Page 5 of 9 FirstFirst ... 34567 ... LastLast
Results 41 to 50 of 81
  1. #41
    Join Date
    May 2008
    Location
    United States
    Posts
    454
    Plugin Contributions
    1

    Default Re: AbuseIPDB Integration module

    Quote Originally Posted by lat9 View Post
    Being lazy and not downloading the plugin, if $log_file_path is set to DIR_FS_LOGS, then the $log_file_name_spiders should have a leading '/' since DIR_FS_LOGS doesn't end in that character.
    That is not the issue, the module creates a few different logs which are all working fine. It is just this spider detection one not being created. The log file setting is set within the admin setting of the module, like so for my install: log/

    Here is the admin setting:
    ('Log File Path', 'ABUSEIPDB_LOG_FILE_PATH', 'logs/', 'The path to the directory where log files are stored.', $cgi, now(), 45, NULL, NULL),
    Last edited by marcopolo; 28 May 2023 at 01:21 PM.

  2. #42
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    13,197
    Plugin Contributions
    90

    Default Re: AbuseIPDB Integration module

    The code currently will run that section of code (logging the spider detection) only when the ABUSEIPDB_SPIDER_ALLOW setting's value is true and allow spiders to continue with the checks when false; was that the intent?

  3. #43
    Join Date
    May 2008
    Location
    United States
    Posts
    454
    Plugin Contributions
    1

    Default Re: AbuseIPDB Integration module

    Quote Originally Posted by lat9 View Post
    The code currently will run that section of code (logging the spider detection) only when the ABUSEIPDB_SPIDER_ALLOW setting's value is true and allow spiders to continue with the checks when false; was that the intent?
    Yes that is the intent, if you allow spiders then this will allow you to avoid an api call check for them, if you do not allow them then the module checks their ip like any other users ip for an abuse score and will allow or block them based on your set threshold.

  4. #44
    Join Date
    May 2008
    Location
    United States
    Posts
    454
    Plugin Contributions
    1

    Default Re: AbuseIPDB Integration module

    For testing purposes, I've hardcoded my IP address ('xxx.xxx.xxx.xxx') and manually set $spider_flag to true. The intention is to simulate a scenario where a known spider accesses the website.

    Here's the relevant code snippet:

    PHP Code:
    // Hardcoding the IP for testing
    $ip 'xxx.xxx.xxx.xxx';
    $spider_flag = ($ip == 'xxx.xxx.xxx.xxx') ? true $spider_flag// Set $spider_flag to true if the IP is xxx.xxx.xxx.xxx

    // Skip API call for known spiders if enabled
    if (isset($spider_flag) && $spider_flag === true && $spider_allow == 'true') {

        
    // Check if logging is enabled for allowed spiders
        
    $log_file_name_spiders 'abuseipdb_spiders_' date('Y_m') . '.log';
        
    $log_file_path_spiders $log_file_path $log_file_name_spiders;
        
    $log_message date('Y-m-d H:i:s') . ' IP address ' $ip ' is identified as a Spider. AbuseIPDB API check was bypassed.' PHP_EOL;

        if (
    $spider_log_enabled == 'true') {            
            
    file_put_contents($log_file_path_spiders$log_messageFILE_APPEND);
        }

        return 
    0// Return 0 score for spiders or whatever default value you want

    The test setup, wherein I've hardcoded my IP and set $spider_flag to true, results in successful logging - a log file gets created as expected. This suggests that the issue is unlikely with the logging mechanism itself.

    Moreover, while monitoring the 'Who is Online' section, I've noticed several spiders accessing the site. However, the corresponding spider log file has not been created, leading me to believe that the spider detection part of the code is not working as expected.

    To summarize, while my test setup with hardcoded values demonstrates that the logging functionality is intact, it appears that under normal site operation, spiders are not being correctly detected and logged.

    It brings us to an interesting dilemma. If 'Who is Online' is accurately identifying spiders, then it appears that my spider detection code is not functioning correctly. However, if my code is working properly and there haven't been any spider visits that Zen Cart would identify as spiders, then 'Who is Online' might be giving false positives. Either way, there seems to be a discrepancy that warrants further investigation.

    I'd appreciate any insights or suggestions on this matter.

  5. #45
    Join Date
    May 2008
    Location
    United States
    Posts
    454
    Plugin Contributions
    1

    Default Re: AbuseIPDB Integration module

    This may be an alternative way detect spiders:

    PHP Code:
                // Skip API call for known spiders if enabled
                
    $user_agent $_SERVER['HTTP_USER_AGENT'];
                
    $spiders_file DIR_WS_INCLUDES 'spiders.txt';
                
    $spiders file($spiders_fileFILE_IGNORE_NEW_LINES FILE_SKIP_EMPTY_LINES);

                foreach (
    $spiders as $spider) {
                    if (
    strpos($user_agent$spider) !== false) {
                    
    $spider_flag true;
                    break;
                    }
                }
                    if (
    $spider_flag && $spider_allow == 'true') {

                        
    // Check if logging is enabled for allowed spiders
                            
    $log_file_name_spiders 'abuseipdb_spiders_' date('Y_m') . '.log';
                            
    $log_file_path_spiders $log_file_path $log_file_name_spiders;
                            
    $log_message date('Y-m-d H:i:s') . ' IP address ' $ip ' is identified as a Spider. AbuseIPDB API check was bypassed.' PHP_EOL;

                        if (
    $spider_log_enabled == 'true') {            
                            
    file_put_contents($log_file_path_spiders$log_messageFILE_APPEND);
                        }

                    return 
    0// Return 0 score for spiders or whatever default value you want
                    


  6. #46
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    13,197
    Plugin Contributions
    90

    Default Re: AbuseIPDB Integration module

    Noting that the $spider_flag is set IFF SESSION_FORCE_COOKIE_USE != 'True' and SESSION_BLOCK_SPIDERS == 'True' (from the zc158 /includes/init_includes/init_sessions.php lines 70-84).

