I got so sick of adding IP's to the web config, I spent an hour writing a rough and ready IP blacklist process on a 2.65 build.
The details are here: http://www.n-connect.co.uk/banned-ip-blocking-in-nopcommerce/
It involves changing the main source, but I'll get started on a module when I get some time. It is also a bit raw, so please let me know if you improve it or I've missed anything out of my how to.
It should work ok on other versions of Nop, but until I try, I don't know. It should be a plugin, so that's my next job now I've done this as a 'proof of concept'.
Banned IP blacklist
- 68
- 1573
- 8/4/2009
- United Kingdom
I've been doing a bit more work on these spam accounts and there are a few things that have come to mind.
Ideally, there needs to be a mechanism whereby we can identify a 'spam' account and just add it to the banned list. So, the basic flow would be like this:
Customer hits the Register() method
Captcha is checked
Honey Pot is tested
Form criteria is tested <- This is where I'm looking at adding some processing to decide whether an application is junk.
Account is added, or if it fails the form criteria test:
IP gets added to banned IPs and visitor gets a nice message to tell them they might be fake and what to do if they aren't.
It would be nice to build up a library of spam content checking processes and having the ability to reject the customer and add them to a blacklist automatically.
There seem to be a lot of fairly obvious clues in many of the spam applications, such as company = 'Google' and email/ forename/surname all containing random junk letters, so there is a starting point for some simple test and rejection to be implemented.
It is inevitable that these spam processes will get more sophisticated and change their input values, but I'm sure a few well considered methods that check the incoming data against specific criteria would eliminate most of the problems with spam.
Work in progress, but any ideas, comments or contributions would be welcome... :)
Ideally, there needs to be a mechanism whereby we can identify a 'spam' account and just add it to the banned list. So, the basic flow would be like this:
Customer hits the Register() method
Captcha is checked
Honey Pot is tested
Form criteria is tested <- This is where I'm looking at adding some processing to decide whether an application is junk.
Account is added, or if it fails the form criteria test:
IP gets added to banned IPs and visitor gets a nice message to tell them they might be fake and what to do if they aren't.
It would be nice to build up a library of spam content checking processes and having the ability to reject the customer and add them to a blacklist automatically.
There seem to be a lot of fairly obvious clues in many of the spam applications, such as company = 'Google' and email/ forename/surname all containing random junk letters, so there is a starting point for some simple test and rejection to be implemented.
It is inevitable that these spam processes will get more sophisticated and change their input values, but I'm sure a few well considered methods that check the incoming data against specific criteria would eliminate most of the problems with spam.
Work in progress, but any ideas, comments or contributions would be welcome... :)
- 26
- 180
- 9/14/2013
- France
I've written a custom task to ban IP Addresses where errors are matched by string or lot of error from same IP address and the same time.
This is really usefull
IP banned addresses receives a nice 404 errors.
All stored in database with error message source.
I don't know how to send to you sources...
Check my website (with a proxy ;-) www.copterlab.com
This is really usefull
IP banned addresses receives a nice 404 errors.
All stored in database with error message source.
I don't know how to send to you sources...
Check my website (with a proxy ;-) www.copterlab.com
- 80
- 894
- 10/12/2012
- United States
neokiller62 wrote:
Does this filter out known search engine IPs? This would make a great plugin for NopCommerce but there are some things to consider here based on what I'm seeing in my own system log: 1) give a 410 or appropriate error to search engines that keep crawling old unavailable links. 2) prevent legit search engines/bots from being blacklisted. 3) integrate an IP lookup API to give us details and/or visuals on an IP in question so we can manually block it or unblock it if it was auto-blocked.
I've been researching several other shopping cart systems lately and most of them have an IP blacklist feature partially to help them with PCI compliance and mainly to prevent hacking attempts from slowing their site to a crawl.
If anyone knows of a plugin or built-in function to do any of this in NopCommerce that I'm overlooking, please let me know.
I've written a custom task to ban IP Addresses where errors are matched by string or lot of error from same IP address and the same time.
This is really usefull
IP banned addresses receives a nice 404 errors.
All stored in database with error message source.
I don't know how to send to you sources...
Check my website (with a proxy ;-) www.copterlab.com
This is really usefull
IP banned addresses receives a nice 404 errors.
All stored in database with error message source.
I don't know how to send to you sources...
Check my website (with a proxy ;-) www.copterlab.com
Does this filter out known search engine IPs? This would make a great plugin for NopCommerce but there are some things to consider here based on what I'm seeing in my own system log: 1) give a 410 or appropriate error to search engines that keep crawling old unavailable links. 2) prevent legit search engines/bots from being blacklisted. 3) integrate an IP lookup API to give us details and/or visuals on an IP in question so we can manually block it or unblock it if it was auto-blocked.
I've been researching several other shopping cart systems lately and most of them have an IP blacklist feature partially to help them with PCI compliance and mainly to prevent hacking attempts from slowing their site to a crawl.
If anyone knows of a plugin or built-in function to do any of this in NopCommerce that I'm overlooking, please let me know.
- 329
- 2583
- 10/27/2009
- Luxembourg
why not firewall ?
I'm working on a RDP Brute Force Defender for VPS or dedicated server, and I created a Windows-Service.
so this defender is checking if someone tries to login on the RDP ports.
If I see 3 login attemps in a short-time frame I know its a robot ( brute force attack)
I'll store the IP in a db (Sqlite) for a certain time
and add a rule in the Windows Firewall
after a certain time I 'll remove the FW-rule.
this is working very nice and its very low on ressources, (and there is nothing to do for admins)
so the question for you, did you thought also about the Firwall ?
using your solution on a application level is consuming pool ressources, every webrequest is compared by the blacklist.
or you are writing IP's to your webconfig (brrrrr)
I'm working on a RDP Brute Force Defender for VPS or dedicated server, and I created a Windows-Service.
so this defender is checking if someone tries to login on the RDP ports.
If I see 3 login attemps in a short-time frame I know its a robot ( brute force attack)
I'll store the IP in a db (Sqlite) for a certain time
and add a rule in the Windows Firewall
after a certain time I 'll remove the FW-rule.
this is working very nice and its very low on ressources, (and there is nothing to do for admins)
so the question for you, did you thought also about the Firwall ?
using your solution on a application level is consuming pool ressources, every webrequest is compared by the blacklist.
or you are writing IP's to your webconfig (brrrrr)