Results 1 to 10 of 132

Hybrid View

  1. #1
    Join Date
    May 2008
    Location
    United States
    Posts
    491
    Plugin Contributions
    1

    Default Re: AbuseIPDB Integration module

    I'm facing an issue with the spider detection code. The purpose of this code is to detect spiders/crawlers, if enabled will bypass the api call and creates a log log if enabled as well. However, I've noticed that the log file is not being created even though I can see spiders accessing my site.

    I suspect there might be an issue with the spider detection logic or the file logging process. I would greatly appreciate it if someone with more knowledge and experience could take a look at the code snippet and help me identify the problem.


    PHP Code:
                // Skip API call for known spiders if enabled
                    
    if (isset($spider_flag) && $spider_flag === true && $spider_allow == 'true') {

                        
    // Check if logging is enabled for allowed spiders
                            
    $log_file_name_spiders 'abuseipdb_spiders_' date('Y_m') . '.log';
                            
    $log_file_path_spiders $log_file_path $log_file_name_spiders;
                            
    $log_message date('Y-m-d H:i:s') . ' IP address ' $ip ' Spider - Score: ' $abuseScore PHP_EOL;

                        if (
    $spider_log_enabled == 'true') {            
                            
    file_put_contents($log_file_path_spiders$log_messageFILE_APPEND);
                        }

                    return 
    0// Return 0 score for spiders or whatever default value you want
                    

    I have already verified that the variables ($spider_flag, $spider_allow, $spider_log_enabled, etc.) are correctly set and the paths for the log files are valid.

    Could someone please review the code and provide insights into why the log file is not being created? Any suggestions, improvements, or alternative approaches to spider detection in Zen Cart are also welcome.

    Thank you in advance for your assistance!

  2. #2
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    13,949
    Plugin Contributions
    96

    Default Re: AbuseIPDB Integration module

    Being lazy and not downloading the plugin, if $log_file_path is set to DIR_FS_LOGS, then the $log_file_name_spiders should have a leading '/' since DIR_FS_LOGS doesn't end in that character.

  3. #3
    Join Date
    May 2008
    Location
    United States
    Posts
    491
    Plugin Contributions
    1

    Default Re: AbuseIPDB Integration module

    Quote Originally Posted by lat9 View Post
    Being lazy and not downloading the plugin, if $log_file_path is set to DIR_FS_LOGS, then the $log_file_name_spiders should have a leading '/' since DIR_FS_LOGS doesn't end in that character.
    That is not the issue, the module creates a few different logs which are all working fine. It is just this spider detection one not being created. The log file setting is set within the admin setting of the module, like so for my install: log/

    Here is the admin setting:
    ('Log File Path', 'ABUSEIPDB_LOG_FILE_PATH', 'logs/', 'The path to the directory where log files are stored.', $cgi, now(), 45, NULL, NULL),
    Last edited by marcopolo; 28 May 2023 at 01:21 PM.

  4. #4
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    13,949
    Plugin Contributions
    96

    Default Re: AbuseIPDB Integration module

    The code currently will run that section of code (logging the spider detection) only when the ABUSEIPDB_SPIDER_ALLOW setting's value is true and allow spiders to continue with the checks when false; was that the intent?

  5. #5
    Join Date
    May 2008
    Location
    United States
    Posts
    491
    Plugin Contributions
    1

    Default Re: AbuseIPDB Integration module

    Quote Originally Posted by lat9 View Post
    The code currently will run that section of code (logging the spider detection) only when the ABUSEIPDB_SPIDER_ALLOW setting's value is true and allow spiders to continue with the checks when false; was that the intent?
    Yes that is the intent, if you allow spiders then this will allow you to avoid an api call check for them, if you do not allow them then the module checks their ip like any other users ip for an abuse score and will allow or block them based on your set threshold.

  6. #6
    Join Date
    May 2008
    Location
    United States
    Posts
    491
    Plugin Contributions
    1

    Default Re: AbuseIPDB Integration module

    For testing purposes, I've hardcoded my IP address ('xxx.xxx.xxx.xxx') and manually set $spider_flag to true. The intention is to simulate a scenario where a known spider accesses the website.

