I made a security program that writes blocked ip to htaccess, it logs the time and date of the blocking so I know exactly when it is happening. I've noticed that some addresses are blocked multiple times, two of them a couple dozen times. I contacted my host and he had no idea of what happened or how it could happen. Has anyone come across this where after an IP has been blocked that IP was still able to access the site beyond the forbidden page?
v3.0.4.0 php 8.1
I'm here for a reason, if your response is contact a/the developer, just don't reply.
Yes, this can happen if your server uses caching or a CDN like Cloudflare.Joe1234 wrote: ↑Fri Jun 06, 2025 11:01 amI made a security program that writes blocked ip to htaccess, it logs the time and date of the blocking so I know exactly when it is happening. I've noticed that some addresses are blocked multiple times, two of them a couple dozen times. I contacted my host and he had no idea of what happened or how it could happen. Has anyone come across this where after an IP has been blocked that IP was still able to access the site beyond the forbidden page?
Also check if .htaccess rules are in the right directory and not being bypassed.
Bots may rotate IPs or spoof headers, making blocks less effective.
Consider using a firewall or security extension for stronger protection.
OpenCart Support | Please email at: devinlabsolutions@gmail.com , info@devinlabs.com 
What does yours do that https://en.wikipedia.org/wiki/ModSecurity doesn't?
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
I'll look into that, thanks. I know I don't have those, I'll see if the host has those things tied in somehow.ravikumar22 wrote: ↑Fri Jun 06, 2025 4:48 pmYes, this can happen if your server uses caching or a CDN like Cloudflare.
I'm no expert, but I programmed somethin I THINK will help detect and defend against that.
@Paul, It was really an exercise on my part, I had two goals 1/ didn't like the whos online feature set, I wanted to see more information at a glance to make an immediate decision on what to do, and have a direct link to where I can get even more detailed info. 2/ I wanted to build a logic that would look at more than just the immediate transgression, I wanted something that would look at the transgression history, time range, ip range, and more of the IP and then take action to add or remove IP from htaccess, archive, blacklist, and more. I hated having to deal with manually staying on top of htaccess entries for putting IPs in and removing them because IPs rotate, and I've come to not like dealing with modsecurity....which by the way you say is awful.
Anyway, mine does auto and manual blocking/unblocking in htaccess OR redirect and warning of IP by country name, plain IP, or octet (1, 2, 3). Rate limiter, "suspicious visit" detection, honeypot with keyword detection on all forms including journals, whitelist, blacklist, archive, export for firewall, and a few more things. Most of all, granular configurability of how it will take action on each aspect. I might sell it in a few months, I don't know.
Attachments
???v3.0.4.0 php 8.1
I'm here for a reason, if your response is contact a/the developer, just don't reply.
Who is online
Users browsing this forum: No registered users and 24 guests
