Re: AbuseIPDB Integration module

Originally Posted by
HeathenMagic
Think they must have targetted me this morning as seems 5000 request daily limit already reached! I reckon the previous blocked is tied to Abuse account so it can't retrospectively block those again. I only added one ip to that blacklist file (on top htaccess rules and IP blocked ranges on server).
Yes, it can block those same IPs again — but only if they return after their cache entry expires. By default, the plugin caches each IP’s AbuseIPDB score for 1 day (86400 seconds) under the Cache Time setting. That means once an IP is checked, its score is stored locally and reused until that cache expires — avoiding repeat API calls, but also meaning the system won’t recheck or re-block the same IP until that cache period ends.
If you're seeing a spike in abuse, you can temporarily increase the cache time (to 2–3 days, for example).
172800 = 2 days or 259200 = 3 days
That way:
- Previously flagged IPs stay blocked longer, even without another API call
- You conserve your daily quota (5,000 requests) during surges
- Protection stays active while usage stays within limits
Also, enabling extended caching (High Score Cache Extension) for IPs over a threshold (default score: 100) can stretch cache time even further (defaults to 7 days or longer whatever you set it too via Extended Cache Time).
I’ve seen a huge uptick in bot traffic lately, especially from IPs returning very low or even 0 scores from AbuseIPDB. Something definitely seems to be going on across multiple shops. You’re not the only one running into this pattern.
marcopolo
Zen Cart 2.2.2 | PHP 8.5.4 | MariaDB 10.11.14