Jump to content

About stopping fake customer registrations from IP 31.184.238.X


Ferguson230

Recommended Posts

I've been getting fake customer registrations from a Russian IP address starting with 31.184.238.X. I have google recapture enabled and has blacklisted the first two ip addresses that first registered using 31.184.238.101 and 31.184.238.190 with Cubecart Security Suite. Is there a way to stop any IP starting with 31.184.238.X from accessing the website? Thanks.

Link to comment
Share on other sites

That would be the new ini-custom.inc.php file in CubeCart's main folder.

The new lines are after the existing opening first line -- having first made this file as explained in the other conversation.

 

 

Link to comment
Share on other sites

On 7/12/2019 at 9:49 PM, bsmither said:

but to also catch that IP address, you can make this change:


<?php
// Add this new line
// Is a hit if IP address starts with...
if( strpos($_SERVER['REMOTE_ADDR'],"31.184.238") === 0 ) exit;

 

@Ferguson230 a much better solution is to block the class C in your .htaccess file rather than via CubeCart 

Link to comment
Share on other sites

  • 3 weeks later...
  • 1 month later...
5 hours ago, keat said:

Blocking the IP is fruitless. Its a bot, so it's IP will change frequently.

Block 31.184.xx.xx today, it will be back in a week with a different IP.

It is not a perfect solution but it quickly stops abuse happening right now from that IP range - blocking individual IP addresses can seem pointless but even then it has it's place. A much better solution is blocking them on the edge before it even gets to the server using complex hardware based firewall rules which is what we implement for our customers and while this cuts down on 99% of abuse - even that isnt 100% foolproof

Link to comment
Share on other sites

Its a never ending battle that we just can't win.

I have a number of countries blocked at firewall level, some of which we would never have any dealings with. Russia and most of the eastern block countries for instance.

The IP's that Furgesson lists, potentially originates from Russia or Ukrane.

However, some countries we just can't block as we do business there.

 

Today, I recieved another one of those explicit emails sent via the contact form. Re-Capture probably circumvented)

Scouring my apache logs, it seems it originated from France, I can't block France as we do business there.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...