Ferguson230 Posted July 12, 2019 Share Posted July 12, 2019 I've been getting fake customer registrations from a Russian IP address starting with 31.184.238.X. I have google recapture enabled and has blacklisted the first two ip addresses that first registered using 31.184.238.101 and 31.184.238.190 with Cubecart Security Suite. Is there a way to stop any IP starting with 31.184.238.X from accessing the website? Thanks. Link to comment Share on other sites More sharing options...
bsmither Posted July 12, 2019 Share Posted July 12, 2019 You can implement this: https://forums.cubecart.com/topic/54715-potential-malicous-attack/ but to also catch that IP address, you can make this change: <?php // Add this new line // Is a hit if IP address starts with... if( strpos($_SERVER['REMOTE_ADDR'],"31.184.238") === 0 ) exit; Link to comment Share on other sites More sharing options...
Ferguson230 Posted July 12, 2019 Author Share Posted July 12, 2019 Thanks @bsmither, which of the files should I add the above code? Link to comment Share on other sites More sharing options...
bsmither Posted July 12, 2019 Share Posted July 12, 2019 That would be the new ini-custom.inc.php file in CubeCart's main folder. The new lines are after the existing opening first line -- having first made this file as explained in the other conversation. Link to comment Share on other sites More sharing options...
havenswift-hosting Posted July 12, 2019 Share Posted July 12, 2019 The simple solution is to block that C class from accessing your account - then again, we block every single Russian (and Chinese, Ukrainian, Vietnamese and a few others !) IP address from accessing our network so our clients dont have this issue Link to comment Share on other sites More sharing options...
Ferguson230 Posted July 15, 2019 Author Share Posted July 15, 2019 Thanks @bsmither and @havenswift-hosting for your replies. Should I place the new ini-custom.inc.php in public_html folder or public_html/includes folder? And do I have to add an {include file='ini-custom.inc.php'} link to the main.php file in foundation skin? Link to comment Share on other sites More sharing options...
bsmither Posted July 15, 2019 Share Posted July 15, 2019 In CubeCart's main folder. That would be /public_html/ if CubeCart is not in a sub-directory. CubeCart will automatically find and use the code in ini-custom.inc.php. It is not part of a skin. Link to comment Share on other sites More sharing options...
Ferguson230 Posted July 15, 2019 Author Share Posted July 15, 2019 @bsmither thanks a lot. Link to comment Share on other sites More sharing options...
havenswift-hosting Posted July 16, 2019 Share Posted July 16, 2019 On 7/12/2019 at 9:49 PM, bsmither said: but to also catch that IP address, you can make this change: <?php // Add this new line // Is a hit if IP address starts with... if( strpos($_SERVER['REMOTE_ADDR'],"31.184.238") === 0 ) exit; @Ferguson230 a much better solution is to block the class C in your .htaccess file rather than via CubeCart Link to comment Share on other sites More sharing options...
Ferguson230 Posted August 6, 2019 Author Share Posted August 6, 2019 On 7/16/2019 at 11:55 AM, havenswift-hosting said: @Ferguson230 a much better solution is to block the class C in your .htaccess file rather than via CubeCart @havenswift-hosting how do I do that? Link to comment Share on other sites More sharing options...
havenswift-hosting Posted August 6, 2019 Share Posted August 6, 2019 Google is good Have a look at https://htaccessbook.com/block-ip-address/ which is one of many good explanations Link to comment Share on other sites More sharing options...
keat Posted September 10, 2019 Share Posted September 10, 2019 Blocking the IP is fruitless. Its a bot, so it's IP will change frequently. Block 31.184.xx.xx today, it will be back in a week with a different IP. Link to comment Share on other sites More sharing options...
havenswift-hosting Posted September 10, 2019 Share Posted September 10, 2019 5 hours ago, keat said: Blocking the IP is fruitless. Its a bot, so it's IP will change frequently. Block 31.184.xx.xx today, it will be back in a week with a different IP. It is not a perfect solution but it quickly stops abuse happening right now from that IP range - blocking individual IP addresses can seem pointless but even then it has it's place. A much better solution is blocking them on the edge before it even gets to the server using complex hardware based firewall rules which is what we implement for our customers and while this cuts down on 99% of abuse - even that isnt 100% foolproof Link to comment Share on other sites More sharing options...
keat Posted September 11, 2019 Share Posted September 11, 2019 Its a never ending battle that we just can't win. I have a number of countries blocked at firewall level, some of which we would never have any dealings with. Russia and most of the eastern block countries for instance. The IP's that Furgesson lists, potentially originates from Russia or Ukrane. However, some countries we just can't block as we do business there. Today, I recieved another one of those explicit emails sent via the contact form. Re-Capture probably circumvented) Scouring my apache logs, it seems it originated from France, I can't block France as we do business there. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.