Access Blocker Support Thread

This is the support thread for the soon-to-be-published Access Blocker plugin. This drop-in plugin provides some captcha-like blocking of accesses to your store's contact_us, create_account and login pages' processing.

Unlike other captcha-type handling, Access Blocker works behind the scenes to determine whether the IP address, email-address and/or contact-us comments should result in an action (e.g. creating a contact-us message or creating an account) being blocked. The plugin can be configured to use the API provided by https://ipdata.co, which provides additional information associated with an IP address (like its country-of-origin and whether it's been previously reported as a threat).

The plugin has been validated on Zen Cart 1.5.5 and 1.5.6 variants, using the built-in notification points for the possibly-blocked pages. I've been using it on my website for the past couple of months, with a significant drop in spam.

I'll update this thread once I've posted the plugin to the Zen Cart plugins for review.

Once reviewed, here's the plugin's Zen Cart download link: https://www.zen-cart.com/downloads.php?do=file&id=2237

You can get a sneak peek by downloading from the plugin's GitHub repository: https://github.com/lat9/access_block...ses/tag/v1.0.0

Quote:

---

Originally Posted by lat9

Once reviewed, here's the plugin's Zen Cart download link: https://www.zen-cart.com/downloads.php?do=file&id=2237

You can get a sneak peek by downloading from the plugin's GitHub repository: https://github.com/lat9/access_block...ses/tag/v1.0.0

---

That was fast (thanks @swguy!); the plugin is now available for download from its Zen Cart download link.

Will this plugin have any effect on site performance. I installed it and obtained a key. I am not sure though how to know if it is working or not. Is there a way to test it to see if it is actually working

I figured it out

As an example I used https://api.ipdata.co?api-key=XXXXXXXXXXXXX taken from the signup email from ipdata.com.


Though I just installed it and click on my example url it has a count of 450 and rising.

Hmm sees a little too fast if that number is correct.

Well i installed the plugin. 10 minutes later I get a spam email. As mentioned before i obtained the key. Does this module really block spam or is just a means gathering ip's.

I am having a hard time understanding how this plugin is supposed to work

Quote:

---

Originally Posted by chadlly2003

Well i installed the plugin. 10 minutes later I get a spam email. As mentioned before i obtained the key. Does this module really block spam or is just a means gathering ip's.

I am having a hard time understanding how this plugin is supposed to work

---

The plugin, using the ipdata.co information returned, will block known 'threats'. There are additional configuration settings where you can also block the access by country-code (as returned by ipdata.co), an ip-address range ... and more.

The approach I use for my installation of the plugin is, when I receive a rogue email, determine whether to totally block the access (via separate edit of the site's .htaccess file) or to simply block the contact-us/create-account/login pages' access by updating the plugin's configuration.

I've just submitted v1.0.1 of Access Blocker for review and will post back when it's available for download.

This release contains changes associated with the following GitHub issues:


#1: Added missing license.
#3: Correct log, indicating the IP address that was denied.
#4: For site performance, only request the ipData information on pages being filtered.
#5: Modify configuration settings to use a textarea box (allows admins to see what's been previously entered).

v1.0.1 is now available for download.

Thanks for the plugin.
Just wondering if there would be a way to block by the Company name field, in account creation?
Eg. My 1000+ fake accounts all use 'google' as the company name.

Quote:

---

Originally Posted by mcpisik

Thanks for the plugin.
Just wondering if there would be a way to block by the Company name field, in account creation?
Eg. My 1000+ fake accounts all use 'google' as the company name.

---

I've created a GitHub issue (https://github.com/lat9/access_blocker/issues/7) to track your request.

I've just submitted v1.1.0 of the Access Blocker for review by the Zen Cart plugin moderators and will post back when it's available for download.

This release contains changes associated with the following GitHub issues:


#6: Don't require ipdata.co access if otherwise blocked
#7: Add blocking by company name during the create-account process

Quote:

---

Originally Posted by lat9

I've just submitted v1.1.0 of the Access Blocker for review by the Zen Cart plugin moderators and will post back when it's available for download.

This release contains changes associated with the following GitHub issues:


#6: Don't require ipdata.co access if otherwise blocked
#7: Add blocking by company name during the create-account process

---

Now available for download: https://www.zen-cart.com/downloads.php?do=file&id=2237

Hi Cindy - thanks for this great plugin - likely a dumb question but can we use the one single API key from ipdata.co for multiple websites?

cheers,
Mike

Thanks, Mike. You'll need to contact ipdata.co regarding the usage of that API key's use on multiple sites.

Quote:

---

Originally Posted by lat9

Thanks, Mike. You'll need to contact ipdata.co regarding the usage of that API key's use on multiple sites.

---

Hi Cindy, ipdata.co say 1 key is fine for multiple sites - quota limit per key (free version) is 1500 daily.

cheers, Mike

Hmm.... not having much luck so far. Entered my API key and turned on Access Blocker, then entered country codes CN,HK (the source of the bad traffic.)

However, there's no downward movement in Who's Online.

Also tried setting the top 2 octets of the IP and even the Organization for good measure, but not seeing any changes. Getting new sessions by the second from the bad guy address.

I may have misunderstood the design intent. If this plugin only blocks access to the create account (etc.) pages, I wonder if it would be possible to extend it to block access to ALL pages based on the configuration.

