Page 3 of 6 FirstFirst 12345 ... LastLast
Results 21 to 30 of 58
  1. #21
    Join Date
    Oct 2007
    Location
    Cornwall/Amsterdam
    Posts
    61
    Plugin Contributions
    0

    Default Re: AbuseIPDB Integration module

    Hi @marcopolo

    I've just tested it, setting my own IP as the test mode IP & can confirm it works on subpages. As far as I'm aware the index.php always fires, then loads in templates, includes etc. It may be a more elegant way to load it, as the block will launch with minimal code being loaded, possibly reducing server load in the process. I chose index.php as according to the program flow in documentation it's the top level page which everything else loads from. With this being a blocking script, it would make sense to expose as little code/server resources as possible.

    Program flow docs https://docs.zen-cart.com/dev/code/program_flow/

    I also set the redirect as a 403 forbidden error as this seemed more appropriate for my usage.

    Code:
    // Redirect to the 404 page
                header('HTTP/1.0 403 Forbidden');
                zen_exit();

  2. #22
    Join Date
    May 2008
    Posts
    443
    Plugin Contributions
    1

    Default Re: AbuseIPDB Integration module

    Quote Originally Posted by johnjlarge View Post
    Hi @marcopolo

    I've just tested it, setting my own IP as the test mode IP & can confirm it works on subpages. As far as I'm aware the index.php always fires, then loads in templates, includes etc. It may be a more elegant way to load it, as the block will launch with minimal code being loaded, possibly reducing server load in the process. I chose index.php as according to the program flow in documentation it's the top level page which everything else loads from. With this being a blocking script, it would make sense to expose as little code/server resources as possible.

    Program flow docs https://docs.zen-cart.com/dev/code/program_flow/

    I also set the redirect as a 403 forbidden error as this seemed more appropriate for my usage.

    Code:
    // Redirect to the 404 page
                header('HTTP/1.0 403 Forbidden');
                zen_exit();
    Your perfectly fine then, apologies for the oversight regarding the index page. I wasn't aware that it loaded on every page. I use one of those SEO page optimizers that rename all my pages to .html pages so I never see the zencart page names. To regards to optimizing server load, the best solution would be to load it from the index page outlined within the flow documentation as you pointed out. A blocked IP, I assume they would just receive a blank page with no content loading from your site?

  3. #23
    Join Date
    Oct 2007
    Location
    Cornwall/Amsterdam
    Posts
    61
    Plugin Contributions
    0

    Default Re: AbuseIPDB Integration module

    That's exactly it. A completely blank page with (in my case) a 403 response. I guess you could set a custom static 403 page via .htaccess to inform the user that their IP is blocked. I couldn't find what was throwing the headers already sent error when using your plugin, so I just worked backwards from the program flow documentation and added the check IP code as early as possible in the code base.

  4. #24
    Join Date
    Oct 2007
    Location
    Cornwall/Amsterdam
    Posts
    61
    Plugin Contributions
    0

    Default Re: AbuseIPDB Integration module

    I've hit another issue. Even though I've signed up as a webmaster & put the button on my website to increase API calls to 5000 on abuseipdb.com, I've hit my ip lookup api limit within 3 hours of a 24-hour period. Does the plugin also cache clean IP's or will it simply look up the same clean IP on every page view, meaning each page view equals one api hit?

  5. #25
    Join Date
    May 2008
    Posts
    443
    Plugin Contributions
    1

    Default Re: AbuseIPDB Integration module

    Yes, the plugin caches both clean and abusive IPs. It only makes an API call if the abuse score is not in the cache or if it has expired.

  6. #26
    Join Date
    Sep 2005
    Location
    Austria
    Posts
    104
    Plugin Contributions
    6

    Default Re: AbuseIPDB Integration module

    Instead of adding a new notifier (NOTIFY_HEADER_START) in includes/templates/YOUR_TEMPLATE/common/tpl_header.php you could also use the existing notifier NOTIFY_HTML_HEAD_START in includes/templates/YOUR_TEMPLATE/common/html_header.php and change in the observer class from NOTIFY_HEADER_START to NOTIFY_HTML_HEAD_START.
    This way there is no change of existing core files required when installing the plugin.

  7. #27
    Join Date
    Oct 2007
    Location
    Cornwall/Amsterdam
    Posts
    61
    Plugin Contributions
    0

    Default Re: AbuseIPDB Integration module

    I'm not sure if the caching is working correctly. I've woken up just now & almost exhausted my API limit for the day at 7:47am

    I just enabled debug mode to check the logs & it would seem it's making a fresh call even for the same ip.

