Results 1 to 10 of 132

Hybrid View

  1. #1
    Join Date
    Oct 2007
    Location
    Cornwall/Amsterdam
    Posts
    61
    Plugin Contributions
    0

    Default Re: AbuseIPDB Integration module

    I'm not sure if the caching is working correctly. I've woken up just now & almost exhausted my API limit for the day at 7:47am

    I just enabled debug mode to check the logs & it would seem it's making a fresh call even for the same ip.

    From the bottom of the first debug log

    [25-May-2023 07:46:22 Europe/London] Checking cache for IP: 54.236.1.11
    [25-May-2023 07:46:22 Europe/London] API call made for IP: 54.236.1.11 with score: 63
    [25-May-2023 07:46:22 Europe/London] IP 54.236.1.11 blocked from API call

    and then the second

    [25-May-2023 07:46:39 Europe/London] Checking cache for IP: 54.236.1.11
    [25-May-2023 07:46:39 Europe/London] API call made for IP: 54.236.1.11 with score: 63
    [25-May-2023 07:46:39 Europe/London] IP 54.236.1.11 blocked from API call

    the third

    [25-May-2023 07:46:43 Europe/London] Checking cache for IP: 54.236.1.11
    [25-May-2023 07:46:44 Europe/London] API call made for IP: 54.236.1.11 with score: 63
    [25-May-2023 07:46:44 Europe/London] IP 54.236.1.11 blocked from API call

    So it would seem they are all the same IP address but they are looking up each time if I'm not mistaken.

  2. #2
    Join Date
    Oct 2007
    Location
    Cornwall/Amsterdam
    Posts
    61
    Plugin Contributions
    0

    Default Re: AbuseIPDB Integration module

    Quote Originally Posted by johnjlarge View Post
    I'm not sure if the caching is working correctly. I've woken up just now & almost exhausted my API limit for the day at 7:47am

    I just enabled debug mode to check the logs & it would seem it's making a fresh call even for the same ip.

    From the bottom of the first debug log

    [25-May-2023 07:46:22 Europe/London] Checking cache for IP: 54.236.1.11
    [25-May-2023 07:46:22 Europe/London] API call made for IP: 54.236.1.11 with score: 63
    [25-May-2023 07:46:22 Europe/London] IP 54.236.1.11 blocked from API call

    and then the second

    [25-May-2023 07:46:39 Europe/London] Checking cache for IP: 54.236.1.11
    [25-May-2023 07:46:39 Europe/London] API call made for IP: 54.236.1.11 with score: 63
    [25-May-2023 07:46:39 Europe/London] IP 54.236.1.11 blocked from API call

    the third

    [25-May-2023 07:46:43 Europe/London] Checking cache for IP: 54.236.1.11
    [25-May-2023 07:46:44 Europe/London] API call made for IP: 54.236.1.11 with score: 63
    [25-May-2023 07:46:44 Europe/London] IP 54.236.1.11 blocked from API call

    So it would seem they are all the same IP address, but they are looking up each time if I'm not mistaken.
    Just another observation on this, could it be that known spiders are prevented from creating a session, so the IP isn't cached in the session cache? I could be way off, but my initial investigation is that this IP is pinterestbot which I have as a robot in my zen cart who's online/admin robot definitions.

  3. #3
    Join Date
    Sep 2005
    Location
    Austria
    Posts
    104
    Plugin Contributions
    6

    Default Re: AbuseIPDB Integration module

    Quote Originally Posted by johnjlarge View Post
    Just another observation on this, could it be that known spiders are prevented from creating a session, so the IP isn't cached in the session cache? I could be way off, but my initial investigation is that this IP is pinterestbot which I have as a robot in my zen cart who's online/admin robot definitions.
    Known spiders are definitively prevented from creating sessions

    As you are not using the page_not_found redirect, you could change in the observer class from

    Code:
    // Do not execute the check for the 'page_not_found' page
    		if ($current_page_base == 'page_not_found') {
    			return;
    		}
    to

    Code:
    // Do not execute the check for known spiders
    		if (isset($spider_flag) && $spider_flag === true) {
    			return;
    		}
    to disable the whole thing for known spiders

    I'm not using this on a live site at the moment so cannot really test if its working

  4. #4
    Join Date
    Oct 2007
    Location
    Cornwall/Amsterdam
    Posts
    61
    Plugin Contributions
    0

    Default Re: AbuseIPDB Integration module

    Quote Originally Posted by webchills View Post
    Known spiders are definitively prevented from creating sessions

    As you are not using the page_not_found redirect, you could change in the observer class from

    Code:
    // Do not execute the check for the 'page_not_found' page
    		if ($current_page_base == 'page_not_found') {
    			return;
    		}
    to

    Code:
    // Do not execute the check for known spiders
    		if (isset($spider_flag) && $spider_flag === true) {
    			return;
    		}
    to disable the whole thing for known spiders

    I'm not using this on a live site at the moment so cannot really test if its working
    I've changed the code as suggested, but I'll have to wait until tomorrow when my api quota resets to see if it works for spiders. If it works that is quite an elegant fix as I manually block bad bot useragents via .htaccess before they load anything from my site.

