Post by rgfuelcells » Wed Oct 27, 2021 1:26 am

Hello, I'm wondering if anyone has a Web Appilcation Firewall (or WAF) that they would recommend. We have tried using Sucuri's and we haven't been able to activate their firewall without it causing issues. Several of our customers where being blocked from accessing certain parts of the page. We've spoken to Sucuri about these issues but have not been able to resolve them.

So is there a similar Web Application Firewall someboday has gotten their OpenCart 1.5 or 3.0 website to integrate without it causing issues?

Newbie

Posts

Joined
Thu Jun 24, 2021 2:49 am

Post by johnp » Wed Oct 27, 2021 1:41 am

I use Ninja Firewall on my OC sites. It's pretty good. The free one is ok but the paid one is better.

https://nintechnet.com/ninjafirewall/pro-edition

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK

Post by JNeuhoff » Wed Oct 27, 2021 11:08 pm

johnp wrote:
Wed Oct 27, 2021 1:41 am
I use Ninja Firewall on my OC sites. It's pretty good. The free one is ok but the paid one is better.
Is this the same as Bitninja?

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member
Online

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by johnp » Wed Oct 27, 2021 11:15 pm

It's not. It's a small self hosted script. I've used it several times and it works like a charm. It's blocked countless hacks and ddos attacks. IMO it's well worth a try.

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK

Post by rgfuelcells » Wed Oct 27, 2021 11:25 pm

I'm looking into Nintech. Seems fine. I just can't find a registration link. Do you have to purchase a license to be able to register? Either way I was able to download the free version and I found installation instructions on the folder so I'll definitely be checking it out.

Newbie

Posts

Joined
Thu Jun 24, 2021 2:49 am

Post by johnp » Wed Oct 27, 2021 11:27 pm

You purchase a licence for the commercial version. Try the free one first and see if you can get it set up and hooked in ok. Obvs don't get the Wordpress version.

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK

Post by JNeuhoff » Thu Oct 28, 2021 12:48 am

johnp wrote:
Wed Oct 27, 2021 11:15 pm
It's not. It's a small self hosted script. I've used it several times and it works like a charm. It's blocked countless hacks and ddos attacks. IMO it's well worth a try.
Interesting. I just tried on one of my websites, and it appears to be able to reject bruteforce POST requests via a simple rule in the .htninja :

Code: Select all

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
	if (empty($_GET)) {
		return 'BLOCK';
	}
}
However, all of the attacker's POST requests are still being logged in the server's raw access log, so the latter will get inflated very quickly!
See also this forum thread.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member
Online

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by johnp » Thu Oct 28, 2021 1:05 am

Any suggested tweaks to make things better?

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK

Post by johnp » Thu Oct 28, 2021 1:07 am

FYI. I also use this bad traffic blocker alongside Ninja Firewall. Probably not the perfect solution but I'm sure it helps.

https://github.com/CIDRAM/CIDRAM

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK

Post by JNeuhoff » Thu Oct 28, 2021 1:15 am

Well, the Ninja Firewall works, it rejects bruteforce attackers POST requests successfully with 403 Forbidden responses. But as I said, the Apache server access logs gets inflated very quickly in size. Hence I cannot see it as a useful tool for bruteforce attacks.

We have several websites being subjected to bruteforce attacks for several weeks now, as discussed on the other forum thread.

We are currently using Bitninja which solves it to degree, but even that tool still lets some of the bruteforce attacks through to to web server.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member
Online

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by johnp » Thu Oct 28, 2021 1:20 am

Not being a server guy I'm limited in my knowledge. Can server logs not be limited in size and rotated?

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK

Post by alber99 » Sun Feb 25, 2024 2:26 am

Ninja Firewall vs Bitninja vs CIDRAM.

Thoughts, opinions -- which is better?

New member

Posts

Joined
Sun Apr 08, 2012 9:14 am

Post by johnp » Mon Feb 26, 2024 12:38 am

Ninja Firewall is good and has a free version. Cidram is a bad traffic blocker. They both do different jobs. I run both side by side. Bitninja looks ok but it costs.

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK
Who is online

Users browsing this forum: No registered users and 4 guests