Quote:

---

Originally Posted by swguy

I may have misunderstood the design intent. If this plugin only blocks access to the create account (etc.) pages, I wonder if it would be possible to extend it to block access to ALL pages based on the configuration.

---

Yes, Access Blocker is a pseudo-recaptcha in that it does all its blocking at the server level (nothing for the script-kiddies to grab on).

What you're looking for, IMO, is an automatic .htaccess generator (dangerous to do on the fly for busy shops).

I quite agree it would be risky to attempt to update the .htaccess file as part of storefront processing (because of the danger of having it done simultaneously by multiple threads). But what if the logic was to add these bad IPs to a table, and have a separate process regenerate the .htaccess from a cron job ?

Quote:

---

Originally Posted by swguy

I quite agree it would be risky to attempt to update the .htaccess file as part of storefront processing (because of the danger of having it done simultaneously by multiple threads). But what if the logic was to add these bad IPs to a table, and have a separate process regenerate the .htaccess from a cron job ?

---

That's outside of the scope I intended for this module.

Right - this would be done as a separate project.

I've just submitted v1.1.1 of the Access Blocker to the Zen Cart moderators for review; I'll post back here when it's available for download.

This release corrects the generation of PHP notices when one or more of the submitted form-fields is missing; see GitHub issue #8.

Quote:

---

Originally Posted by lat9

I've just submitted v1.1.1 of the Access Blocker to the Zen Cart moderators for review; I'll post back here when it's available for download.

This release corrects the generation of PHP notices when one or more of the submitted form-fields is missing; see GitHub issue #8.

---

Now available for download: https://www.zen-cart.com/downloads.php?do=file&id=2237

Quote:

---

Originally Posted by lat9

Now available for download: https://www.zen-cart.com/downloads.php?do=file&id=2237

---

I thought I understand what this mod can and cannot do, but it doesn't seem to be working.

So I found a list of 249 2-letter country codes, picked 22 countries where I have, or theoretically could, sell product, and then I compiled a comma-delimited list of the remaining 227 countries. I then put this list (AF,AL,DZ,AS,AD,AO,AI,AQ,AG,AR,AM,AW,AZ,...BY...) in the block by country list. I also put in my API and enabled Access Blocker.

I should also add that previously, as a short-term solution, I had temporarily disabled new account e-mail confirmations, but I still get my copy. I tested this and it is working. Using a real e-mail address, and "Bogus Name," I get my 'shop copy,' but Bogus' email gets nothing. BTW, I also updated the success page so it does say that a confirmation will NOT be coming . . . .

An hour after I set up Access Blocker, I received another new account notification from an IP address based in a blocked country. I confirmed that Belarus (BY) was indeed on my list, but still this 'Belarusian' bot was able to set up a new account.

I'm stumped. Have I missed something?

Do you have the Access Blocker's debug enabled. That will create a month-by-month list of accesses blocked, so you can get a feeling for what's going on.

What version of Access Blocker and what version of Zen Cart?

Quote:

---

Originally Posted by lat9

Do you have the Access Blocker's debug enabled. That will create a month-by-month list of accesses blocked, so you can get a feeling for what's going on.

What version of Access Blocker and what version of Zen Cart?

---

I'm on ZC 1.5.3 and Access Blocker 1.1.1. There is no change at all in volume of new accounts - in fact, it is on the rise. We've gone from 2-3 fake accounts per day to 7-8. I can't see that this mod is doing anything at all. One thought I did have was perhaps it lies with the format of the list. Is it supposed to be AA,AB,AC . . . or with spaces, as in AA, AB, AC, . . . my list has no spaces. I'll try that now while I wait for some hopefully great suggestions, ;)

Quote:

---

Originally Posted by smcelligott

I'm on ZC 1.5.3 and Access Blocker 1.1.1. There is no change at all in volume of new accounts - in fact, it is on the rise. We've gone from 2-3 fake accounts per day to 7-8. I can't see that this mod is doing anything at all. One thought I did have was perhaps it lies with the format of the list. Is it supposed to be AA,AB,AC . . . or with spaces, as in AA, AB, AC, . . . my list has no spaces. I'll try that now while I wait for some hopefully great suggestions, ;)

---

Access Blocker, as indicated by its readme, supports Zen Cart 1.5.5 and later. That's due to the additional notifications that are now present in the base Zen Cart, which make this a drop-in plugin.

What's happening is that while it's listening for create-account, login and contact-us captcha notifications, they're not being issued.

Argh, that was silly of me. I didn't even look at that. I always resist doing Zen Cart upgrades because the process is so very painful. Each time I complete an upgrade, I vow that I will just migrate to another platform, but then I get on with things, and become complacent until I am faced with the next painful upgrade.

Quote:

---

Originally Posted by smcelligott

Argh, that was silly of me. I didn't even look at that. I always resist doing Zen Cart upgrades because the process is so very painful. Each time I complete an upgrade, I vow that I will just migrate to another platform, but then I get on with things, and become complacent until I am faced with the next painful upgrade.

---

Using the info at https://www.zen-cart.com/entry.php?3...d-of-upgrading will have you saying, "No worries."

v1.5.5f php7.1 access blocker v1.1.0

Hi Cindy I hope you and yours are coping with the virus scenario.

