Jump to content
Ferguson230

About stopping fake customer registrations from IP 31.184.238.X

Recommended Posts

I've been getting fake customer registrations from a Russian IP address starting with 31.184.238.X. I have google recapture enabled and has blacklisted the first two ip addresses that first registered using 31.184.238.101 and 31.184.238.190 with Cubecart Security Suite. Is there a way to stop any IP starting with 31.184.238.X from accessing the website? Thanks.

Share this post


Link to post
Share on other sites

That would be the new ini-custom.inc.php file in CubeCart's main folder.

The new lines are after the existing opening first line -- having first made this file as explained in the other conversation.

 

 

Share this post


Link to post
Share on other sites

The simple solution is to block that C class from accessing your account - then again, we block every single Russian (and Chinese, Ukrainian, Vietnamese and a few others !) IP address from accessing our network so our clients dont have this issue 

Share this post


Link to post
Share on other sites

In CubeCart's main folder. That would be /public_html/ if CubeCart is not in a sub-directory.

CubeCart will automatically find and use the code in ini-custom.inc.php. It is not part of a skin.

Share this post


Link to post
Share on other sites
On 7/12/2019 at 9:49 PM, bsmither said:

but to also catch that IP address, you can make this change:

<?php
// Add this new line
// Is a hit if IP address starts with...
if( strpos($_SERVER['REMOTE_ADDR'],"31.184.238") === 0 ) exit;

 

@Ferguson230 a much better solution is to block the class C in your .htaccess file rather than via CubeCart 

Share this post


Link to post
Share on other sites

Blocking the IP is fruitless.

Its a bot, so it's IP will change frequently.

Block 31.184.xx.xx today, it will be back in a week with a different IP.

Share this post


Link to post
Share on other sites
5 hours ago, keat said:

Blocking the IP is fruitless. Its a bot, so it's IP will change frequently.

Block 31.184.xx.xx today, it will be back in a week with a different IP.

It is not a perfect solution but it quickly stops abuse happening right now from that IP range - blocking individual IP addresses can seem pointless but even then it has it's place. A much better solution is blocking them on the edge before it even gets to the server using complex hardware based firewall rules which is what we implement for our customers and while this cuts down on 99% of abuse - even that isnt 100% foolproof

Share this post


Link to post
Share on other sites

Its a never ending battle that we just can't win.

I have a number of countries blocked at firewall level, some of which we would never have any dealings with. Russia and most of the eastern block countries for instance.

The IP's that Furgesson lists, potentially originates from Russia or Ukrane.

However, some countries we just can't block as we do business there.

 

Today, I recieved another one of those explicit emails sent via the contact form. Re-Capture probably circumvented)

Scouring my apache logs, it seems it originated from France, I can't block France as we do business there.

Edited by keat

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...