but they are looking up each time if I'm not mistaken.

---

Just another observation on this, could it be that known spiders are prevented from creating a session, so the IP isn't cached in the session cache? I could be way off, but my initial investigation is that this IP is pinterestbot which I have as a robot in my zen cart who's online/admin robot definitions.

Quote:

---

Originally Posted by johnjlarge

Just another observation on this, could it be that known spiders are prevented from creating a session, so the IP isn't cached in the session cache? I could be way off, but my initial investigation is that this IP is pinterestbot which I have as a robot in my zen cart who's online/admin robot definitions.

---

Known spiders are definitively prevented from creating sessions

As you are not using the page_not_found redirect, you could change in the observer class from

Code:

---

// Do not execute the check for the 'page_not_found' page
                if ($current_page_base == 'page_not_found') {
                        return;
                }

---

to

Code:

---

// Do not execute the check for known spiders
                if (isset($spider_flag) && $spider_flag === true) {
                        return;
                }

---

to disable the whole thing for known spiders

I'm not using this on a live site at the moment so cannot really test if its working

Quote:

---

Originally Posted by webchills

Known spiders are definitively prevented from creating sessions

As you are not using the page_not_found redirect, you could change in the observer class from

Code:

---

// Do not execute the check for the 'page_not_found' page
                if ($current_page_base == 'page_not_found') {
                        return;
                }

---

to

Code:

---

// Do not execute the check for known spiders
                if (isset($spider_flag) && $spider_flag === true) {
                        return;
                }

---

to disable the whole thing for known spiders

I'm not using this on a live site at the moment so cannot really test if its working

---

I've changed the code as suggested, but I'll have to wait until tomorrow when my api quota resets to see if it works for spiders. If it works that is quite an elegant fix as I manually block bad bot useragents via .htaccess before they load anything from my site.

Quote:

---

Originally Posted by webchills

Known spiders are definitively prevented from creating sessions

As you are not using the page_not_found redirect, you could change in the observer class from

Code:

---

// Do not execute the check for the 'page_not_found' page
                if ($current_page_base == 'page_not_found') {
                        return;
                }

---

to

Code:

---

// Do not execute the check for known spiders
                if (isset($spider_flag) && $spider_flag === true) {
                        return;
                }

---

to disable the whole thing for known spiders

I'm not using this on a live site at the moment so cannot really test if its working

---

Great solution this modification in the code introduces an additional check to prevent unnecessary IP abuse checks.

If the current page is a 'page_not_found', the IP abuse check will be skipped.
If the visitor is a known web spider or bot, the IP abuse check will also be skipped.

This reduces unnecessary API calls to AbuseIPDB when traffic comes from known web spiders or bots, which are usually harmless.

PHP Code:

---

// Do not execute the check for the 'page_not_found' page or for known spiders
if ($current_page_base == 'page_not_found' || (isset($spider_flag) && $spider_flag === true)) {
    return;
} 


---