AbuseIPDB Integration module

Recap and Solution I Implemented in v2.0.7 for the Meantime:

Problem:
During testing, I faced difficulties with the spider detection feature in Zen Cart. Specifically, the utilization of the $spider_flag variable did not produce the expected results, particularly in generating logs after detecting a spider using:

PHP Code:

---

if (isset($spider_flag) && $spider_flag === true) 


---

Solution Implemented:
To resolve this issue, I decided to clone the spider detection code from Zen Cart and integrate it directly into the module functions file. This allowed me to incorporate the spider detection functionality without relying on Zen Cart's $spider_flag variable. As a result, the spider detection now works as intended within my custom code.

PHP Code:

---

function checkSpiderFlag() {
    if (defined('SESSION_BLOCK_SPIDERS')) {
        $user_agent_abuseipdb = '';
        if (isset($_SERVER['HTTP_USER_AGENT'])) {
            $user_agent_abuseipdb = strtolower($_SERVER['HTTP_USER_AGENT']);
        }
        $spider_flag_abuseipdb = false;
        if (!empty($user_agent_abuseipdb)) {
            $spiders_abuseipdb = file(DIR_WS_INCLUDES . 'spiders.txt');
            for ($i = 0, $n = sizeof($spiders_abuseipdb); $i < $n; $i++) {
                if (!empty($spiders_abuseipdb[$i]) && substr($spiders_abuseipdb[$i], 0, 4) != '$Id:') {
                    if (is_integer(strpos($user_agent_abuseipdb, trim($spiders_abuseipdb[$i])))) {
                        $spider_flag_abuseipdb = true;
                        break;
                    }
                }
            }
        }
        return $spider_flag_abuseipdb;
    }
    return false; 


---

Although the current solution successfully resolves the logging problem, I am interested in understanding why using the original $spider_flag variable did not produce the expected outcome. If anyone has any insights, suggestions, or guidance that could be a potential resolution that would allow me to revert back to using the $spider_flag in the future, please do let me know!

Thank you for your time and assistance.

Quote:

---

Originally Posted by marcopolo

Recap and Solution I Implemented in v2.0.7 for the Meantime:

Problem:
During testing, I faced difficulties with the spider detection feature in Zen Cart. Specifically, the utilization of the $spider_flag variable did not produce the expected results, particularly in generating logs after detecting a spider using:

PHP Code:

---

if (isset($spider_flag) && $spider_flag === true) 


---

Solution Implemented:
To resolve this issue, I decided to clone the spider detection code from Zen Cart and integrate it directly into the module functions file. This allowed me to incorporate the spider detection functionality without relying on Zen Cart's $spider_flag variable. As a result, the spider detection now works as intended within my custom code.

PHP Code:

---

function checkSpiderFlag() {
    if (defined('SESSION_BLOCK_SPIDERS')) {
        $user_agent_abuseipdb = '';
        if (isset($_SERVER['HTTP_USER_AGENT'])) {
            $user_agent_abuseipdb = strtolower($_SERVER['HTTP_USER_AGENT']);
        }
        $spider_flag_abuseipdb = false;
        if (!empty($user_agent_abuseipdb)) {
            $spiders_abuseipdb = file(DIR_WS_INCLUDES . 'spiders.txt');
            for ($i = 0, $n = sizeof($spiders_abuseipdb); $i < $n; $i++) {
                if (!empty($spiders_abuseipdb[$i]) && substr($spiders_abuseipdb[$i], 0, 4) != '$Id:') {
                    if (is_integer(strpos($user_agent_abuseipdb, trim($spiders_abuseipdb[$i])))) {
                        $spider_flag_abuseipdb = true;
                        break;
                    }
                }
            }
        }
        return $spider_flag_abuseipdb;
    }
    return false; 


---

Although the current solution successfully resolves the logging problem, I am interested in understanding why using the original $spider_flag variable did not produce the expected outcome. If anyone has any insights, suggestions, or guidance that could be a potential resolution that would allow me to revert back to using the $spider_flag in the future, please do let me know!