This is likely just coincidence - I had OPC switched off on a particular website and with access blocker activated was not getting any spam accounts - I re-activated OPC a few days ago and the site is now being swamped with spam accounts.

I contacted ipdata.co and asked if the API code was still valid / functional and they have responded that it is all good. The last log I have for access blocker is dated 26/9/2019 - I installed it on 16/8/2019 - enable debug has been set to true from that date. I have no other debug logs relating to access blocker or account creation etc.

in OPC configuration I have Enable Account Registration (Do you want your store's create_account processing to create a registered rather than a full account?) set to TRUE whereas the default is FALSE ..... would that have any effect? .... to be honest I am not sure what the difference is registered / full account and what it actually does ??

Like I say, likely just coincidence but thought the longshot was a connection?

Stay Safe

cheers Mike

Quote:

---

Originally Posted by shags38

v1.5.5f php7.1 access blocker v1.1.0

Hi Cindy I hope you and yours are coping with the virus scenario.

This is likely just coincidence - I had OPC switched off on a particular website and with access blocker activated was not getting any spam accounts - I re-activated OPC a few days ago and the site is now being swamped with spam accounts.

I contacted ipdata.co and asked if the API code was still valid / functional and they have responded that it is all good. The last log I have for access blocker is dated 26/9/2019 - I installed it on 16/8/2019 - enable debug has been set to true from that date. I have no other debug logs relating to access blocker or account creation etc.

in OPC configuration I have Enable Account Registration (Do you want your store's create_account processing to create a registered rather than a full account?) set to TRUE whereas the default is FALSE ..... would that have any effect? .... to be honest I am not sure what the difference is registered / full account and what it actually does ??

Like I say, likely just coincidence but thought the longshot was a connection?

Stay Safe

cheers Mike

---

Mike, all's good here in southern Florida (hopefully the same in Australia).

The account-registration feature of OPC enables a customer to register and receive newsletters and product notifications without providing any address-related information. When an account is 'registered', OPC fires the same notification as the base 'create_account' processing, so that Access Blocker should be picking up on those attempts as well.

Note, too, that the Access Blocker is currently at v1.2.0; that change to support OPC could have been added in the transition from v1.1.0 -> v1.2.0.

Quote:

---

Originally Posted by lat9

Mike, all's good here in southern Florida (hopefully the same in Australia).

The account-registration feature of OPC enables a customer to register and receive newsletters and product notifications without providing any address-related information. When an account is 'registered', OPC fires the same notification as the base 'create_account' processing, so that Access Blocker should be picking up on those attempts as well.

Note, too, that the Access Blocker is currently at v1.2.0; that change to support OPC could have been added in the transition from v1.1.0 -> v1.2.0.

---

Hi Cindy,

I changed configuration to 'false' for 'registered' account on a couple of websites on 9th May and it stopped the spam accounts - so registered was allowing spam account creation - I will upgrade to 1.2.0 soon and see if it still happens in 'registered' and report back :)

cheers,
Mike

Quote:

---

Originally Posted by shags38

Hi Cindy,

I changed configuration to 'false' for 'registered' account on a couple of websites on 9th May and it stopped the spam accounts - so registered was allowing spam account creation - I will upgrade to 1.2.0 soon and see if it still happens in 'registered' and report back :)

cheers,
Mike

---

Access Blocker doesn't show up in Plugins Search for some reason or other, in any variation of the term ?? - I got there by using your v1.1.1 update post in here - the latest download is v1.1.1 - is this correct?

cheers,
Mike

Quote:

---

Originally Posted by shags38

Access Blocker doesn't show up in Plugins Search for some reason or other, in any variation of the term ?? - I got there by using your v1.1.1 update post in here - the latest download is v1.1.1 - is this correct?

cheers,
Mike

---

Mike, I misspoke when I said that Access Blocker was at v1.2.0; v1.1.1 is the most recent version.

Note, too, that the Zen Cart search functionality is pretty lame. I usually google "Zen Cart {whatever}", in this case "Zen Cart Access Blocker" to find what I'm looking for.

Quote:

---

Originally Posted by lat9

Mike, I misspoke when I said that Access Blocker was at v1.2.0; v1.1.1 is the most recent version.

Note, too, that the Zen Cart search functionality is pretty lame. I usually google "Zen Cart {whatever}", in this case "Zen Cart Access Blocker" to find what I'm looking for.

---

Hi Cindy, I assumed as much but wanted to be sure :) I will keep the Google method in mind - the big disappointment is that a great deal of Zen Cart users are not using this great plugin because it doesn't show up in plugins ):

Been on 1.1.0 for a year now happy as a clam. This has got the be the most under-appreciated plug in out there. It shut the fake account creation down to zero and I haven't given it a thought in a long time.
Recently they have started back up again. I have been digging through things to see if everything is working and it seems to be. I think the newest attacker is just slipping through the ipdata.co filter.
Im keeping an eye on the who is online section in admin and adding any sketchy countries I see to the field in the access blocker settings.
Am I doing it right that the comma separated list should not have spaces after the commas?

All the recent fake accounts are using the same country for their fake customer.
Is there a place in the code I can add this feature to "Block by: Create-account Country"
Before now the filter Block by: Create-account Company set to google was sufficient to block the overwhelming majority of what was coming in.