    Here's the relevant code snippet:

    PHP Code:
    // Hardcoding the IP for testing
    $ip 'xxx.xxx.xxx.xxx';
    $spider_flag = ($ip == 'xxx.xxx.xxx.xxx') ? true $spider_flag// Set $spider_flag to true if the IP is xxx.xxx.xxx.xxx

    // Skip API call for known spiders if enabled
    if (isset($spider_flag) && $spider_flag === true && $spider_allow == 'true') {

        
    // Check if logging is enabled for allowed spiders
        
    $log_file_name_spiders 'abuseipdb_spiders_' date('Y_m') . '.log';
        
    $log_file_path_spiders $log_file_path $log_file_name_spiders;
        
    $log_message date('Y-m-d H:i:s') . ' IP address ' $ip ' is identified as a Spider. AbuseIPDB API check was bypassed.' PHP_EOL;

        if (
    $spider_log_enabled == 'true') {            
            
    file_put_contents($log_file_path_spiders$log_messageFILE_APPEND);
        }

        return 
    0// Return 0 score for spiders or whatever default value you want

    The test setup, wherein I've hardcoded my IP and set $spider_flag to true, results in successful logging - a log file gets created as expected. This suggests that the issue is unlikely with the logging mechanism itself.

    Moreover, while monitoring the 'Who is Online' section, I've noticed several spiders accessing the site. However, the corresponding spider log file has not been created, leading me to believe that the spider detection part of the code is not working as expected.

    To summarize, while my test setup with hardcoded values demonstrates that the logging functionality is intact, it appears that under normal site operation, spiders are not being correctly detected and logged.

    It brings us to an interesting dilemma. If 'Who is Online' is accurately identifying spiders, then it appears that my spider detection code is not functioning correctly. However, if my code is working properly and there haven't been any spider visits that Zen Cart would identify as spiders, then 'Who is Online' might be giving false positives. Either way, there seems to be a discrepancy that warrants further investigation.

    I'd appreciate any insights or suggestions on this matter.

  7. #7
    Join Date
    May 2008
    Location
    United States
    Posts
    491
    Plugin Contributions
    1

    Default Re: AbuseIPDB Integration module

    This may be an alternative way detect spiders:

    PHP Code:
                // Skip API call for known spiders if enabled
                
    $user_agent $_SERVER['HTTP_USER_AGENT'];
                
    $spiders_file DIR_WS_INCLUDES 'spiders.txt';
                
    $spiders file($spiders_fileFILE_IGNORE_NEW_LINES FILE_SKIP_EMPTY_LINES);

                foreach (
    $spiders as $spider) {
                    if (
    strpos($user_agent$spider) !== false) {
                    
    $spider_flag true;
                    break;
                    }
                }
                    if (
    $spider_flag && $spider_allow == 'true') {

                        
    // Check if logging is enabled for allowed spiders
                            
    $log_file_name_spiders 'abuseipdb_spiders_' date('Y_m') . '.log';
                            
    $log_file_path_spiders $log_file_path $log_file_name_spiders;
                            
    $log_message date('Y-m-d H:i:s') . ' IP address ' $ip ' is identified as a Spider. AbuseIPDB API check was bypassed.' PHP_EOL;

                        if (
    $spider_log_enabled == 'true') {            
                            
    file_put_contents($log_file_path_spiders$log_messageFILE_APPEND);
                        }

                    return 
    0// Return 0 score for spiders or whatever default value you want
                    


  8. #8
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    13,949
    Plugin Contributions
    96

    Default Re: AbuseIPDB Integration module

    Noting that the $spider_flag is set IFF SESSION_FORCE_COOKIE_USE != 'True' and SESSION_BLOCK_SPIDERS == 'True' (from the zc158 /includes/init_includes/init_sessions.php lines 70-84).

    Don't know if that helps ...

 

 

Similar Threads

  1. AbuseIPDB integration?
    By marcopolo in forum General Questions
    Replies: 3
    Last Post: 4 May 2022, 06:31 PM
  2. v155 Full Ebay Integration Module
    By Wilkesy in forum All Other Contributions/Addons
    Replies: 9
    Last Post: 19 Jun 2020, 03:29 AM
  3. v156 PayCertify Payment Integration Module
    By PayCertify in forum Addon Payment Modules
    Replies: 1
    Last Post: 1 May 2019, 11:29 PM
  4. Mailchimp Module Integration
    By hamid380 in forum Addon Sideboxes
    Replies: 5
    Last Post: 7 Sep 2011, 01:11 PM
  5. Custom Shipping Module Integration
    By youderian in forum Built-in Shipping and Payment Modules
    Replies: 0
    Last Post: 22 Dec 2008, 05:59 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg