IP Trap ... From LinuxUK

Visit my store for more free help files, more being added all the time!

IP Trap Version 6.

This Version is a total rewrite of the IP trap, this version see's the Trap move to the Database, with an admin configuration page.

More Robust
Easier to use
Provides you with visibility of trapped IP numbers with a link to view info on the IP address
Also stores the users User Agent, the Host Name, Date Trapped, and if the IP was Trapped or added by an Admin
Easily add and IP via admin, View, or edit IP numbers, and change from the Black list to the White list, or simply remove the IP number.
Multi language support, translate the languge files to your language and upload to the directory.

I have used osCommerce tep_functions where they exist providing harmony and lean code.
Some files have been removed, and placed into other files, installation will take around 10 minutes, prior to installing please back up both your Database and you files.

Please make sure you take the time to read this fully, I get lots of questions that are answered here, take a few minutes and read this.

Update or installation service.

If you are unable to install this yourself, why not get the person who wrote it to install it for you?
I offer a paid installation, or upgrade service and this is just an email away
Contact me here.

See it in action

You can see the trap in action by visiting http://www.development-server.net/233/admin you will be blocked, contact me with your IP number if you want to be removed or added to the White list to try it out

How it works

The key to the IP trap mainly is the robots.txt
Listed in the robots.txt are defines that disallow search engines from visiting
Disallow: /catalog/personal/ is one, any good bot will see this and obey, any bad bot will head straight for it looking for sensitive information that might be contained in the folder.
When this happens the trap is triggered, the bots IP number is saved in the Database, and the bot is redirected to the blocked page.
When any user enters your site the IP number is checked against the IP Numbers in the database, if it exists then the user is directed to the blocked page, this is all they will see no matter what page they try to reach on your catalog.
It will also catch and block any snoopers trying their luck!

The White list has a similar role, only if the IP number exists. and is set to WHITE, the use will be redirected to the index page not the blocked page.
If the robots.txt is not properly defined any search engine can fine its way to the IP Trap and get trapped, your Google, Lyocs etc.. listing will then only display the blocked page, not good!
To prevent this it is essential that your robots.txt file is

In the right location, no matter where your store is the robots.txt always has to be in the root.
lists the folder name you choose to give your trap (presently it is personal, you may change to anything you like, "Admin" is a good one)

Limitations

The IP Trap is only one way to secure your site, not the only way.
You should consider XSS protection, htaccess protection, Site Monitors etc...
The IP Trap is able to work as part of XSS add-ons, by changing the log.php entry to personal/index.php

The IP Trap is very effective, however being IP based it only has an impact on the IP number used in the attack, if the attacker changes IP numbers that are not listed then they will still be free to roam your site.

Caveat

For those of you that use the osc_sec add on, and has set it to IP_Trap, this will no longer work, you will need to update this add-on if you still wish it to use the IP Trap to ban users

Your Trap is set to the folder "Personal", I suggest as you have moved your admin folder, you now rename personal to "admin" this will help trap more bots, snoopers.
Please make sure you also change the settings in the personal / htaccess file. This file redirects any type of error back to the index page initiation the trap.

Updating existing installs of IP Trap

If you would prefer to use this version, you will need to removed the old IP Trap, and install this one. It is not backwards compatible
If you would like for me to do this for you, I can also move all trapped IP numbers into the Database.

Please Contact me.

Assumptions

your store resides in the catalog folder, if yours is different you need to make the changes.

Please note, if you're store is the Catalog folder, your robots.txt file should be in the root of your web hosting account, you robots.txt would then address items in the catalog folder as

Disallow: /catalog/personal/

If the store is held in root, then your robots.txt file should address the items as

Disallow: /personal/

The IP Trap is set by the robots.txt file, failure to comply with this, or set up incorrectly in any way will result in you banning SEO bots and potential customers!

Skill level

Easy - intermediate,this package has been created to give you the easiest way to add it
It does require that you make changes to your site files.

Backing up

It is important that before any work is carried out on your store, you back up the files you are going to work on BEFORE you begin work.