    From the bottom of the first debug log

    [25-May-2023 07:46:22 Europe/London] Checking cache for IP: 54.236.1.11
    [25-May-2023 07:46:22 Europe/London] API call made for IP: 54.236.1.11 with score: 63
    [25-May-2023 07:46:22 Europe/London] IP 54.236.1.11 blocked from API call

    and then the second

    [25-May-2023 07:46:39 Europe/London] Checking cache for IP: 54.236.1.11
    [25-May-2023 07:46:39 Europe/London] API call made for IP: 54.236.1.11 with score: 63
    [25-May-2023 07:46:39 Europe/London] IP 54.236.1.11 blocked from API call

    the third

    [25-May-2023 07:46:43 Europe/London] Checking cache for IP: 54.236.1.11
    [25-May-2023 07:46:44 Europe/London] API call made for IP: 54.236.1.11 with score: 63
    [25-May-2023 07:46:44 Europe/London] IP 54.236.1.11 blocked from API call

    So it would seem they are all the same IP address but they are looking up each time if I'm not mistaken.

  8. #28
    Join Date
    Oct 2007
    Location
    Cornwall/Amsterdam
    Posts
    61
    Plugin Contributions
    0

    Default Re: AbuseIPDB Integration module

    Quote Originally Posted by webchills View Post
    Instead of adding a new notifier (NOTIFY_HEADER_START) in includes/templates/YOUR_TEMPLATE/common/tpl_header.php you could also use the existing notifier NOTIFY_HTML_HEAD_START in includes/templates/YOUR_TEMPLATE/common/html_header.php and change in the observer class from NOTIFY_HEADER_START to NOTIFY_HTML_HEAD_START.
    This way there is no change of existing core files required when installing the plugin.
    Just changed the observer as mentioned here & removed my code from index.php - it does indeed work, blocking works & it also avoids the headers already sent issue I received before. Great observation. Now I just need to solve this caching issue as I'm about to run out of API calls for another day thanks to the same IP's

  9. #29
    Join Date
    Oct 2007
    Location
    Cornwall/Amsterdam
    Posts
    61
    Plugin Contributions
    0

    Default Re: AbuseIPDB Integration module

    Quote Originally Posted by johnjlarge View Post
    I'm not sure if the caching is working correctly. I've woken up just now & almost exhausted my API limit for the day at 7:47am

    I just enabled debug mode to check the logs & it would seem it's making a fresh call even for the same ip.

    From the bottom of the first debug log

    [25-May-2023 07:46:22 Europe/London] Checking cache for IP: 54.236.1.11
    [25-May-2023 07:46:22 Europe/London] API call made for IP: 54.236.1.11 with score: 63
    [25-May-2023 07:46:22 Europe/London] IP 54.236.1.11 blocked from API call

    and then the second

    [25-May-2023 07:46:39 Europe/London] Checking cache for IP: 54.236.1.11
    [25-May-2023 07:46:39 Europe/London] API call made for IP: 54.236.1.11 with score: 63
    [25-May-2023 07:46:39 Europe/London] IP 54.236.1.11 blocked from API call

    the third

    [25-May-2023 07:46:43 Europe/London] Checking cache for IP: 54.236.1.11
    [25-May-2023 07:46:44 Europe/London] API call made for IP: 54.236.1.11 with score: 63
    [25-May-2023 07:46:44 Europe/London] IP 54.236.1.11 blocked from API call

    So it would seem they are all the same IP address, but they are looking up each time if I'm not mistaken.
    Just another observation on this, could it be that known spiders are prevented from creating a session, so the IP isn't cached in the session cache? I could be way off, but my initial investigation is that this IP is pinterestbot which I have as a robot in my zen cart who's online/admin robot definitions.

  10. #30
    Join Date
    Sep 2005
    Location
    Austria
    Posts
    104
    Plugin Contributions
    6

    Default Re: AbuseIPDB Integration module

    Quote Originally Posted by johnjlarge View Post
    Just another observation on this, could it be that known spiders are prevented from creating a session, so the IP isn't cached in the session cache? I could be way off, but my initial investigation is that this IP is pinterestbot which I have as a robot in my zen cart who's online/admin robot definitions.
    Known spiders are definitively prevented from creating sessions

    As you are not using the page_not_found redirect, you could change in the observer class from

    Code:
    // Do not execute the check for the 'page_not_found' page
    		if ($current_page_base == 'page_not_found') {
    			return;
    		}
    to

    Code:
    // Do not execute the check for known spiders
    		if (isset($spider_flag) && $spider_flag === true) {
    			return;
    		}
    to disable the whole thing for known spiders

    I'm not using this on a live site at the moment so cannot really test if its working

 

 
Page 3 of 6 FirstFirst 12345 ... LastLast

Similar Threads

  1. AbuseIPDB integration?
    By marcopolo in forum General Questions
    Replies: 3
    Last Post: 4 May 2022, 06:31 PM
  2. v155 Full Ebay Integration Module
    By Wilkesy in forum All Other Contributions/Addons
    Replies: 9
    Last Post: 19 Jun 2020, 03:29 AM
  3. v156 PayCertify Payment Integration Module
    By PayCertify in forum Addon Payment Modules
    Replies: 1
    Last Post: 1 May 2019, 11:29 PM
  4. Mailchimp Module Integration
    By hamid380 in forum Addon Sideboxes
    Replies: 5
    Last Post: 7 Sep 2011, 01:11 PM
  5. Custom Shipping Module Integration
    By youderian in forum Built-in Shipping and Payment Modules
    Replies: 0
    Last Post: 22 Dec 2008, 05:59 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR