ver 3.0.3.3
in the htaccess file i tried blocking all russia ip addresses using "https://www.countryipblocks.net/acl.php"
for some reason it doesnt allow me here in the U.S. to access the admin or web site.
but if i just block a few specific i addresses all works well.
issue I am having is knowing what ip addresses to block
had a registration last night from russia on the CUSTOMER page IP showed as 176.106.246.67
BUT then when i went to the actual database and looked at logged in IP addresses, this persons IP in the DB shows as 109.248.13.193
So I double checked a couple others, and this same situation occurs???
What exactly are you trying to accomplish? These days it's quite easy to bypass IP-address blocking, by using e.g. a VPN. Are you trying to prevent fake customer registrations or spam messages via your Contact Us page?
And what do you mean when saying:
Which website?
And what do you mean when saying:
?it doesnt allow me here in the U.S. to access the admin or web site.
Which website?
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
I went to that IP addresses site added all IP addresses from Russia to the htaccess file, made sure my own address for some reason wasnt listed (just in case), uploaded the file, after that I was no longer able to access my own site or my own admin panel.
Yes I agree about the VPN issue, I am trying to stop fake contact us messages and customer registrations.
I am already using the Google Captcha, dont think that is doing much, I see online there is software people use to bypass that as well.
Yes I agree about the VPN issue, I am trying to stop fake contact us messages and customer registrations.
I am already using the Google Captcha, dont think that is doing much, I see online there is software people use to bypass that as well.
JNeuhoff wrote: ↑Sun Jan 02, 2022 8:41 pmWhat exactly are you trying to accomplish? These days it's quite easy to bypass IP-address blocking, by using e.g. a VPN. Are you trying to prevent fake customer registrations or spam messages via your Contact Us page?
And what do you mean when saying:?it doesnt allow me here in the U.S. to access the admin or web site.
Which website?
That would result in a huge list of IP-addresses in your '.htaccess'!
If it is just for preventing spambots for doing fake account registrations or sending spam messages via your Contact Us then we recommend using the SpamBot Buster. The latter is capable of distinguishing between genuine human users and spambots pretty reliable, much better than captchas, and there is no need for a captcha.
If it is just for preventing spambots for doing fake account registrations or sending spam messages via your Contact Us then we recommend using the SpamBot Buster. The latter is capable of distinguishing between genuine human users and spambots pretty reliable, much better than captchas, and there is no need for a captcha.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Blocking ip country ranges (and individual ips for that matter) is futile as ip ranges are bought and sold across country lines faster than you can manage them. As above, the list would be huge. Besides, real hackers and fake customers use cloud services, amazon, etc. from your own country, only cheap amateurs still use russia, ukraine, nigeria, the known culprits. So if you are into managing ACLs and such, go ahead, otherwise, don't bother yourself.
The only exception is dynamic ip blocking via a firewall when dealing with a DOS or a DDOS attack but even then you would only keep that block for the duration.
There is however nobody who would DDOS an OC site, you might encounter a very radical bot sometimes which requests 50+ requests per second but even that would not be a DOS attack.
On different recorded ip addresses:
The customer_login table records failed login attempts.
However, a customer can register from ip xxx.xxx.xxx.xxx and later login from ip yyy.yyy.yyy.yyy, ips change, on mobile networks many times in transit during a session actually.
So there is nothing suspicious there.
The only exception is dynamic ip blocking via a firewall when dealing with a DOS or a DDOS attack but even then you would only keep that block for the duration.
There is however nobody who would DDOS an OC site, you might encounter a very radical bot sometimes which requests 50+ requests per second but even that would not be a DOS attack.
On different recorded ip addresses:
The customer_login table records failed login attempts.
However, a customer can register from ip xxx.xxx.xxx.xxx and later login from ip yyy.yyy.yyy.yyy, ips change, on mobile networks many times in transit during a session actually.
So there is nothing suspicious there.
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
This isn't OpenCart specific so you're better off on StackOverflow.belowcost wrote: ↑Sun Jan 02, 2022 1:48 amin the htaccess file i tried blocking all russia ip addresses using "https://www.countryipblocks.net/acl.php"
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
It is best to use a firewall like https://www.getastra.com/ to block malicious bots and certain countries from accessing your website.
I agree Astra is the way to go. Our Astra licenses are less expensive than Astra direct and we provide you with support along with the Astra team.fegdeed wrote: ↑Wed Jan 05, 2022 1:41 amIt is best to use a firewall like https://www.getastra.com/features?refer ... ource=copy to block malicious bots and certain countries from accessing your website.
Opencart Hosting Plans, Domain Registration, Microsoft and Google Email and More
Visit our website for great deals and most importantly, fast and friendly support - www.evolvewebhosting.com
Active Member
Who is online
Users browsing this forum: No registered users and 67 guests
