OpenCart Community

Posted: **Wed Feb 12, 2020 10:59 am**

Had a problem with Proxies/VPN's from someone/something hitting my site acting as regular users. Came up with a simple script to block them using Perl to do a whois lookup and then an API call to CloudFlare to block the IP. Just sharing in case someone else sees this too. You can play around with the sleep or select line below it depending on how fast you want things noticed and blocked. This is a quick and dirty script that could be improved upon, but works well for now.

Code: Select all

#!/usr/bin/perl

my $cftoken = 'YOURTOKEN';
my $cfuser = 'YOUREMAIL';

my $linesinloglast = `wc -l < /var/log/httpd/access_log`; # USE YOUR APACHE LOG LOCATION

while(1){
        my $newlines = 0;
        $linesinlog = `wc -l < /var/log/httpd/access_log`; # USE YOUR APACHE LOG LOCATION
        if($linesinloglast < $linesinlog){
                $newlines = $linesinlog - $linesinloglast;
        } elsif ($linesinloglast > $linesinlog){
                $newlines =  $linesinlog;
        }
        my $logfile = `tail -n $newlines /var/log/httpd/access_log`;
        my @ips = $logfile =~ /^(\S+)/gm;

        my %dedupehash   = map { $_ => 1 } @ips;
        @ips = keys %dedupehash;

        my $ipcount = scalar(@ips);

        my $totalbanned = 0;

        foreach my $ip (@ips){
                my $whois = `timeout 5 whois $ip`;
                $whois = lc($whois);

                my $blockflag = 0;
                if (index($whois, 'highwinds') != -1) { $blockflag = 1; print "\nHIGHWINDS\n";}
                if (index($whois, 'strongvpn') != -1) { $blockflag = 1; print "\nSTRONGVPH\n";}
                if (index($whois, 'stackpath') != -1) { $blockflag = 1; print "\nSTACKPATH\n";}
                if (index($whois, 'ipvanish') != -1) { $blockflag = 1; print "\nIPVANISH \n"; }
                if (index($whois, 'strongtechnology') != -1) { $blockflag = 1; print "\nSTRONGTECHNOLOGY\n"; }
                if (index($whois, 'strong technology') != -1) { $blockflag = 1; print "\nSTRONGTECHNOLOGY\n"; }
                if (index($whois, 'm247') != -1) { $blockflag = 1; print "\nM247\n"; }
                if (index($whois, 'bandcon') != -1) { $blockflag = 1; print "\BANDCON\n"; }
                if (index($whois, 'netprotect') != -1) { $blockflag = 1; print "\nNETPROTECT\n"; }

                if ( $blockflag == 1) {
                        print "IP: $ip\n";
                        my $cfaction = "curl -s -o /dev/null -X POST -H 'X-Auth-Email: $cfuser' -H 'X-Auth-Key: $cftoken' -H 'Content-Type: application/json' -d '{ \"mode\": \"block\", \"configuration\": { \"target\": \"ip\", \"value\": \"$ip\" } }' https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules";
                        #print $cfaction."\n\n";
                        system($cfaction);
                } else {
                }
        }
        $linesinloglast = $linesinlog;
        #sleep 1;
        select(undef, undef, undef, 0.05);
}

Posted: **Wed Feb 12, 2020 2:00 pm**

What's the cftoken Value?

It must be 15 Years, since I was playing around with Perl ?

Posted: **Wed Feb 12, 2020 8:09 pm**

IP_CAM wrote: ↑
Wed Feb 12, 2020 2:00 pm
What's the cftoken Value?
It must be 15 Years, since I was playing around with Perl ?

The CloudFlare token for their API
I can't see writing this type of thing in PHP

Posted: **Thu Aug 19, 2021 3:51 am**

Hi

i have a plugin for opencart 3.x which can block visitors comming from using vpn/proxy. i had a customer who faced huge loss due to them so i made this plugin for him last year. since then he hasn't faced similar issue. i have made couple of improvements to it before uploading it to my store.
https://market.authenticitservices.com/ ... 4a7a9483b9

Anyone interested can contact me via whatsapp widget on the store link. demo also available for interested customers.

Best Regards

Posted: **Fri Nov 05, 2021 3:51 am**

For block bad ip you can use free opensource plugin Messor
https://www.opencart.com/index.php?rout ... rch=messor

Posted: **Tue Feb 15, 2022 9:48 am**

rahuljain1991 wrote: ↑
Thu Aug 19, 2021 3:51 am
Hi

i have a plugin for opencart 3.x which can block visitors comming from using vpn/proxy.

More and more common users are using VPNs now. If you blanket block all vpns you're also blocking potential customers and real website visits. More and more 'common users' are using VPNs now. Wouldn't this be overkill to use?

Posted: **Sat Oct 22, 2022 8:02 am**

yooteedee wrote: ↑
Tue Feb 15, 2022 9:48 am

rahuljain1991 wrote: ↑
Thu Aug 19, 2021 3:51 am
Hi

i have a plugin for opencart 3.x which can block visitors comming from using vpn/proxy.

More and more common users are using VPNs now. If you blanket block all vpns you're also blocking potential customers and real website visits. More and more 'common users' are using VPNs now. Wouldn't this be overkill to use?

Hi, no it have options to choose how you want to do it, like blocking user for a specific country, or filter proxy/vpn based on its ip risk level. so one can filter out vpn user who are most likely not safe.
Link to the module
Website Protection for Opencart 3.x https://market.authenticitservices.com/ ... 4a7a9483b9

Posted: **Mon Oct 31, 2022 1:23 am**

You could also use Cidram:

https://github.com/CIDRAM/CIDRAM

OpenCart Community

Blocking VPN's / Proxies that are up to no good - IPVanish, etc.

Blocking VPN's / Proxies that are up to no good - IPVanish, etc.

Re: Blocking VPN's / Proxies that are up to no good - IPVanish, etc.

Re: Blocking VPN's / Proxies that are up to no good - IPVanish, etc.

Re: Blocking VPN's / Proxies that are up to no good - IPVanish, etc.

Re: Blocking VPN's / Proxies that are up to no good - IPVanish, etc.

Re: Blocking VPN's / Proxies that are up to no good - IPVanish, etc.

Re: Blocking VPN's / Proxies that are up to no good - IPVanish, etc.

Re: Blocking VPN's / Proxies that are up to no good - IPVanish, etc.