Quote:

---

Originally Posted by angst

Am I doing it right that the comma separated list should not have spaces after the commas?

---

Those comma-separated lists can include spaces, new-lines, carriage-returns and tabs (makes the configuration setting much more readable) ... so long as there's an intervening comma.

What version of Zen Cart is in use on the site? Any debug-logs generated at/around the time of the fake-account creation(s)?

Update: You can also set the Access Blocker's debug setting to 'all' which will also generate a request/response trace of communications to ipdata.co in /logs/ipData.log.

Access Blocker ver. 1.1.0
Zen Cart ver. 1.5.5f

In the configuration in the admin GUI there is only a toggle of debug on or off that creates a log of everything that ipdata has denied but it does not log all the traffic that it let though. I have that on long term and its amazing how many creations it is blocking each month. Over 700 blocks this month.

In includes/classes/ipdata.php
around line 9 is

Quote:

---

if (!defined('IPDATA_LOGGING')) {
define('IPDATA_LOGGING', 'false');

---

If I change that to 'true' or 'all' will it create the file you mention and log all traffic including allowed traffic at /logs/ipdata.log ?

I don' think knowing where they are coming from is going to help me though. Im watching the "who is online" tool all day and am adding every random country that I see that has been on the contact us success page. I keep maxing out my allowed lookups at domaintools.com and am not making a dent in it. Here is what my country block comma separated list looks like so far. IS,NL,SG,ZW,MK,RU,CN,TW,IN,BE,PE,BR,CZ,RO,ZW,TH,UA,DE,BR,VN,SG,BG

Is there a place in the code I can add a feature to "Block by: Create-account Country" ?
100% of these accounts are filling in the customer as a certain country. If I could add that as a filter it would shut them down completely.

Access Blocker's debug simply creates a monthly log of accesses blocked, there's no provision to log all accesses and identify whether it's blocked or not.

The Block by Country and Block by Organization settings require an API call to ipdata.co to retrieve that country/organization information based on the active IP address. Noting, too, that starting with Zen Cart 1.5.2, you have the option of disabling countries so that the base Zen Cart processing will disallow that country from any customer address.

I normally keep Access Blocker's debug set to 'true' and then inspect those monthly blocked-access logs and add any new IP-address blocks to the Block by IP Address setting. The addresses in that list are blocked prior to making an API call to ipdata.co, so that they don't count towards your usage statistics.

Hi, so this you recommended to me a while ago. Is this just for stopping spammers sending mail or can you use it to deny access to the whole website based on IP. I know there are flaws, but its a good start to stop these spamming b@st@rdos

Quote:

---

Originally Posted by ink

Hi, so this you recommended to me a while ago. Is this just for stopping spammers sending mail or can you use it to deny access to the whole website based on IP. I know there are flaws, but its a good start to stop these spamming b@st@rdos

---

In its current form, the plugin's intent is specifically to stop the generation of spam e-mail. The same settings and basic program-flow could also be used to deny access, but that's outside of the scope of this plugin.

OK thank you for confirming

Ink,
This plugin can help you to a degree. It helped me immensely. You need to come at blocking from a few different angles at the same time. Here are a few of the things I have done to knock the fake users down. For me the creation of fake users was the reason I set about blocking certain ip addresses.

1. this plugin. With this plugin you can block certain users from using “contact us” and create account”
You can block by country. Keep an eye on your administration/tools/who's online and every time you see a user on your page /index.php?main_page=contact_us&action=success click the ip address and whois.domaintools.com will tell you the ip location.

In this plugin settings at administration/configuration/access blocker settings there is a block by country section. You use the two character abbreviation for the country code. Here is what my list looks like. Feel free to just copy this into your configuration.
IS,NL,SG,ZW,MK,RU,CN,TW,IN,BE,PE,BR,CZ,RO,ZW,TH,UA,DE,BR,VN,SG,BG,AT,FI,IR,PK,KR ,GA,SE,LT,FR,TR,CH,NO,AR,ZA

While you are in the settings I would suggest adding to the block by create account company filter the name of the famous search engine we all use daily.

Set enable debug to true. With this on you will have a log created that you can look at in FTP that will give you insight on what ipdata.co is blocking

2. in your administration locations/taxes/countries toggle off all the obscure non english language or non European countries that will realistically never order from your site. This will result in it getting rejected when they create a customer with one of these chosen countries. There are a couple countries in particular that the spam bots have chosen for the country ( you may already know what you want to turn off first. It starts with Z and we don't say it out loud here cause the spammers may find this conversation)


3. get a free tier Cloudflare.com account. This will give you a firewall with 5 blocking rules. Block Russia, Ukrane, and China. Then after a few days in cloudflare go under analytics and look at the map of web traffic by country. Block wherever you are getting crazy traffic that wouldn't normally be on your site.

4. Block address by using your .htaccess file. I was using this method for some time and while it is satisfying to catch an ip address in the act and block it or its range it is a game of whack a mole that you will never win. The bots are running 24/7. My .htaccess page is hopelessly long now too. That has to load every time the page loads theoretically slowing the site down.

Quote:

---

Originally Posted by angst

For me the creation of fake users was the reason I set about blocking certain ip addresses.

