HTTP Error Management System and IP Trap ... From LinuxUK

Visit my store for more free help files, more being added all the time!

HTTP Error management system with IP Trap

I have used osCommerce tep_functions where they exist providing harmony and lean code, this should also ensure it is php 5.4 compatible
Installation will take around 15 minutes, prior to installing please back up both your Database and you files.

Please make sure you take the time to read this fully, I get lots of questions that are answered here, take a few minutes and read this.

Installation service.

If you are unable to install this yourself, why not get the person who wrote it to install it for you?
I offer a paid installation, or upgrade service and this is just an email away
Contact me here.

See it in action

You can see the error page in action by visiting http://www.development-server.net/233/hhh you will be able to see the outputted error page. If you error enough times you will be banned!

History

Many sites I work on do not have any kind of error page set up; normally this is carried out by shtml pages and can be set up however you want them to be.
There are a lot of errors caused by snoopers, and malicious users who probe your site for vulnerabilities, these nearly always go undetected and unresolved - allowing this to go on is hurting your sites efficiency and also potentially leaving it open to attack, Non Malicious errors are produced when a client hits a dead link, there is a server error, an old part of your site is not longer active but search engines and customers still follow links to it. This results in SEO errors, lost customers, and most importantly, lost sales.

Understand what is going on with your site, discover a world of visitors you never knew you had, and sort out those errors!
The most common error you will find will be a missing image, but this is still a problem as it takes up more resource, true, it is not a lot however mutply many times and it an become an issue.

This add on attempts to address this problem, and has a whole host of benefits to you, the site owner.

§ For the occasional customer finding themselves on an error is a nicely presented error page.

§ All in one error page that controls 15 errors (400,401,403,404,405,408,415,416,417,500,501,502,503,504,505, & UNKNOWN).

§ Repeated errors by the same IP number results in the number being banned # set by admin.

§ Google, Bing, Yahoo and MSN are exempt from being banned.

§ Gives you the option to see what strings are being used to try to hack your site and thus be better placed to prepare and defand.

§ Admin page has multiple options

§ View HTTP errors, this will help you identify normal errors like missing images, dead links etc...

§ IP Number is a link to Project Honey pot site to check IP numbers

§ Error number is a link to the W3 school page on errors

§ View, Ban, un-Ban, or delete entries

§ Google, Yahoo, Bing and MSN entries are highlighted red, and are not able to get banned.

§ After a certain amount of error (set in admin) you are banned policy in place (excludes search engines listed above) Can be switched off via admin.

§ Choose to also delete banned IP's when you delete a record on the HTTP error page, or leave the IP number trapped.

§ You get an email informing you of any auto HTTP ban.

§ Wrapped up in this add on is the IP Trap which works with the HTTP errors, and also as a standalone trap.

There is also a maintenance routine included to clear out older database entries (you set the amount of days to keep them) then the script checks and deletes as necessary.
A rescue system is included should you get locked out during testing! (read on for details)

Limitations and Crucial information

This add on will provide you with a wealth of information of HTTP errors that occur on your web site, the add on is set up initially to NOT ban any HTTP errors as from my own experience of working on others sites there are normally a lot of innocent HTTP errors and all you will do is ban customers.
I would recommend that you run this as an HTTP error handling add on for a while and see what information is collected, you can then go and sort out and errors like missing images, or dead links. Once you have this under control you can then set the HTTP file to count the errors and once the same IP gets to 3 it will ban them.
You still have an option in your admin to ban IP numbers of obvious malicious intent (i.e.. searching for phpmyadmin etc ...)

Caveat

Prior to turning on the ban repeated http errors ensure your site is functioning and does not generate its own http errors (by missing images etc..)

Installing your HTTP Error Protection

I am available to install this add on for you, please contact me for more information.

Please Contact me.

Assumptions

your store resides in the catalog folder, if yours is different you need to make changes to the .htaccess additions (See installation notes below).

Skill level

Easy - intermediate,this package has been created to give you the easiest way to add it
It does require that you make changes to your site files.

Backing up

It is important that before any work is carried out on your store, you back up the files you are going to work on BEFORE you begin work.

Versions

This is Version 2 of the combined HTTP erros and the IP Trap

Pre Requisites

FTP Program
Text editor

Free Programs

There are many free programs you can use without having to buy one, here are just a few.

FTP Filezilla
Text editor Notepad ++

Install time

This install will take you around 15 minutes.

Licence and Limitations

This add on is released under the GNU licence, no warranty or responsibility is accepted - you use this add on at your own risk.

Install the HTTP Error Management and IP Trap System

There are some new files to add and some existing files to edit, also an SQL table to insert into your database.

New Files

catalog / Error.php
catalog / ind.php
catalog / blocked.php
catalog / images / error_page_bg.gif
catalog / includes / languages / english / Error.php
catalog / admin / Error.php
catalog / admin / bots.php
catalog / admin / iptrap.php
catalog / admin / images / explain.png
catalog / admin / includes / boxes / iptrap.php
catalog / admin / includes / languages / english / ban_bots.php
catalog / admin / includes / languages / english / Error.php
catalog / admin / includes / languages / english / iptrap.php
catalog / admin / includes / languages / english / images / buttons / button_ban.gif
catalog / admin / includes / languages / english / images / buttons / button_banned.gif
catalog / admin / includes / languages / english / images / buttons / button_free.gif
catalog / admin / includes / languages / english / images / buttons / button_not_banned.png

Files to Edit

catalog / .htaccess
catalog / includes / filenames.php
catalog / includes / database_tables.php
catalog / includes / languages / english.php
catalog / includes / application_top.php
catalog / admin / includes / languages / english.php
catalog / admin / includes / database_tables.php
catalog / admin / includes / filenames.php
catalog / admin / includes / column_left.php
catalog / admin / includes / languages / english.php

Files extra

In the extra's folder is a copy of an HTACCESS file and a Robots file, the robots.txt file should be in the root of your site, regardless where the site files are located.

