a Cavallo Communications LLC Trademark
Forum Home Forum Home > CandyPress Support Forums > CandyPress v5.x (Table Based) Support
  New Posts New Posts RSS Feed - Block an IP address
  FAQ FAQ  Forum Search   Register Register  Login Login

Updates Released - FedEx Web Services added and more..

Block an IP address
 Post Reply Post Reply
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
wimike View Drop Down
Registered
Registered
Avatar

Joined: May-17-2008
Location: United States
Status: Offline
Points: 60 		Post Options Post Options   Thanks (0) Thanks(0)   Quote wimike Quote  Post ReplyReply Direct Link To This Post Topic: Block an IP address
    Posted: December-11-2011 at 5:32pm
I have a clown coming to my site each day doing about 200 partial orders (just choosing 1 item) then going to the next order. I am guessing this malicious person is trying to break into my admin site.  I am a bit tech challenged and could not find a way to block their IP address. Can someone tell me how?  I have version 5.1.1.6 that I bought 5/25/2011   I did not download the latest update as of yet since my son, who was my tech guy, is too busy right now.  I hope this is simple as it is in eBay where you can just input an IP address is a box somewhere.  LOL 

This is driving me crazy and why if not for breaking into my admin site is this person doing this everyday. Thank you in advance if you have a solution!!! I am hoping the software has something simple built in to block an IP address. Thumbs Up
Back to Top
CandyPress View Drop Down
Admin Group
Admin Group
Avatar

Joined: January-25-2003
Location: United States
Status: Offline
Points: 12070 		Post Options Post Options   Thanks (0) Thanks(0)   Quote CandyPress Quote  Post ReplyReply Direct Link To This Post Posted: December-11-2011 at 8:18pm
You cannot block an IP address from CandyPress - You would need to contact whomever is hosting your website to have them blocked.
 
 
Michael Cavallo
CandyPress eCommerce Solutions
Follow Us on Twitter!
CandyPress
Back to Top
wimike View Drop Down
Registered
Registered
Avatar

Joined: May-17-2008
Location: United States
Status: Offline
Points: 60 		Post Options Post Options   Thanks (0) Thanks(0)   Quote wimike Quote  Post ReplyReply Direct Link To This Post Posted: December-11-2011 at 8:21pm
Thanks for the reply. Is there any reason why clown would be doing this to me about once every other day?
Back to Top
CandyPress View Drop Down
Admin Group
Admin Group
Avatar

Joined: January-25-2003
Location: United States
Status: Offline
Points: 12070 		Post Options Post Options   Thanks (0) Thanks(0)   Quote CandyPress Quote  Post ReplyReply Direct Link To This Post Posted: December-11-2011 at 8:49pm

I would hate to give a lame answer of  "It's that time of year" because we surely have seen an increase in SPAM and activities such as this.  Perhaps they are trying to probe your site for vulnerabilities or something of that nature. 

You should really at least be at the latest version and if you have an issue with an IP address, you should tell your hosting provider.
 
 
Michael Cavallo
CandyPress eCommerce Solutions
Follow Us on Twitter!
CandyPress
Back to Top
wimike View Drop Down
Registered
Registered
Avatar

Joined: May-17-2008
Location: United States
Status: Offline
Points: 60 		Post Options Post Options   Thanks (0) Thanks(0)   Quote wimike Quote  Post ReplyReply Direct Link To This Post Posted: December-26-2011 at 12:55pm
I just talked to my hosting and they told me I need to add a web.config file to my hosting to block an IP address. This I must do myself.  If anyone has the code or how to do it please tell me, Thanks, Mike

It is still the same IP address month after month.
Back to Top
lilaccrafts View Drop Down
Registered
Registered


Joined: May-03-2004
Status: Offline
Points: 1798 		Post Options Post Options   Thanks (0) Thanks(0)   Quote lilaccrafts Quote  Post ReplyReply Direct Link To This Post Posted: December-26-2011 at 7:11pm

Just duplicate how the SA_emailfilter.asp page

Create a new table with two new fields
 
Then just add into the function getUserAddress() in the _INCappfunctions.asp page to get the info from the database and redirecting it to a bogus webpage.
 