---

@angst,
This change to core files (and any overrides you may have of those files) will stop a lot of fake account creation, on all Zen Cart versions before v157b:
https://github.com/zencart/zencart/c...0846a49ffe7398

A great new change that's coming in 1.5.8 is recording the IP that creates an account - this will make it easy to identify the troublemakers and block them using Access Blocker.

I will publish instructions on backporting this change to earlier versions soon.

I block IP's from scriptkiddies that can't hide and ones wasting resources SQL scans... however, there have been many that can hide... I never use my true IP, even through I'm not hiding, signed in through my own firewall.
Insert from a website I wont list...

Quote:

---

There are many reasons why you would want a random IP address, as it:

Lets you change your IP location at any time.
Protects you from an IP ban.
Offers you a scalable way to screen scrape any site.

---

Be careful you don't block yourself.. If you do, use a proxy network to get back in...

I've just submitted v1.2.0 of the Access Blocker for the Zen Cart moderators' review. I'll post back here when it's available for download.

This release provides an integration with the One-Page Checkout, disabling its Guest Checkout mode if a blocked IP is in effect. See GitHub issue #9 for additional information.

Supported on an unsuffixed zc157 installation if and only if all current bugfixes have been applied (but it is better if you're using v1.5.7b already).

Quote:

---

Originally Posted by lat9

I've just submitted v1.2.0 of the Access Blocker for the Zen Cart moderators' review. I'll post back here when it's available for download.

This release provides an integration with the One-Page Checkout, disabling its Guest Checkout mode if a blocked IP is in effect. See GitHub issue #9 for additional information.

Supported on an unsuffixed zc157 installation if and only if all current bugfixes have been applied (but it is better if you're using v1.5.7b already).

---

Now available for download: https://www.zen-cart.com/downloads.php?do=file&id=2237

v1.3.0 of Access Blocker is now available for download.

This version adds the zc157+ version of ask_a_question to the list of pages protected; see GitHub issue #10 for additional information.

Now available for download: https://www.zen-cart.com/downloads.php?do=file&id=2237

I've just submitted v1.4.0 of Access Blocker for the Zen Cart moderators' review; I'll post back here when it's available for download.

This version adds configuration settings for an IP-address and an email-address whitelist, enabling a site to 'unblock' a customer whose Internet provider has been recorded as a threat by https://ipdata.co.

Quote:

---

Originally Posted by lat9

I've just submitted v1.4.0 of Access Blocker for the Zen Cart moderators' review; I'll post back here when it's available for download.

This version adds configuration settings for an IP-address and an email-address whitelist, enabling a site to 'unblock' a customer whose Internet provider has been recorded as a threat by https://ipdata.co.

---

Now available for download: https://www.zen-cart.com/downloads.php?do=file&id=2237

I have just installed V1.4 and used the API Key but it is not working on www.rmstitanic100.com!!!

I have used the keywords below ion the window but people are still getting through using some of these keywords.

######,mortgage,############,looking for date,
waiting for you,wants to meet you,
looking for meet,wants to date,
wants to chat,wants for meet,chat,
to see you, waiting for you,
have sent you, wants to see,free
traffic,########

Quote:

---

Originally Posted by irishshopper

I have just installed V1.4 and used the API Key but it is not working on www.rmstitanic100.com!!!

I have used the keywords below ion the window but people are still getting through using some of these keywords.

######,mortgage,############,looking for date,
waiting for you,wants to meet you,
looking for meet,wants to date,
wants to chat,wants for meet,chat,
to see you, waiting for you,
have sent you, wants to see,free
traffic,########

---

Noting that the API key isn't needed for the keyword-based blocks. Which keywords are being allowed vs. blocked (that's bizarre).

Irishshopper
Just spitballing some ideas.
Is it possible the spaces or another character in your keyword blocklist is interfering with it working?

Try making your list just individual words with no spaces after the comma.
Like so

Quote:

---

meet,chat,date,mortgage,traffic,free

---

And of course make sure enable access blocker is set to true.

Since you have set up the ipdata.co key you can go in your site logs and look at what is being blocked by their filter and see if it is working.
The log will be in your sites files somewhere similar to this /public_html/logs/accesses_blocked_2021_08.log

Quote:

---

Originally Posted by angst

Irishshopper
Just spitballing some ideas.
Is it possible the spaces or another character in your keyword blocklist is interfering with it working?

Try making your list just individual words with no spaces after the comma.
Like so


And of course make sure enable access blocker is set to true.

Since you have set up the ipdata.co key you can go in your site logs and look at what is being blocked by their filter and see if it is working.
The log will be in your sites files somewhere similar to this /public_html/logs/accesses_blocked_2021_08.log

---

What @angst said!:smile:

Anyone else find that your logs in your server stopped on 12-31-2021?
I can see in my dashboard at ipdata.co that it is still making blocks daily though.

Quote:

---

Originally Posted by angst

Anyone else find that your logs in your server stopped on 12-31-2021?
I can see in my dashboard at ipdata.co that it is still making blocks daily though.

---

I'm seeing logs from January and February. Maybe you've scared them all off.:smile:

FYI for EU-based webshop:

Quote:

---

Originally Posted by https://docs.ipdata.co

We also offer a dedicated EU endpoint to ensure that the end user data you send us stays in the EU. This has the same functionality as our standard endpoint but routes the request through our EU servers (Paris, Ireland and Frankfurt) only.

