Jump to content

IP Control, is there a way


digiscrapcafe

Recommended Posts

If this is in the wrong place, please move.

I have been having trouble with spammers registering for my store, and signing up to the newsletter, but of course they do not buy anything, or add an address, only a spammers name, and bogus generated address. and same IP over and over. This has been going on for the second week now.

Is there a way to block certain IPS from accessing the store, or at least stop an IP from registering or creating an account.

This is getting real annoying, and I don't understand what the purpose is, considering I am not a blog or social network...

Are they trying to see if they can hack or something...

here is the latest one, same ip..

RandyveicsFP - [email protected] - 199.168.97.28

Link to comment
Share on other sites

The CubeCart Security Suite may be a solution.

Coming from only one IP address -- you are lucky. A store I manage has them coming from all over (probably forged). And I did get a registration earlier today from the IP address you mentioned.

Hopefully, in CC6.1, there will be a bulk delete of customers from the admin Customer List. (I have incorporated this in that store.)

I do not understand the purpose either, other than what I suppose is the fact that this is a 'bot' auto-posting to registration forms of any and all types - not caring what extra information may be included which is not asked for (and CubeCart discards), and certainly not caring what the registration form is for.

Maybe there is something in the posted data (which CubeCart would discard) that might provide for a poisoning of the database, but I am convinced the 'bot' simply posts and does not listen for a response.

Another user on these forums has implemented a check of submitted registration data that if the first and last names are identical - as is 99% of these instances - to simply exit.

Link to comment
Share on other sites

unfortunately, I had to shut my captcha off because it only works apparantly with foundation, and not with the other free templates. I am using Kurouto now, and if I turn Captcha on, then it does not show up on the check out page.

Would the captcha help deter this, or do they have means of getting around it

 

Also looking at the security link you added, it looks good and is free, but is there any known problems from anyone in installing this. I would be using the instant install, cause I am cpanel stupid

Link to comment
Share on other sites

Unfortunately, my research tells me that Google's reCaptcha (used by CC6) has been thoroughly compromised.

As for the CSS plugin, I only recall one user having some problems because of a fundamental misunderstanding regarding the instructions related to a particular setting and what that setting was meant to accomplish. Once that settings intent and how to use it was explained using different words, that user was able to use the plugin with no issues.

Link to comment
Share on other sites

so I should just leave the captcha off then???

cool, I might try the plug in, I am so wary of screwing the store up, and having to lose, and upload it all again..

Wish I could understand cpanel, I feel so simplified lol

35 minutes ago, Dirty Butter said:

We found this check of submitted registration data to be very useful, but I don't want to call too much attention to the solution. Do a little searching on the forum.

AGH!! It's not on this forum, but the 3rd party forum. There is a discussion of Spam Control.

Were you talking to me Butter, I got confused, and not sure what you mean.

Can you give me more info on finding this spam control thread? not sure what you mean about the 3rd party

Link to comment
Share on other sites

I just installed the security thing that was suggested beloe, but I dont see anywhere to place an ip to block, it only has zones in a drop down, and if I add a zone, then anyone from that zone will be locked out... I thought it should have a slot to actually add an IP address number???

I don't have the paid supprt and can not afford to

 

btw, reseaching the ip, it claims it is from an American city

 

Link to comment
Share on other sites

15 minutes ago, Dirty Butter said:

I managed to lock myself out of the Security plugin when my Charter account changed my IP address - I had mistakenly thought I had a permanent IP address with our internet provider.

 

I'll PM the url to the directions for the spam control code @digiscrapcafe That's all I use.

Thank you, I will try to make sense of it, and if not, I will be posting more questions in this thread... thanks to both of you so far

Link to comment
Share on other sites

3 hours ago, bsmither said:

Unfortunately, my research tells me that Google's reCaptcha (used by CC6) has been thoroughly compromised.

I am using the captcha on my vintage collectibles shop, and it is using Foundation...

I am not sure what you mean about comprimised, it doesn't sound good, but do you think I should disable it.

Also, Dirty Butter did a test for me after I followed instructions, (she will most likely ask you about it as she would like to keep it private)

and the test failed miserably LOL, so maybe you have the answers.... I may be leaving to have dinner soon, but of course will be hoping for more help

Link to comment
Share on other sites

If you want to block an IP or IP range, this is normally done at the server firewall level, or at the hosting companies firewall which sits between your server and the internet. You should have the ability to block access to your site via your hosting control panel or by asking your hosting company to block IP's for you.

blocking it on your server within the web server is not recommended as it adds overhead to your server, especially if your server is being attacked.

As for reCaptcha, I would ensure you are using the most recent reCaptcha that is available in the store settings and requires you to register for an API key. It's more advanced and will dynamically change the complexity of the challenge offered to the customer during registration based on their reputation (and some other factors). It's not a bullet proof way to 100% stop bots, but it will certainly make it more difficult for them and should reduce the problem you are having.

 

 

 

Link to comment
Share on other sites

thank you both....

bsmither, it is really late here now, I am going to bed, but I may hit you up via message in the next few days as Butter suggested to me, to see if you can figure out why the codes she sent me links to don't work for me... we will have to do that via private message, as she would prefer the info be kept under the radar

Good night

Link to comment
Share on other sites

I would complete support the statements by Noodleman above - IP blocking is much better done at a hosting level - it can easily be done via cPanel yourself or speak to your hosting company and they will / should do it for you and might even block at a server level - we often do that where we see unsophisticated bots like this.  Generally, IP blocking like this is actually fairly pointless and a never ending task - most hackers and bots would use rotating proxy servers and can appear to be coming from hundreds or many thousands of different IP addresses from around the world - more sophisticated security is required in these cases which we implement at a server level but nothing is ever 100% and it is a constant battle for us hosting companies as well !

In terms on the captcha, I would also always suggest that they are switched on - it really isnt that much of an issue for customers now (there were times when they were a real pain) and does provide a lot of protection

Ian

Link to comment
Share on other sites

8 hours ago, havenswift-hosting said:

I would complete support the statements by Noodleman above - IP blocking is much better done at a hosting level - it can easily be done via cPanel yourself or speak to your hosting company and they will / should do it for you and might even block at a server level - we often do that where we see unsophisticated bots like this.  Generally, IP blocking like this is actually fairly pointless and a never ending task - most hackers and bots would use rotating proxy servers and can appear to be coming from hundreds or many thousands of different IP addresses from around the world - more sophisticated security is required in these cases which we implement at a server level but nothing is ever 100% and it is a constant battle for us hosting companies as well !

In terms on the captcha, I would also always suggest that they are switched on - it really isnt that much of an issue for customers now (there were times when they were a real pain) and does provide a lot of protection

Ian

Thank you for responding, based on what you said, I am already scared of the cpanel lol,

so I think I will just live with it, and hope it stops.

I did leave the captcha working on the shop that I am using Foundation on, because it works there.

However, it does not work on any of the other free templates I am using (currently using Karouto) so I had 

to turn it off because it was keeping real customers from purchasing or registering..

Link to comment
Share on other sites

yeah, I might, but last time, it was a lot miscommunicating before they actually understood me and got it right lol

What I really wish, is that a new captcha would work on all the other free skins/templates, because so far, knock wood,

I have not yet had this problem on the (foundation) shop that is able to use one. Is there a fix for all the other free ones, I wonder. 

If anyone knows of one, I would appreciate being pointed in that direction.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...