Just make a web page that is static if not they will try other IP's
Back to Top
CandyPress View Drop Down
Admin Group
Admin Group
Avatar

Joined: January-25-2003
Location: United States
Status: Offline
Points: 12070 		Post Options Post Options   Thanks (0) Thanks(0)   Quote CandyPress Quote  Post ReplyReply Direct Link To This Post Posted: December-27-2011 at 2:36pm

Yes you can create a web.config file (using a text editor) containing the following:



<?xml version="1.0"?>
<configuration>
   <system.webServer>
      <security>
        <ipSecurity allowUnlisted="true">    <!-- this allows everyone, except those listed below -->                
           <clear/> <!-- removes all upstream restrictions -->
           <add ipAddress="XXX.XXX.XXX.XXX"/>   <!-- block one IP where XXX.XXX.XXX.XXX is the IP-->                
        </ipSecurity>
      </security>
      <modules runAllManagedModulesForAllRequests="true"/>
   </system.webServer>
</configuration>

 
You would then upload this to the root of your website.
Michael Cavallo
CandyPress eCommerce Solutions
Follow Us on Twitter!
CandyPress
Back to Top
Daniel Jay View Drop Down
Registered
Registered
Avatar

Joined: December-12-2004
Location: United States
Status: Offline
Points: 369 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Daniel Jay Quote  Post ReplyReply Direct Link To This Post Posted: January-14-2012 at 9:52pm

<script type="text/javascript">


//Enter list of banned ips, each separated with a comma:
var bannedips=["68.38.00.000", "68.38.00.000"]

var ip = '<!--#echo var="REMOTE_ADDR"-->'

var handleips=bannedips.join("|")
handleips=new RegExp(handleips, "i")

if (ip.search(handleips)!=-1){
alert("Your IP has been banned from this site. Redirecting...")
window.location.replace("http://www.google.com")
}

</script>
Back to Top
jeepin View Drop Down
Registered
Registered


Joined: June-30-2004
Location: United States
Status: Offline
Points: 56 		Post Options Post Options   Thanks (0) Thanks(0)   Quote jeepin Quote  Post ReplyReply Direct Link To This Post Posted: January-27-2012 at 4:53pm
As previously stated, you can't block an IP from within CandyPress, but I've had the same 'issue' with my store front (though not on a daily basis).  I'd wager it's the same IP as the one that's hitting your store.  I recently googled the IP address and it comes up with a bunch of results about it being a comment spammer IP address.
-Jason
Jeepin.com/JeepinOutfitters.com
Back to Top
My_PC View Drop Down
Registered
Registered


Joined: October-04-2005
Location: Australia
Status: Offline
Points: 333 		Post Options Post Options   Thanks (0) Thanks(0)   Quote My_PC Quote  Post ReplyReply Direct Link To This Post Posted: February-16-2012 at 8:11pm
In dbconn, I do this to block all ips starting with NN. 

'START BAN IP ADDRESSES
dim sIpCheck 
sIpCheck = "x" & Request.ServerVariables("REMOTE_ADDR")
if instr(sIpCheck,"xNN.") = 1 then response.end
'END BAN IP ADDRESSES
Back to Top
CandyPress View Drop Down
Admin Group
Admin Group
Avatar

Joined: January-25-2003
Location: United States
Status: Offline
Points: 12070 		Post Options Post Options   Thanks (0) Thanks(0)   Quote CandyPress Quote  Post ReplyReply Direct Link To This Post Posted: February-17-2012 at 11:52am
As a history to this, a lot of spammers like to hit CandyPress due to an old issue with the Email to a Friend script that was corrected about a year ago.

Best would be to use a .htaccess file to restrict IP addresses.

It's the nature of running an online store, regardless - you have to pay attention to security.
Michael Cavallo
CandyPress eCommerce Solutions
Follow Us on Twitter!
CandyPress
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 10.01
Copyright ©2001-2011 Web Wiz Ltd.

© 2001 - 2012 Cavallo Communications LLC. All rights reserved.