---

find in .../includes/classes/ipData.php on line 24:

PHP Code:

---

        curl_setopt($ch, CURLOPT_URL, "https://api.ipdata.co/" . $ip_address . $api_key); 


---

and replace by:

PHP Code:

---

        curl_setopt($ch, CURLOPT_URL, "https://eu-api.ipdata.co/" . $ip_address . $api_key); 


---

This way you aren't in violation with EU rules about privacy.

Quote:

---

Originally Posted by Philibel

FYI for EU-based webshop:



find in .../includes/classes/ipData.php on line 24:

PHP Code:

---

        curl_setopt($ch, CURLOPT_URL, "https://api.ipdata.co/" . $ip_address . $api_key); 


---

and replace by:

PHP Code:

---

        curl_setopt($ch, CURLOPT_URL, "https://eu-api.ipdata.co/" . $ip_address . $api_key); 


---

This way you aren't in violation with EU rules about privacy.

---

Thanks for that, @Philibel. I'll get an update going where you'll be able to specify which of the ipdata.co endpoints you want to use for your store.

GitHub tracking issue: https://github.com/lat9/access_blocker/issues/12

Quote:

---

Originally Posted by lat9

I'm seeing logs from January and February. Maybe you've scared them all off.:smile:

---

Following up to this. I just got shown the answer by a developer that is helping me with my site.

FTP you might not see the logs because the server limits how many files in a directory can be shown.
But if you look at the logs folder with cPanel's file manager you can see them.


The logs that I thought were missing in FTP were indeed visible in Cpanel and were being created each month the whole time.

Quote:

---

Originally Posted by angst

Following up to this. I just got shown the answer by a developer that is helping me with my site.

FTP you might not see the logs because the server limits how many files in a directory can be shown.
But if you look at the logs folder with cPanel's file manager you can see them.


The logs that I thought were missing in FTP were indeed visible in Cpanel and were being created each month the whole time.

---

If you've got that many logs in the /logs directory, you might want to also consider the Log Manager (https://www.zen-cart.com/downloads.php?do=file&id=2123). Although if there are that many log-files present, there are some serious issues going on!

Access Blocker v1.5.0 is now available from the Zen Cart downloads (https://www.zen-cart.com/downloads.php?do=file&id=2237).

This release contains changes associated with the following GitHub issues:

#12: Added a configuration setting to enable the use of the EU-based endpoint.
#13: Added a configuration setting to force accesses after a threat was detected to an HTTP 410 (Gone) response.
#14: Use zen_cfg_read_only as the setting function for the plugin's version.

Documentation suggestion: If might make sense if you're using Access Blocker to turn off Admin > Modules > Payment > PayPal Express Checkout > Express Checkout Shortcut Button.

Quote:

---

Originally Posted by swguy

Documentation suggestion: If might make sense if you're using Access Blocker to turn off Admin > Modules > Payment > PayPal Express Checkout > Express Checkout Shortcut Button.

---

Why is that?

Bad guys could use it to buy things without logging in (and getting blocked by access blocker).

Hi
Can I use this plugin to 1.5.4
One of my client wanted to use it on this version.
Pls advise.
Thanks
Balaji

Quote:

---

Originally Posted by Balaji

Hi
Can I use this plugin to 1.5.4
One of my client wanted to use it on this version.
Pls advise.
Thanks
Balaji

---

While I don't think that the plugin would cause issues on Zen Cart 1.5.4, it might not provide all the features desired since many of the notifications that are used were not introduced until the 1.5.6 (or later) Zen Cart base.

I'm also unsure regarding its operation on the version of PHP in use, as I'm guessing that it's at most PHP 5.6 ... which I've not tested with.

Quote:

---

Originally Posted by lat9

While I don't think that the plugin would cause issues on Zen Cart 1.5.4, it might not provide all the features desired since many of the notifications that are used were not introduced until the 1.5.6 (or later) Zen Cart base.

I'm also unsure regarding its operation on the version of PHP in use, as I'm guessing that it's at most PHP 5.6 ... which I've not tested with.

---

please do not help this deadbeat.

Quote:

---

Originally Posted by Balaji

Hi
Can I use this plugin to 1.5.4
One of my client wanted to use it on this version.
Pls advise.
Thanks
Balaji

---

pay your bill.

zc158;PHP8.1
Access blocker is almost like a miracle cure by keeping all the p-o-r-n pedlars etc out. Use of the Contact Us pages are logged when a user is blocked.
In the filters I have included tor servers and tor exits etc.

Is it possible to also log when the Create Account and the Login pages are blocked. This would allow identification of 'real' potential customers who are using anonymous VPNs (eg Avast) which use the tor network.

Quote:

---

Originally Posted by OldNGrey

zc158;PHP8.1
Access blocker is almost like a miracle cure by keeping all the p-o-r-n pedlars etc out. Use of the Contact Us pages are logged when a user is blocked.
In the filters I have included tor servers and tor exits etc.

Is it possible to also log when the Create Account and the Login pages are blocked. This would allow identification of 'real' potential customers who are using anonymous VPNs (eg Avast) which use the tor network.

---

On every path that the Access Blocker observer takes when it detects that an access is blocked (for whatever reason), the blocking condition is logged.