    Don't know if that helps ...

  7. #47
    Join Date
    May 2008
    Location
    United States
    Posts
    454
    Plugin Contributions
    1

    Default Re: AbuseIPDB Integration module

    Quote Originally Posted by lat9 View Post
    Noting that the $spider_flag is set IFF SESSION_FORCE_COOKIE_USE != 'True' and SESSION_BLOCK_SPIDERS == 'True' (from the zc158 /includes/init_includes/init_sessions.php lines 70-84).

    Don't know if that helps ...

    I stumbled on that during my debugging and my settings are inline with that:

    Based on my settings (SESSION_FORCE_COOKIE_USE = false and SESSION_BLOCK_SPIDERS = true), the spider detection code should work as intended, but it is not.

  8. #48
    Join Date
    May 2008
    Location
    United States
    Posts
    454
    Plugin Contributions
    1

    Default Re: AbuseIPDB Integration module

    I have been testing the spider detection functionality in Zen Cart to recognize my user agent string as a spider. However, I'm experiencing unexpected behavior and the spider detection does not seem to be working as intended.

    Steps taken:

    Modified the spiders.txt file to include the necessary entry for the user agent string I want to identify as a spider. in my case my user agent is:
    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36

    so I added: gecko to the spiders.txt

    Added debug logging statements in the code to check the values of the spider blocking flag and spider flag variables.

    PHP Code:
    // Log the spider flag value for debugging
    if (defined('SESSION_BLOCK_SPIDERS')) {
        
    error_log('AbuseIPDB Check - Spider Blocking Enabled: ' . (SESSION_BLOCK_SPIDERS 'true' 'false'));
    } else {
        
    error_log('AbuseIPDB Check - Spider Blocking status is not defined.');
    }

    if (isset(
    $spider_flag)) {
        
    error_log('AbuseIPDB Check - Spider Flag: ' . ($spider_flag 'true' 'false'));
    } else {
        
    error_log('AbuseIPDB Check - Spider Flag is not set.');

    Expected the debug logs to be created and indicate that the spider blocking flag is enabled and the spider flag is set to true.

    However, the debug logs were NOT created when the user agent string matched the entry in spiders.txt, but they were created when I removed the entry.

    Possible considerations:

    Is there additional logic or conditions in the spider detection mechanism that I might be missing?
    Are there other files or functions involved in the spider detection process that I should review?
    Could there be any conflicting factors or checks affecting the spider detection outcome?

    I kindly request the assistance of the Zen Cart community in understanding and resolving this issue. Any insights, suggestions, or guidance would be greatly appreciated.

    Thank you for your time and assistance.

  9. #49
    Join Date
    Oct 2007
    Location
    Cornwall/Amsterdam
    Posts
    61
    Plugin Contributions
    0

    Default Re: AbuseIPDB Integration module

    Just a thought.

    Could it be that the spiders detection/do not allow sessions for spiders code happens further down in the code stack, so the abuseipdb plugin does its api lookup/redirect before the useragent is detected as a spider from the spiders.txt file?

  10. #50
    Join Date
    May 2008
    Location
    United States
    Posts
    454
    Plugin Contributions
    1

    Default Re: AbuseIPDB Integration module

    Quote Originally Posted by johnjlarge View Post
    Just a thought.

    Could it be that the spiders detection/do not allow sessions for spiders code happens further down in the code stack, so the abuseipdb plugin does its api lookup/redirect before the useragent is detected as a spider from the spiders.txt file?
    I checked that I think it's good from the program flow I referenced:
    https://docs.zen-cart.com/dev/code/program_flow/

    Set up and start session if valid session is above where this module comes in which is: NOTIFY_HTML_HEAD_START (the /includes/templates/common/html_header.php) unless I'm missing something. I tried going further down the list which did not resolve the issue.

 

 
Page 5 of 9 FirstFirst ... 34567 ... LastLast

Similar Threads

  1. AbuseIPDB integration?
    By marcopolo in forum General Questions
    Replies: 3
    Last Post: 4 May 2022, 06:31 PM
  2. v155 Full Ebay Integration Module
    By Wilkesy in forum All Other Contributions/Addons
    Replies: 9
    Last Post: 19 Jun 2020, 03:29 AM
  3. v156 PayCertify Payment Integration Module
    By PayCertify in forum Addon Payment Modules
    Replies: 1
    Last Post: 1 May 2019, 11:29 PM
  4. Mailchimp Module Integration
    By hamid380 in forum Addon Sideboxes
    Replies: 5
    Last Post: 7 Sep 2011, 01:11 PM
  5. Custom Shipping Module Integration
    By youderian in forum Built-in Shipping and Payment Modules
    Replies: 0
    Last Post: 22 Dec 2008, 05:59 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR