ProductCart Shopping Cart Software Forums : Blocking IPs

Blocking IPs : Check your Private Messages Hamish...

Wed, 06 Aug 2008 09:29:35 +0000

Author: Logistix
Subject: 1858
Posted: 06-August-2008 at 9:29am

Check your Private Messages Hamish :)

Blocking IPs : Hi, there are several options,...

Mon, 04 Aug 2008 13:57:36 +0000

Author: Hamish
Subject: 1858
Posted: 04-August-2008 at 1:57pm

Hi, there are several options, as always. It partly depends on how much updating it will require & how many ranges you want to block.

What are these miscreants doing? Are they trying to login to your site as Admin or Users?

If so then an easier solution that will pretty much stop them in their tracks is to switch on the "captcha" images in :-
Settings > Advanced Security Settings
- Enable both the "Use random number images" options.

It blocks pretty much every automated method of attacking the login pages and slows dramatically slows down manual attacks as they have to get the password right AND make sure they get the numbers from the image entered correctly. If you enable this the bad guys will most likely move on to fresh targets.

Blocking IPs : Sorry Hamish I mis-understood...

Sun, 03 Aug 2008 16:25:45 +0000

Author: Logistix
Subject: 1858
Posted: 03-August-2008 at 4:25pm

Sorry Hamish I mis-understood what Local_Addr does. It's the local IP of the server not of the workstation which made the request. My bad :)

Is there a quicker way of blocking IPs if I want to block lots of ranges of IPs?

Blocking IPs : Hi Logistix, Hmmm - I'm no...

Sun, 03 Aug 2008 15:26:10 +0000

Author: Hamish
Subject: 1858
Posted: 03-August-2008 at 3:26pm

Hi Logistix,
Hmmm - I'm no great expert on this so I did a quick Google. According to the info I found:-

LOCAL_ADDR : Returns the server address on which the request came in.

I would understand that to mean that the address you would get from that is the server at your ISP that received the request - I would think this would always be the same for ALL traffic, legitimate or spam. If so then if you succeed you would you block your site off from the world (I guess that would block the site spammer !!!! ) Have I misunderstood this?

Blocking IPs : How would I go about blocking...

Sun, 03 Aug 2008 15:00:24 +0000

Author: Logistix
Subject: 1858
Posted: 03-August-2008 at 3:00pm

How would I go about blocking an IP with the variable "Local_Addr" using your whole range method Hamish? The spam is coming from the same local IP each time.

RemAddr = Request.ServerVariables("Local_Addr")
If (RemAddr >= "x.x.x.x") and (RemAddr <= "x.x.x.x") Then
Response.End
End if

This doesn't seem to work, any ideas?

Blocking IPs : Thanks for that Hamish very useful...

Thu, 31 Jul 2008 13:22:55 +0000

Author: Logistix
Subject: 1858
Posted: 31-July-2008 at 1:22pm

Thanks for that Hamish very useful info :)

Blocking IPs : Hi Logistix, I'm in the...

Thu, 31 Jul 2008 10:54:44 +0000

Author: Hamish
Subject: 1858
Posted: 31-July-2008 at 10:54am

Hi Logistix,
I'm in the UK as well. IP addresses were handed out in "blocks" to ISP's all round the world, so I don't think there is a simple way of blocking whole countries, BUT you can block whole IP ranges, or rather subnets. A quick bit of googling reveals there are 91,000+ blocks of IP addresses by country - so It's best to target the specific IP or IP range that's causing you trouble.

www.aspfaqs.com/ASPscripts/PrintFAQ.asp?FAQID=179

I use a Whois program from Karen Kenworthy (www.karenware.com) to look up IP addresses as this tells me the IP range the address is part of as well as the origin.

As an example the random IP address : 87.212.134.19 gives a result of :-
inetnum:        87.212.128.0 - 87.212.159.255
netname:        VERSATEL-CONSUMER-2
descr:          Versatel Consumer is one of the largest ISP's in the Netherlands

If you really wanted to block the WHOLE of this range you could try code like :-
RemAddr = Request.ServerVariables("Remote_Addr")
If (RemAddr >= "87.212.128.0") and (RemAddr <= "87.212.159.255") Then
Response.End
End if

As an aside, whilst writing this I came across : www.proxyserverprivacy.com/ipaddress_range.php where you can get lists of IP address ranges by country.

If it's a really important issue you could use a service such as the one provided by GeoIP.com - which provide a DB and API's to allow you to check IP addresses against the DB.

Blocking IPs : Hamish wrote:When you say "spam"...

Thu, 31 Jul 2008 10:03:16 +0000

Author: Logistix
Subject: 1858
Posted: 31-July-2008 at 10:03am

Hamish wrote:

When you say "spam" your site - I assume they are trying to get in via the logon pages?

That's correct, specifically contact.asp more than anything which is really odd. I used to have Google Ads but not anymore...

How would I go about blocking a range of IPs or entire countries? I am based in the UK and 99% of business is based in the UK.

Blocking IPs : Hi Logistix, When you say "spam"...

Thu, 31 Jul 2008 09:46:08 +0000

Author: Hamish
Subject: 1858
Posted: 31-July-2008 at 9:46am

Hi Logistix,
When you say "spam" your site - I assume they are trying to get in via the logon pages?
In which case blocking them is a great idea. You may want to block whole subnets, assuming that the subnets in question are outside your target geographical market.

Another instance where you may wish to block specific IP addresses is if you use Google Ads and someone is carrying out click fraud against your adverts. We have discovered very suspicious activity on one of our clients ad campaigns just today. Google provide a tool to prevent the ads being served to specified IP addresses.

Blocking IPs : @Alan - It appears someone is...

Thu, 31 Jul 2008 09:30:49 +0000

Author: Logistix
Subject: 1858
Posted: 31-July-2008 at 9:30am

@Alan - It appears someone is spamming my website (for whatever reason) and the attacks seem to be coming from set IPs.

The solution isn't perfect, but because I don't have access to IIS, it's the next best thing. All my logon pages require a security code, and I have setup my control panel to alert me if x amount of invalid attempts are made. This is how I know my site is being targetted.