Quote:

---

Originally Posted by lat9

On every path that the Access Blocker observer takes when it detects that an access is blocked (for whatever reason), the blocking condition is logged.

---

Whoops! Sorry, you are correct of course, my mistake. I missed the one valid customer on a VPN trying to create an account, among all the other blocked entries.

v1.5.1 of the Access Blocker is now available for download: https://www.zen-cart.com/downloads.php?do=file&id=2237.

This release contains changes associated with the following GitHub issues:

#15: Ensure that all class properties are predefined, required for PHP 8.2.
#16: Account for "rolling" session IP addresses.
#17: organization property no longer returned, now in company->name and/or asn->name.

v1.5.2 of Access Blocker is now available for download: https://www.zen-cart.com/downloads.php?do=file&id=2237.

This release contains corrections associated with the following GitHub issues:

#19: Don't send ipdata.co requests for internal IP addresses.
#20: Add commentary to blocked_accesses.php, identifying its purpose and how to use.
#21: Don't block cron-jobs when Totally restrict access on threats is active.
#22: Enable whitelisted IP addresses to regain access after having been found to be a threat.

Thanks lat9! Have a guess as to what kind of percentage reduction on hits to ipdata.co this made? If its significant I may need to try this again.

Quote:

---

Originally Posted by gothstone

Thanks lat9! Have a guess as to what kind of percentage reduction on hits to ipdata.co this made? If its significant I may need to try this again.

---

No clue as to the percentage reduction.

Curious, when I get anon emails like the one below, is it a good practice to add the IP (24.186.216.227) to the blocker or is it possible the IP is spoofed and I could be blocking potential customers?

Quote:

---

From: Augustntq
Mail: ataylorrubottom######################
Telephone: 86377851622

------------------------------------------------------

secular brotherhoods of scribes.

------------------------------------------------------

Office Use Only:
From: Augustntq
Mail: ataylorrubottom######################
Login Name: Not logged in
Login Email: Not logged in
Telephone: Not logged in
IP Address: 24.186.216.227 - 24.186.216.227
Host Address: ool-18bad8e3.dyn.optonline.net
Date and Time: Wed Sep 18 2024 17:41:40 UTC

---

If you're uncertain about the IP address, you could always add more keywords to the contact-us blocking setting.

ZC158a PHP8.2.20 Access Blocker 1.52 (AB) in production
The access blocker plugin was working perfectly with the last entry being on 28 Oct 3:57AM GMT. Since then it has stopped blocking.
I have the same code running on zc158a in test on my inhouse test machine and it is good. The same is running on zc210 test with PHP8.3.4 and AbuseIPDB with results as expected.
I have deleted all relevant AB files from my production server and uploaded fresh files from the latest GitHub version. Deleted all message keywords, email addresses and started from the beginning but it still is not working.

Would you have any insight of where else to start looking?

I have now resolved this issue with AB not working in production. It was a database problem.

My notes from the time show that I extracted all Messages keywords, sorted them. then pasted them back into the admin interface. I had done the same with blocked IP addresses and Blocked Email addresses. Some time after this AB stopped working.

I cleared all of the fields through the interface but it still didn't work.
A copy of the non-working production database did not work in test.

After turning off AB in the Admin interface and turning off logging I deleted the relevant database fields for AB (NOT RECOMMENDED WITHOUT BACKUPS).
On restarting the Admin console, AB was installed afresh. Appropriate keywords etc were added via the interface and AB was turned on.

It is now working and the log file can be read by "blocked_accesses.php"
NOTE: This work was performed and tested in a test environment before applying it to a production database that was taken offline.

Hello, I've installed this plugin but I'm getting a blank/broken index page, log states -

PHP Parse error: syntax error, unexpected '?' in ***** /includes/classes/observers/auto.access_blocker.php on line 40

I make line 40 -

if ($this->isIpWhitelisted($_SERVER['REMOTE_ADDR'] ?? '.') === true) {

I guess that is not really an error and perhaps I need to ask for something to be updated on my server? PHP?

Could you list the requirements? Apologies if I've missed this elsewhere. The plugin looks very useful, I hope I can get it working!

Cheers

Yes, that null-coalesce operator (??) requires PHP 7.4 or later. You can make an edit to your copy by changing that line 40 to the following if you're running an earlier version of PHP:

Code:

---

//if ($this->isIpWhitelisted($_SERVER['REMOTE_ADDR'] ?? '.') === true) {
if ($this->isIpWhitelisted((isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] ? '.')) === true) {

---

Thanks :) ....that then gives me this error in the log:

PHP Parse error: syntax error, unexpected ')' in *** /includes/classes/observers/auto.access_blocker.php on line 41

Maybe it's best if I look into upgrading PHP on the server?

I'm not sure if that's possible or if it might break other areas of the site?! But I can ask my host....

Cheers

My bad. I know better than to post code before my first cup of coffee. That last ? should be a :

//if ($this->isIpWhitelisted($_SERVER['REMOTE_ADDR'] ?? '.') === true) {
if ($this->isIpWhitelisted((isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '.')) === true) {

Thank you! ...now error is unexpected '?' on line 249 which is:

$organization = $_SESSION['ipData']->company->name ?? '';

and there is another double ?? on the line below. Sorry I can't work out what to replace that with! (I'm out of practise and not very knowledgable with PHP).