Versions

The IP Trap is version and platform independent it can be used on any version of sc it can also be used on non osCommerce sites including HTML sites (with a few changes)

Pre Requisites

FTP Program
Text editor
Access to you phpmyadmin

Free Programs

There are many free programs you can use without having to buy one, here are just a few.

FTP Filezilla
Text editor Notepad ++

Install time

This install will take you around 10 minutes.

Install the Trap

There are some new files to add and some existing files to edit, also an SQL table to insert into your database.

New Files

robots.txt (if not exists)
catalog / ind.php
catalog / blocked.php
catalog / personal / index.php
catalog / personal / .htaccess
catalog / images / stop.png
catalog / admin / iptrap.php
catalog / admin / images / icon_green.gif
catalog / admin / images / icon_red.gif
catalog / admin / includes / boxes / iptrap.php
catalog / admin / includes / languages / english / iptrap.php

Files to Edit

robots.txt (if already exists)
catalog / includes / filenames.php
catalog / includes / database_tables.php
catalog / includes / application_top.php
catalog / admin / includes / column_left.php
catalog / admin / includes / filenames.php
catalog / admin / includes / stylesheet.css
catalog / admin / includes / languages / english.php

---------------------------------------------------------------------------

Database additions

Step 1.

Insert the SQL to your Database

---------------------------------------------------------------------------

Catalog side Edits

Step 2.

This step requires you upload the new files to your site, please make sure that you match the admin folder to your admin folder name (rename the folder) and allow for the location of your site files, this is currently set to "catalog".

Upload the files to your store, keeping the directory tree as is.

---------------------------------------------------------------------------

Step 3.

USE A GOOD TEXT EDITOR, LIKE NOTEPAD ++

End of Catalog side Edits.

Start of Catalog / admin side Edits.

End of Catalog / admin side Edits.

If you have followed the install instructions correctly, you now have the IP Trap installed and working.

User Manual.

The IP Trap Admin Page.

From this page you are able to carry out table maintenance on the IP Trap, you can

Add an IP
Delete an IP
Change an IP state from Whitelist to Blacklist or vis versa
View IP numbers and associated information
Investigate information on the IP number via a link.
View if the IP was entered by an admin of were trapped.

Add your IP to the IP Trap Whitelist via Admin.

To add your own IP number to the white list
To find you own IP number use an online tool such as http://www.ip-adress.com/
Make a note of your IP number.
Goto your admin / Ip trap
IP Trap Admin page
Click on "Insert"

Your IP Number is now added to the whitelist.

Line example

The image above presents how the line looks, there are no User Agent or Host Names associated with a manual addition

IP Trap edit page

To alter an IP numbers state from Whitelist to blacklist

Find the IP number you want to change, click the row to select it and then click "Edit" the page will present you the following screen

Edit

Click the drop down list and select the option you require, then click update.

Robots.txt correct syntax

The robots.txt file should be correctly constructed in order for it to work effectively, see example (this is for a store in the catalog folder)

If your store is root it will look like

I am able to provide you with any type of security work,

Investigate, discover, and remove hackers code from your site
Provide you with the tools necessary to maintain a healthy and secure environment for your site
Consult on security arrangement for your site
Update your old version site to conform to combat the security risks involved with using it ( I understand you have a lot of custom work you do not want to loose or have the hassle, inconvenience and cost of having a new site made)

Please contact me for more information or a quote

So what's next?

I am currently working on a fantastic extension to this add on, that will add a layer of security not yet seen with the osCommerce package!
This is still in the development stage, I will get it out as soon as it is tested and passed fit for service, I will also be asking for Beta testers for this....

AS WITH ALL CONTRIBUTIONS THIS IS USED AS IS AND YOU INSTALL AT YOUR OWN RISK. BACK UP BEFORE YOU USE

Contributions take a long time to create, to keep them coming please consider donating

Enjoy

http://www.linuxuk.co.uk web site development, showcase & shopping cart sites. Specialise is osCommerce, Layout, design, implementation, installation, Graphics, contribution installation & making them work!, custom code, problem solving, + more.
I can be contacted on the forum here I am I might not be able to answer you immediately so please be patient.