Re: Access Blocker Support Thread
v1.5.5f php7.1 access blocker v1.1.0
Hi Cindy I hope you and yours are coping with the virus scenario.
This is likely just coincidence - I had OPC switched off on a particular website and with access blocker activated was not getting any spam accounts - I re-activated OPC a few days ago and the site is now being swamped with spam accounts.
I contacted ipdata.co and asked if the API code was still valid / functional and they have responded that it is all good. The last log I have for access blocker is dated 26/9/2019 - I installed it on 16/8/2019 - enable debug has been set to true from that date. I have no other debug logs relating to access blocker or account creation etc.
in OPC configuration I have Enable Account Registration (Do you want your store's create_account processing to create a registered rather than a full account?) set to TRUE whereas the default is FALSE ..... would that have any effect? .... to be honest I am not sure what the difference is registered / full account and what it actually does ??
Like I say, likely just coincidence but thought the longshot was a connection?
Stay Safe
cheers Mike
Re: Access Blocker Support Thread
Quote:
Originally Posted by
shags38
v1.5.5f php7.1 access blocker v1.1.0
Hi Cindy I hope you and yours are coping with the virus scenario.
This is likely just coincidence - I had OPC switched off on a particular website and with access blocker activated was not getting any spam accounts - I re-activated OPC a few days ago and the site is now being swamped with spam accounts.
I contacted ipdata.co and asked if the API code was still valid / functional and they have responded that it is all good. The last log I have for access blocker is dated 26/9/2019 - I installed it on 16/8/2019 - enable debug has been set to true from that date. I have no other debug logs relating to access blocker or account creation etc.
in OPC configuration I have Enable Account Registration (Do you want your store's create_account processing to create a registered rather than a full account?) set to TRUE whereas the default is FALSE ..... would that have any effect? .... to be honest I am not sure what the difference is registered / full account and what it actually does ??
Like I say, likely just coincidence but thought the longshot was a connection?
Stay Safe
cheers Mike
Mike, all's good here in southern Florida (hopefully the same in Australia).
The account-registration feature of OPC enables a customer to register and receive newsletters and product notifications without providing any address-related information. When an account is 'registered', OPC fires the same notification as the base 'create_account' processing, so that Access Blocker should be picking up on those attempts as well.
Note, too, that the Access Blocker is currently at v1.2.0; that change to support OPC could have been added in the transition from v1.1.0 -> v1.2.0.
Re: Access Blocker Support Thread
Quote:
Originally Posted by
lat9
Mike, all's good here in southern Florida (hopefully the same in Australia).
The account-registration feature of OPC enables a customer to register and receive newsletters and product notifications without providing any address-related information. When an account is 'registered', OPC fires the same notification as the base 'create_account' processing, so that Access Blocker should be picking up on those attempts as well.
Note, too, that the Access Blocker is currently at v1.2.0; that change to support OPC could have been added in the transition from v1.1.0 -> v1.2.0.
Hi Cindy,
I changed configuration to 'false' for 'registered' account on a couple of websites on 9th May and it stopped the spam accounts - so registered was allowing spam account creation - I will upgrade to 1.2.0 soon and see if it still happens in 'registered' and report back :)
cheers,
Mike
Re: Access Blocker Support Thread
Quote:
Originally Posted by
shags38
Hi Cindy,
I changed configuration to 'false' for 'registered' account on a couple of websites on 9th May and it stopped the spam accounts - so registered was allowing spam account creation - I will upgrade to 1.2.0 soon and see if it still happens in 'registered' and report back :)
cheers,
Mike
Access Blocker doesn't show up in Plugins Search for some reason or other, in any variation of the term ?? - I got there by using your v1.1.1 update post in here - the latest download is v1.1.1 - is this correct?
cheers,
Mike
Re: Access Blocker Support Thread
Quote:
Originally Posted by
shags38
Access Blocker doesn't show up in Plugins Search for some reason or other, in any variation of the term ?? - I got there by using your v1.1.1 update post in here - the latest download is v1.1.1 - is this correct?
cheers,
Mike
Mike, I misspoke when I said that Access Blocker was at v1.2.0; v1.1.1 is the most recent version.