Quote:

---

Originally Posted by teaj

Thank you! ...now error is unexpected '?' on line 249 which is:

$organization = $_SESSION['ipData']->company->name ?? '';

and there is another double ?? on the line below. Sorry I can't work out what to replace that with! (I'm out of practise and not very knowledgable with PHP).

---

Code:

---

$organization = (isset($_SESSION['ipData']->company->name)) ? $_SESSION['ipData']->company->name : '';

---

That's why that null-coalesce is so great; makes the code much more readable!

Great, it all seems to be working now. I look forward to stopping the spammers! Thanks for your help.

Running ZC 2.1.0

Installed Access Blocker. Struggled to get email verification to work. Ended up using a different email address which then worked. (strange) Anyway, now I'm going over the settings in ZenCart Admin and noticed. (see attached) Basically it wants a user id number from the URL at AbuseIPDB which no longer displays a user ID in the URL. So this seems to be outdated and needs correction or deletion. Or the instructions updated to be useful in finding this information for the field.

Quote:

---

Originally Posted by lynbor

Running ZC 2.1.0

Installed Access Blocker. Struggled to get email verification to work. Ended up using a different email address which then worked. (strange) Anyway, now I'm going over the settings in ZenCart Admin and noticed. (see attached) Basically it wants a user id number from the URL at AbuseIPDB which no longer displays a user ID in the URL. So this seems to be outdated and needs correction or deletion. Or the instructions updated to be useful in finding this information for the field.

---

There's no such setting for Access Blocker; perhaps you were looking for the AbuseIPDB plugin (https://www.zen-cart.com/downloads.p...file&id=2371)?

Quote:

---

Originally Posted by lat9

There's no such setting for Access Blocker; perhaps you were looking for the AbuseIPDB plugin (https://www.zen-cart.com/downloads.p...file&id=2371)?

---

Shoot, my bad. Thanks for the heads up!

I installed Access Blocker and attempted to go to the ipdata dot co site, and my service provider is blocking it because they say it tracks data. I was able to get to the site by taking my phone off wi-fi and using cellular data. Just a heads up if any of you run into that.

Question--I added sectorid dot com to the host address list, and just got another attempted order from an email address on that host. I'd have thought sectorid by itself would have been enough but I entered the .com just in case. Is that the wrong place to put it?

Also, I enabled the log. Do I understand correctly that I will have to wait a month to see anything there?

Quote:

---

Originally Posted by HeleneWallis

Question--I added sectorid dot com to the host address list, and just got another attempted order from an email address on that host. I'd have thought sectorid by itself would have been enough but I entered the .com just in case. Is that the wrong place to put it?

Also, I enabled the log. Do I understand correctly that I will have to wait a month to see anything there?

---

If you want to block all accesses using an email address of [email protected], you'll just enter @sectorid.com as one of the restricted email addresses.

Logs are written at the time an event is detected to a file whose name changes on a monthly basis.

Thanks, I missed needing to include the @ sign.

One other question--I'm still getting flooded with fraudulent attempted orders. They aren't even bothering to use real addresses (or even addresses that look genuine). I do not see how to determine the ip addresses these are coming from. I know a lot of them are coming from the same person, even though they're using different names and addresses, because most of the email addresses are redirecting to a single address. If I could get that person's ip address, I could hopefully stop them from creating new accounts every day. Is there any way in Zencart to find that or am I going to look at my host's logs?

I found the log for Access Blocker and some attempted orders were blocked. It said those orders came through guest checkout, though, and I don't even have that. So I'm not sure how anyone could be using it.

Quote:

---

Originally Posted by HeleneWallis

Thanks, I missed needing to include the @ sign.

One other question--I'm still getting flooded with fraudulent attempted orders. They aren't even bothering to use real addresses (or even addresses that look genuine). I do not see how to determine the ip addresses these are coming from. I know a lot of them are coming from the same person, even though they're using different names and addresses, because most of the email addresses are redirecting to a single address. If I could get that person's ip address, I could hopefully stop them from creating new accounts every day. Is there any way in Zencart to find that or am I going to look at my host's logs?

I found the log for Access Blocker and some attempted orders were blocked. It said those orders came through guest checkout, though, and I don't even have that. So I'm not sure how anyone could be using it.

---

I can't remember when it was introduced, but zc210 for sure displays the IP address with which an order was placed when viewing an order's details in the admin.

Quote:

---

Originally Posted by lat9

I can't remember when it was introduced, but zc210 for sure displays the IP address with which an order was placed when viewing an order's details in the admin.

---

Yes, but these are orders that were declined by my credit card processor. So they don't show up in ZC at all.

I looked through my configuration settings again and I see that I did install One Page Checkout at some point in the past. It is not enabled, but it does have a guest checkout option. How that is being utilized by these people I don't know, but I went into the Disallowed Pages section, where it says "Do not include the login, create_account, password_forgotten or logoff pages in this list!" and added the login and create_account pages anyway. I do not know whether that will do anything to stop these constant new accounts, since One Page Checkout is not enabled, but if they are somehow managing to access the guest checkout, perhaps that will stop them from creating new accounts. I've deleted some accounts over and over and they just keep coming back.