Next step. Top

---------------------------------------------------------------------------

Database additions
Step 1.

This step requires you upload the new files to your site, please make sure that you match the admin folder to your admin folder name (rename the folder) and allow for the location of your site files, this is currently set to "catalog".

Two folders, 1 for 2.2 family versions and 1 for 2.3xx versions
Upload the files to your store, keeping the directory tree as is.
Next step. Previous Step. Top

Catalog side Edits
Step 2.

Next step. Previous Step. Top

Step 3.

Open catalog / .htaccess and add to the bottom of the file
Note: If your site is not inside a catalog folder you need to edit this entry, as an example -if your site is in root (not folder)
then you need to remove the "/catalog" leaving only "/Error.php?Error=400" and so on.

The part

<Files .htaccess>
order allow,deny
deny from all
</Files>

is optional, it prevents anyone from viewing your .htaccess file.

<Files .htaccess> order allow,deny deny from all </Files> ErrorDocument 400 /catalog/Error.php?Error=400 ErrorDocument 401 /catalog/Error.php?Error=401 ErrorDocument 403 /catalog/Error.php?Error=403 ErrorDocument 404 /catalog/Error.php?Error=404 ErrorDocument 405 /catalog/Error.php?Error=405 ErrorDocument 408 /catalog/Error.php?Error=408 ErrorDocument 415 /catalog/Error.php?Error=415 ErrorDocument 416 /catalog/Error.php?Error=416 ErrorDocument 417 /catalog/Error.php?Error=417 ErrorDocument 500 /catalog/Error.php?Error=500 ErrorDocument 501 /catalog/Error.php?Error=501 ErrorDocument 502 /catalog/Error.php?Error=502 ErrorDocument 503 /catalog/Error.php?Error=503 ErrorDocument 504 /catalog/Error.php?Error=504 ErrorDocument 505 /catalog/Error.php?Error=505

Please note, if your site is not located inside the catalog folder you will need to adjust these entries

Save and close the file

Next step. Previous Step. Top

Step 4 .
USE A GOOD TEXT EDITOR, LIKE NOTEPAD ++

Step 7.

Open File
catalog / includes / application_top.php
Add to the end before the final ?>

// LINUXUK HTTP Errors and IP TRAP Start // This is a rescue snippet that will unban your IP Number if you have it banned during testing if (isset($_GET['rescue'])) { $Rescue_me = $_GET['rescue']; if($Rescue_me == LINUXUK_HTTP_RESCUE){ $Address = $_SERVER['REMOTE_ADDR']; $rescue_now = tep_db_query("delete from " . TABLE_LINUXUK_HTTP_ERROR . " where linuxuk_error_log_address = '" .$Address ."'"); $rescue_Now = tep_db_query("delete from " . TABLE_IPTRAP ." WHERE IP_Number = '" .$Address ."'"); tep_redirect(FILENAME_DEFAULT); } } // Searches for and finds then blocks Bad Bots. $bots_name = $_SERVER["HTTP_USER_AGENT"]; $bots_query = tep_db_query('select * from ' . TABLE_LINUXUK_BAN_BOTS . ' where linuxuk_ban_bots_names = "'. $bots_name . '" '); $bots_query_Result= tep_db_fetch_array($bots_query); if($bots_name == $bots_query_Result['linuxuk_ban_bots_names']){ tep_redirect(FILENAME_BLOCKED); } // Checks the IP Numbers for banned users. $IP = trim(tep_get_ip_address()); $IP_Trap_Reults_query = tep_db_query('select * from ' . TABLE_IPTRAP . ' where IP_Number = "'. $IP . '" '); $IP_Trap_Result= tep_db_fetch_array($IP_Trap_Reults_query); if($IP_Trap_Result['BAN']== 'BLACK') { // person is on black list tep_redirect(FILENAME_BLOCKED); } // LINUXUK HTTP Errors and IP TRAP end

Next step. Previous Step. Top

End of Catalog side Edits.

Start of Catalog / admin side Edits.

End of Catalog / admin side Edits.

If you have followed the install instructions correctly, you now have the HTTP Error Management system installed and working.

User Manual.

I am able to provide you with any type of security work,

Investigate, discover, and remove hackers code from your site
Provide you with the tools necessary to maintain a healthy and secure environment for your site
Consult on security arrangement for your site
Update your old version site to conform to combat the security risks involved with using it ( I understand you have a lot of custom work you do not want to loose or have the hassle, inconvenience and cost of having a new site made)

Please contact me for more information or a quote

So what's next?

I plan to further develop this add on to encompass further protection of your osCommerce shop files, I have much more in development to be added to this package .... stay tuned for news!.

AS WITH ALL CONTRIBUTIONS THIS IS USED AS IS AND YOU INSTALL AT YOUR OWN RISK. BACK UP BEFORE YOU USE

Contributions take a long time to create, to keep them coming please consider donating

Enjoy

http://www.linuxuk.co.uk web site development, showcase & shopping cart sites. Specialise is osCommerce, Layout, design, implementation, installation, Graphics, contribution installation & making them work!, custom code, problem solving, + more.
I can be contacted on the forum here I am I might not be able to answer you immediately so please be patient.