User tracking mod

[twi]

will this mod help in tracking who is doing what at my zc 1.5.1 site? Reason I am asking this is because I notice some really strange behaviors on my site. I can see some ip's in my "Whos Online" page in admin, that some ip's are able to put ridiculous quantities of an item in their shopping cart such as 5000000000 units will I have less than a 100 units in stock in the quantity of that one item.

Does zencart prevent a larger then inventory quantity be added to the shopping cart? it seems like some of these ips' are trying to block my traffic. I want to find out who they are, what exactly are they doing, and be able to block them.

any help is appreciated.

[mc12345678]

will this mod help in tracking who is doing what at my zc 1.5.1 site? Reason I am asking this is because I notice some really strange behaviors on my site. I can see some ip's in my "Whos Online" page in admin, that some ip's are able to put ridiculous quantities of an item in their shopping cart such as 5000000000 units will I have less than a 100 units in stock in the quantity of that one item.

Does zencart prevent a larger then inventory quantity be added to the shopping cart? it seems like some of these ips' are trying to block my traffic. I want to find out who they are, what exactly are they doing, and be able to block them.

any help is appreciated.

So to try to answer, it will let you know what pages have successfully (and completely) loaded (I.e., the footer must be processed), therefore it will show you to what page(s) a session has successfully reached.

Regarding the tracking of what entity is doing this, well, there is a small caveat still at this time. The coding for identifying which records to add to the database already does some filtering as written; however, there were some types of records that were not filtered (hence the added hide spiders functionality). It is planned to overhaul that process so that the show spiders option would show all visitor traffic regardless of being a spider or not (which is more than likely what you have/had going on).

ZC does offer the capability of preventing the more than current quantity from being added to cart capability (or at least from checkout); however, that issue is something I would recommend to bring up in a separate forum/thread. There are multiple settings/ways to "notify" the user/visitor of attempting to add to the cart more quantity than in stock or to prevent that from happening. This plugin though will more than likely provide the information (IP address) of the individual(s) attempting to perform that action. All-in-all it seems to be an attempt to locate security weaknesses that could potentially be exploited. Afterall, if they actually pay for that quantity of product, worst case is that they get a refund for the product not in stock and you make a lot of money otherwise. :)

[twi]

So to try to answer, it will let you know what pages have successfully (and completely) loaded (I.e., the footer must be processed), therefore it will show you to what page(s) a session has successfully reached.

Regarding the tracking of what entity is doing this, well, there is a small caveat still at this time. The coding for identifying which records to add to the database already does some filtering as written; however, there were some types of records that were not filtered (hence the added hide spiders functionality). It is planned to overhaul that process so that the show spiders option would show all visitor traffic regardless of being a spider or not (which is more than likely what you have/had going on).

ZC does offer the capability of preventing the more than current quantity from being added to cart capability (or at least from checkout); however, that issue is something I would recommend to bring up in a separate forum/thread. There are multiple settings/ways to "notify" the user/visitor of attempting to add to the cart more quantity than in stock or to prevent that from happening. This plugin though will more than likely provide the information (IP address) of the individual(s) attempting to perform that action. All-in-all it seems to be an attempt to locate security weaknesses that could potentially be exploited. Afterall, if they actually pay for that quantity of product, worst case is that they get a refund for the product not in stock and you make a lot of money otherwise. :)

Thanks for the prompt reply. I would be ecstatic I they actually want to buy that amount added to the cart. It is in the ten of millions of dollars when they attempt to do that. they would add ridiculous quantities to a handful of products. Of course they are not able to checkout since I have initiated the prevent checkout if quantity is greater than inventory setting in admin. But it really bothers me that they are actually able to put the quantities in the cart. I though that zc prevent it from doing so even though an insufficient quantity warning in read is displayed.

To make thing simple. Is there a way to block certain/specific IP's? I have read something about htaccess but don't understand a thing how to do it. any suggestions?

[mc12345678]

Thanks for the prompt reply. I would be ecstatic I they actually want to buy that amount added to the cart. It is in the ten of millions of dollars when they attempt to do that. they would add ridiculous quantities to a handful of products. Of course they are not able to checkout since I have initiated the prevent checkout if quantity is greater than inventory setting in admin. But it really bothers me that they are actually able to put the quantities in the cart. I though that zc prevent it from doing so even though an insufficient quantity warning in read is displayed.

To make thing simple. Is there a way to block certain/specific IP's? I have read something about htaccess but don't understand a thing how to do it. any suggestions?

It's not difficult; however, I am not on a device that would allow me to look up my current htaccess file (easily). I've done that after I received one after another contact us inquiries, and other obnoxious actions on my site. Ultimately I didn't need anything from that group of servers as there is no way that their business could be gained for our organization. Anyways, it's not difficult;however, if you go for the onsey twosy, you may find that they will try from a different direction. Unfortunately it's a part of being able to be accessed by anyone in the world. Bound to have a few people/computers trying to do something obnoxious.

We had one day over 10000 hits from a single ip. Want to talk about somebody trying to shut down someone. It didn't take us offline but wholly cow!

[twi]

It's not difficult; however, I am not on a device that would allow me to look up my current htaccess file (easily). I've done that after I received one after another contact us inquiries, and other obnoxious actions on my site. Ultimately I didn't need anything from that group of servers as there is no way that their business could be gained for our organization. Anyways, it's not difficult;however, if you go for the onsey twosy, you may find that they will try from a different direction. Unfortunately it's a part of being able to be accessed by anyone in the world. Bound to have a few people/computers trying to do something obnoxious.

We had one day over 10000 hits from a single ip. Want to talk about somebody trying to shut down someone. It didn't take us offline but wholly cow!

Thank you again for the thorough help and insight in this situation. If you do have time later or a few days later, maybe you can send me some links of shoot me some pm concerning how to do it in the htaccess file would be great. Thanks in advance.

[BlessIsaacola]

Here is the latest error message:

[22-Nov-2013 03:11:00 America/New_York] PHP Warning: reset() expects parameter 1 to be array, null given in /adminfolder/user_tracking.php on line 301

I think I am going to disabled this mod temporarily until after Christmas season. I want to make sure I can focus on any error that's genuine in the log and this mod is just filling it up. I will definitely continue to monitor the progress on this though. Thanks!

[mc12345678]

Here is the latest error message: I think I am going to disabled this mod temporarily until after Christmas season. I want to make sure I can focus on any error that's genuine in the log and this mod is just filling it up. I will definitely continue to monitor the progress on this though. Thanks!

Please advise, at that point of using UT to look at the history, were there no records returned/shown?
(For those reviewing this thread, that error iappears from the newly added functionality of displaying the number of visits at the beginning of the display of visitors.)
Odd thing to say/think, but almost glad that there is a problem, that way any additional changes can be incorporated with a fix.looking at adding a check for the last character of strings before sending to SQL and other character sequences specifically in the URL info just to prevent additional errors/warnings can add a flag later, then also to address a zero "volume" return on the array of visitors. Hopefully can submit soon.