Post by head_dunce » Wed Feb 12, 2020 10:59 am

Had a problem with Proxies/VPN's from someone/something hitting my site acting as regular users. Came up with a simple script to block them using Perl to do a whois lookup and then an API call to CloudFlare to block the IP. Just sharing in case someone else sees this too. You can play around with the sleep or select line below it depending on how fast you want things noticed and blocked. This is a quick and dirty script that could be improved upon, but works well for now.

Code: Select all

#!/usr/bin/perl

my $cftoken = 'YOURTOKEN';
my $cfuser = 'YOUREMAIL';

my $linesinloglast = `wc -l < /var/log/httpd/access_log`; # USE YOUR APACHE LOG LOCATION

while(1){
        my $newlines = 0;
        $linesinlog = `wc -l < /var/log/httpd/access_log`; # USE YOUR APACHE LOG LOCATION
        if($linesinloglast < $linesinlog){
                $newlines = $linesinlog - $linesinloglast;
        } elsif ($linesinloglast > $linesinlog){
                $newlines =  $linesinlog;
        }
        my $logfile = `tail -n $newlines /var/log/httpd/access_log`;
        my @ips = $logfile =~ /^(\S+)/gm;

        my %dedupehash   = map { $_ => 1 } @ips;
        @ips = keys %dedupehash;

        my $ipcount = scalar(@ips);

        my $totalbanned = 0;

        foreach my $ip (@ips){
                my $whois = `timeout 5 whois $ip`;
                $whois = lc($whois);

                my $blockflag = 0;
                if (index($whois, 'highwinds') != -1) { $blockflag = 1; print "\nHIGHWINDS\n";}
                if (index($whois, 'strongvpn') != -1) { $blockflag = 1; print "\nSTRONGVPH\n";}
                if (index($whois, 'stackpath') != -1) { $blockflag = 1; print "\nSTACKPATH\n";}
                if (index($whois, 'ipvanish') != -1) { $blockflag = 1; print "\nIPVANISH \n"; }
                if (index($whois, 'strongtechnology') != -1) { $blockflag = 1; print "\nSTRONGTECHNOLOGY\n"; }
                if (index($whois, 'strong technology') != -1) { $blockflag = 1; print "\nSTRONGTECHNOLOGY\n"; }
                if (index($whois, 'm247') != -1) { $blockflag = 1; print "\nM247\n"; }
                if (index($whois, 'bandcon') != -1) { $blockflag = 1; print "\BANDCON\n"; }
                if (index($whois, 'netprotect') != -1) { $blockflag = 1; print "\nNETPROTECT\n"; }

                if ( $blockflag == 1) {
                        print "IP: $ip\n";
                        my $cfaction = "curl -s -o /dev/null -X POST -H 'X-Auth-Email: $cfuser' -H 'X-Auth-Key: $cftoken' -H 'Content-Type: application/json' -d '{ \"mode\": \"block\", \"configuration\": { \"target\": \"ip\", \"value\": \"$ip\" } }' https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules";
                        #print $cfaction."\n\n";
                        system($cfaction);
                } else {
                }
        }
        $linesinloglast = $linesinlog;
        #sleep 1;
        select(undef, undef, undef, 0.05);
}

Jim
https://www.carguygarage.com
Yahoo Store since 2006 moved to OpenCart on January 24, 2020


Active Member

Posts

Joined
Thu Apr 04, 2019 11:50 pm

Post by IP_CAM » Wed Feb 12, 2020 2:00 pm

What's the cftoken Value? :D
It must be 15 Years, since I was playing around with Perl ?

My Github OC Site: https://github.com/IP-CAM
5'000 + FREE OC Extensions, on the World's largest Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by head_dunce » Wed Feb 12, 2020 8:09 pm

IP_CAM wrote:
Wed Feb 12, 2020 2:00 pm
What's the cftoken Value? :D
It must be 15 Years, since I was playing around with Perl ?
The CloudFlare token for their API
I can't see writing this type of thing in PHP :laugh:

Jim
https://www.carguygarage.com
Yahoo Store since 2006 moved to OpenCart on January 24, 2020


Active Member

Posts

Joined
Thu Apr 04, 2019 11:50 pm

Post by rahuljain1991 » Thu Aug 19, 2021 3:51 am

Hi

i have a plugin for opencart 3.x which can block visitors comming from using vpn/proxy. i had a customer who faced huge loss due to them so i made this plugin for him last year. since then he hasn't faced similar issue. i have made couple of improvements to it before uploading it to my store.
https://market.authenticitservices.com/ ... 4a7a9483b9

Anyone interested can contact me via whatsapp widget on the store link. demo also available for interested customers.

Best Regards

Rahul Jain
IT Support - always available to help
My Opencart Extensions
Authentic IT Services - Web design and development
AIS MarketPlace


New member

Posts

Joined
Thu Nov 16, 2017 1:39 am


Post by messor » Fri Nov 05, 2021 3:51 am

For block bad ip you can use free opensource plugin Messor
https://www.opencart.com/index.php?rout ... rch=messor

User avatar
Newbie

Posts

Joined
Thu Dec 17, 2020 10:00 pm
Location - USA, Seychellesm

Post by yooteedee » Tue Feb 15, 2022 9:48 am

rahuljain1991 wrote:
Thu Aug 19, 2021 3:51 am
Hi

i have a plugin for opencart 3.x which can block visitors comming from using vpn/proxy.
More and more common users are using VPNs now. If you blanket block all vpns you're also blocking potential customers and real website visits. More and more 'common users' are using VPNs now. Wouldn't this be overkill to use?

Newbie

Posts

Joined
Wed Jan 19, 2022 6:59 am

Post by rahuljain1991 » Sat Oct 22, 2022 8:02 am

yooteedee wrote:
Tue Feb 15, 2022 9:48 am
rahuljain1991 wrote:
Thu Aug 19, 2021 3:51 am
Hi

i have a plugin for opencart 3.x which can block visitors comming from using vpn/proxy.
More and more common users are using VPNs now. If you blanket block all vpns you're also blocking potential customers and real website visits. More and more 'common users' are using VPNs now. Wouldn't this be overkill to use?
Hi, no it have options to choose how you want to do it, like blocking user for a specific country, or filter proxy/vpn based on its ip risk level. so one can filter out vpn user who are most likely not safe.
Link to the module
Website Protection for Opencart 3.x https://market.authenticitservices.com/ ... 4a7a9483b9

Rahul Jain
IT Support - always available to help
My Opencart Extensions
Authentic IT Services - Web design and development
AIS MarketPlace


New member

Posts

Joined
Thu Nov 16, 2017 1:39 am


Post by johnp » Mon Oct 31, 2022 1:23 am

You could also use Cidram:

https://github.com/CIDRAM/CIDRAM

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK
Who is online

Users browsing this forum: No registered users and 2 guests