Thank you for your time and assistance.

---

Testing here, and it's working really well with the new spiders detection code. Saving a lot of API calls on my site. Also, I've set my threshold at 30% as most of my customers score a 0 threat score, so I'm currently blocking about 10% of hits to the server. I've gone through the logs manually checking bad IPs and there are some real nasty ones in there. This plugin will save a lot of server resources and turn away some of the worst bad bots & crawlers. Invaluable to small shop owners.

Thank you for all the hard work :)

Quote:

---

Originally Posted by johnjlarge

Testing here, and it's working really well with the new spiders detection code. Saving a lot of API calls on my site. Also, I've set my threshold at 30% as most of my customers score a 0 threat score, so I'm currently blocking about 10% of hits to the server. I've gone through the logs manually checking bad IPs and there are some real nasty ones in there. This plugin will save a lot of server resources and turn away some of the worst bad bots & crawlers. Invaluable to small shop owners.

Thank you for all the hard work :)

---

having recently implemented this plugin on a couple of sites, i can truly see its benefit.

it is a GREAT addition to the zen-cart plugin repository.

thanks to @marcopolo for this contribution!

Heya Marco,

I just submitted a PR/Merge request to your Github repository for adding the Contributor Badge onto the admin dashboard to get a higher API daily limits. The changes aren't that serious, but I added a bit to the documentation and upped the version number. I have also submitted, what would now be, 2.1.2 to the ZC Plugins database.

You can view my PR here:
https://github.com/CcMarc/AbuseIPDB/pull/6

Someone on GitHub requested a whos_online feature. I use an enhanced version of whos_online and am currently still on Zen Cart 1.5.5, so I'm not sure about compatibility with newer versions. However, if you'd like to try it, this enhanced version adds the following features directly within the whos_online screen:

• Exclude IPs by AbuseIPDB Threshold: Automatically filter out IPs from the "Who's Online" list based on their AbuseIPDB score exceeding a set threshold.
• Display AbuseIPDB Score: Show the AbuseIPDB score next to each IP address in the "Who's Online" list, indicating the level of potential abuse associated with the IP.
• Shield Icon for Blocked IPs: Display a shield icon for IPs automatically blocked by the module, indicating they have met or exceeded the threshold.
• Ban Icon for Manual Blacklisting: Provide a ban icon that allows administrators to manually blacklist an IP address, adding it to the blacklist file directly from the "Who's Online" interface.

Attachment 20737

Here's the complete enhanced_whos_online_2.0 plugin with my modifications. There are some image files that go along with the original plugin, in case you're not currently using it and need those:

Attachment 20738

This is a great plugin. It has certainly reduced the time normally required blocking the script-kiddies.
AbuseIPDB v2.1.2; zc 158a and 2.1.0; PHP 8.3

In admin > ABUSEIPDB Configuration > Redirect URL Option 2

Code:

---

Option 2: 403 Forbidden - If selected, the user will be shown a 403 Forbidden error
 message if their IP is found to be abusive. This option provides a more explicit message indicating that the user is forbidden from accessing
the website due to their IP being flagged as abusive.

---

How can I provide a more explicit message?

The current message is:

Quote:

---

Access to xxx.xxx.xxx.xxx was denied.
You don't have authorisation to view this page.

---

Using the Developer's Tool Kit, you could search for

You don't have authorisation

Then change the file.

Running ZC 2.1.0

Installed Access Blocker. Struggled to get email verification to work. Ended up using a different email address which then worked. (strange) Anyway, now I'm going over the settings in ZenCart Admin and noticed. (see attached) Basically it wants a user id number from the URL at AbuseIPDB which no longer displays a user ID in the URL. So this seems to be outdated and needs correction or deletion. Or the instructions updated to be useful in finding this information for the field.

Access Blocker and AbuseIPDB are totally different plugins.

Access Blocker uses the ipdata.co site and you need an account from that site for your "ipData Service: API Key" .

AbuseIPDB uses the AbuseIPDB.com site and you need an account from that site for your "AbuseIPDB: API Key"