Note, too, that the Zen Cart search functionality is pretty lame. I usually google "Zen Cart {whatever}", in this case "Zen Cart Access Blocker" to find what I'm looking for.
Re: Access Blocker Support Thread
Quote:
Originally Posted by
lat9
Mike, I misspoke when I said that Access Blocker was at v1.2.0; v1.1.1 is the most recent version.
Note, too, that the Zen Cart search functionality is pretty lame. I usually google "Zen Cart {whatever}", in this case "Zen Cart Access Blocker" to find what I'm looking for.
Hi Cindy, I assumed as much but wanted to be sure :) I will keep the Google method in mind - the big disappointment is that a great deal of Zen Cart users are not using this great plugin because it doesn't show up in plugins ):
Re: Access Blocker Support Thread
Been on 1.1.0 for a year now happy as a clam. This has got the be the most under-appreciated plug in out there. It shut the fake account creation down to zero and I haven't given it a thought in a long time.
Recently they have started back up again. I have been digging through things to see if everything is working and it seems to be. I think the newest attacker is just slipping through the ipdata.co filter.
Im keeping an eye on the who is online section in admin and adding any sketchy countries I see to the field in the access blocker settings.
Am I doing it right that the comma separated list should not have spaces after the commas?
All the recent fake accounts are using the same country for their fake customer.
Is there a place in the code I can add this feature to "Block by: Create-account Country"
Before now the filter Block by: Create-account Company set to google was sufficient to block the overwhelming majority of what was coming in.
Re: Access Blocker Support Thread
Quote:
Originally Posted by
angst
Am I doing it right that the comma separated list should not have spaces after the commas?
Those comma-separated lists can include spaces, new-lines, carriage-returns and tabs (makes the configuration setting much more readable) ... so long as there's an intervening comma.
What version of Zen Cart is in use on the site? Any debug-logs generated at/around the time of the fake-account creation(s)?
Update: You can also set the Access Blocker's debug setting to 'all' which will also generate a request/response trace of communications to ipdata.co in /logs/ipData.log.
Re: Access Blocker Support Thread
Access Blocker ver. 1.1.0
Zen Cart ver. 1.5.5f
In the configuration in the admin GUI there is only a toggle of debug on or off that creates a log of everything that ipdata has denied but it does not log all the traffic that it let though. I have that on long term and its amazing how many creations it is blocking each month. Over 700 blocks this month.
In includes/classes/ipdata.php
around line 9 is
Quote:
if (!defined('IPDATA_LOGGING')) {
define('IPDATA_LOGGING', 'false');
If I change that to 'true' or 'all' will it create the file you mention and log all traffic including allowed traffic at /logs/ipdata.log ?
I don' think knowing where they are coming from is going to help me though. Im watching the "who is online" tool all day and am adding every random country that I see that has been on the contact us success page. I keep maxing out my allowed lookups at domaintools.com and am not making a dent in it. Here is what my country block comma separated list looks like so far. IS,NL,SG,ZW,MK,RU,CN,TW,IN,BE,PE,BR,CZ,RO,ZW,TH,UA,DE,BR,VN,SG,BG
Is there a place in the code I can add a feature to "Block by: Create-account Country" ?
100% of these accounts are filling in the customer as a certain country. If I could add that as a filter it would shut them down completely.
Re: Access Blocker Support Thread
Access Blocker's debug simply creates a monthly log of accesses blocked, there's no provision to log all accesses and identify whether it's blocked or not.
The Block by Country and Block by Organization settings require an API call to ipdata.co to retrieve that country/organization information based on the active IP address. Noting, too, that starting with Zen Cart 1.5.2, you have the option of disabling countries so that the base Zen Cart processing will disallow that country from any customer address.
I normally keep Access Blocker's debug set to 'true' and then inspect those monthly blocked-access logs and add any new IP-address blocks to the Block by IP Address setting. The addresses in that list are blocked prior to making an API call to ipdata.co, so that they don't count towards your usage statistics.