  5. #5
    Join Date
    May 2008
    Location
    United States
    Posts
    491
    Plugin Contributions
    1

    Default Re: AbuseIPDB Integration module

    Quote Originally Posted by webchills View Post
    Known spiders are definitively prevented from creating sessions

    As you are not using the page_not_found redirect, you could change in the observer class from

    Code:
    // Do not execute the check for the 'page_not_found' page
    		if ($current_page_base == 'page_not_found') {
    			return;
    		}
    to

    Code:
    // Do not execute the check for known spiders
    		if (isset($spider_flag) && $spider_flag === true) {
    			return;
    		}
    to disable the whole thing for known spiders

    I'm not using this on a live site at the moment so cannot really test if its working


    Great solution this modification in the code introduces an additional check to prevent unnecessary IP abuse checks.

    If the current page is a 'page_not_found', the IP abuse check will be skipped.
    If the visitor is a known web spider or bot, the IP abuse check will also be skipped.

    This reduces unnecessary API calls to AbuseIPDB when traffic comes from known web spiders or bots, which are usually harmless.

    PHP Code:
    // Do not execute the check for the 'page_not_found' page or for known spiders
    if ($current_page_base == 'page_not_found' || (isset($spider_flag) && $spider_flag === true)) {
        return;


  6. #6
    Join Date
    Oct 2007
    Location
    Cornwall/Amsterdam
    Posts
    61
    Plugin Contributions
    0

    Default Re: AbuseIPDB Integration module

    Quote Originally Posted by marcopolo View Post
    Great solution this modification in the code introduces an additional check to prevent unnecessary IP abuse checks.

    If the current page is a 'page_not_found', the IP abuse check will be skipped.
    If the visitor is a known web spider or bot, the IP abuse check will also be skipped.

    This reduces unnecessary API calls to AbuseIPDB when traffic comes from known web spiders or bots, which are usually harmless.

    PHP Code:
    // Do not execute the check for the 'page_not_found' page or for known spiders
    if ($current_page_base == 'page_not_found' || (isset($spider_flag) && $spider_flag === true)) {
        return;

    I've changed the modification to this to exclude spiders & 404. Just have to wait until tomorrow to check if block caching is now fully working, but on test mode all seems well. This mod seems to be evolving quickly, but it will do wonders to keep the worst offenders away & reduce my manual blocking workload massively.

    Thank you all.

  7. #7
    Join Date
    Oct 2007
    Location
    Cornwall/Amsterdam
    Posts
    61
    Plugin Contributions
    0

    Default Re: AbuseIPDB Integration module

    Also, as an aside in case anyone else wants to include an error message on their block page, I'm still serving a 403 but now echoing a browser message as follows.

    Code:
       header('HTTP/1.0 403 Forbidden');
                    echo 'You are forbidden! Your IP Address is marked as malicious in the abuseipdb.com database';
                    zen_exit();

  8. #8
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,701
    Plugin Contributions
    11

    Default Re: AbuseIPDB Integration module

    Any chance we can get a github link to avoid having to add, delete, rinse, repeat?
    A little help with colors.
    myZenCartHost.com - Zen Cart Certified, PCI Compatible Hosting by JEANDRET
    Free SSL & Domain with semi-annual and longer hosting. Updating 1.5.2 and Up.

  9. #9
    Join Date
    May 2008
    Location
    United States
    Posts
    491
    Plugin Contributions
    1

    Default Re: AbuseIPDB Integration module

    Quote Originally Posted by dbltoe View Post
    Any chance we can get a github link to avoid having to add, delete, rinse, repeat?

    Here is the GitHub link: https://github.com/CcMarc/AbuseIPDB.git

 

 

Similar Threads

  1. AbuseIPDB integration?
    By marcopolo in forum General Questions
    Replies: 3
    Last Post: 4 May 2022, 06:31 PM
  2. v155 Full Ebay Integration Module
    By Wilkesy in forum All Other Contributions/Addons
    Replies: 9
    Last Post: 19 Jun 2020, 03:29 AM
  3. v156 PayCertify Payment Integration Module
    By PayCertify in forum Addon Payment Modules
    Replies: 1
    Last Post: 1 May 2019, 11:29 PM
  4. Mailchimp Module Integration
    By hamid380 in forum Addon Sideboxes
    Replies: 5
    Last Post: 7 Sep 2011, 01:11 PM
  5. Custom Shipping Module Integration
    By youderian in forum Built-in Shipping and Payment Modules
    Replies: 0
    Last Post: 22 Dec 2008, 05:59 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg