Hundreds of Visitors with Large Carts

**bumba000** · 28 Dec 2017, 03:50 PM

Hi All,
Running 1.5.5e on PHP7. Wondering if there's a way to prevent this from happening. I'm getting hundreds of international visitors with hundreds of items in their basket. I would imagine it's taking a toll on the server be-it a small one but a toll none the less. I'm not so much concerned about that at this point, just irritated by the traffic showing up in who's online and user tracking.

Thank You, John

**mc12345678** · 28 Dec 2017, 05:04 PM

So as you may know, the ability of real/live visitors to add product to their cart (and purchase) is not directly prevented by such "imaginary" customers possibly placing all available product in their cart. First one to check out wins. So yes, just affecting resources and "observations" of the site traffic.

Such "international" traffic is unfortunately common, but also may be coming from one of the potentially "trouble" areas. It could also be a regular bot's way of indexing. Thing is, whatever is visiting is not providing information that ZC can use to classify the visit as coming from a spider. Basically, to not see that traffic in the who's online and user tracking areas, the visitor has to not be counted as a session deserving visitor. This can be through the filters that ZC provides and the associated spiders.txt file and/or as a rule to accessing the server (cPanel or htaccess) to block a specific list of visitors (though this list may need to periodically be updated and considered in the event a valid customer may be in the affected area(s)).

**RixStix** · 28 Dec 2017, 05:44 PM

On some of those International visitors, we use DrByte's 'block bad bot' plugin when we can identify a specific User-Agent that we choose to be not important for our business purpose.

**bumba000** · 28 Dec 2017, 07:01 PM

Yeah, they aren't registering as bots, each have different user agents and 99% of them are international. Unfortunately some are originating from countries which are currently in the ConfigServer Firewall CC_DENY list. So, it's just been a game of deleting each session that I see and blocking the IP in htaccess, but they seem to have an unlimited supply of IP's.

**bumba000** · 28 Dec 2017, 08:28 PM

I have written a solution! Create a database table by running following sql

Code:

CREATE TABLE `bannedIPS` (
  `id` int(11) NOT NULL,
  `banip` varchar(16) NOT NULL DEFAULT ''
);

then in includes/templates/YOUR_TEMPLATE/common/html_header.php
just below the lines

Code:

$zco_notifier->notify('NOTIFY_HTML_HEAD_START', $current_page_base, $template_dir);

// Prevent clickjacking risks by setting X-Frame-Options:SAMEORIGIN
header('X-Frame-Options:SAMEORIGIN');

add

Code:

//BOF Bot Cart Builder Stopper
$visitorIP = $_SERVER['REMOTE_ADDR'];
    
if(sizeof($_SESSION['cart']->get_products()) > 50){
    $db->Execute("INSERT INTO bannedIPS (banip) VALUES ('" . $visitorIP . "')");
}

$bannedIPLQ = $db->Execute("SELECT * FROM bannedIPS");
$bannedIPS = array();
while(!$bannedIPLQ->EOF){
    $bannedIPS[] = trim($bannedIPLQ->fields['banip']);
    $bannedIPLQ->MoveNext();
}

if(in_array($visitorIP, $bannedIPS)){
    header('location:https://www.google.com');
}
//EOF Bot Cart Builder Stopper

The number 50 can be changed to whatever suits your site best. This is the count of the total number of different products currently in the visitors cart. They can still have 100 of an individual product, but can't have more than 50 different products. We have (in 10 years) never had a customer purchase 50 different products at one time, but I know that each business is different.

Thanks, John

**solo_400** · 28 Dec 2017, 09:26 PM

your solution might turn out very useful to me one day. Thank you!

**swguy** · 29 Dec 2017, 08:31 PM

Maybe randomize the number 50 so that it's between (say) 35 and 50, so they don't figure out your algorithm so quickly.

**bumba000** · 29 Dec 2017, 09:08 PM

SWGuy. Good call! See revised code...

Code:

//BOF Bot Cart Builder Stopper
$visitorIP = $_SERVER['REMOTE_ADDR'];

//set min and max values here
$itemsInBasket = rand(35, 50);

if(sizeof($_SESSION['cart']->get_products()) > $itemsInBasket){
    $db->Execute("INSERT INTO bannedIPS (banip) VALUES ('" . $visitorIP . "')");
}

$bannedIPLQ = $db->Execute("SELECT * FROM bannedIPS");
$bannedIPS = array();
while(!$bannedIPLQ->EOF){
    $bannedIPS[] = trim($bannedIPLQ->fields['banip']);
    $bannedIPLQ->MoveNext();
}

if(in_array($visitorIP, $bannedIPS)){
    header('location:https://www.google.com');
    http_response_code(404);
    die();
}
//EOF Bot Cart Builder Stopper

Thanks, John