Blocking IPs
Printed From: ProductCart E-Commerce Solutions
Category: ProductCart
Forum Name: Customizing ProductCart
Forum Description: Exchange messages with other users that are customizing ProductCart.
URL: https://forum.productcart.com/forum_posts.asp?TID=1858
Printed Date: 26-June-2024 at 6:58am
Software Version: Web Wiz Forums 12.04 - http://www.webwizforums.com
Topic: Blocking IPs
Posted By: Logistix
Subject: Blocking IPs
Date Posted: 30-July-2008 at 9:09am
|
Hello all,
After doing some research, I've successfully managed to block IPs accessing my store. Simply edit Default.asp to read as follows:
<%
If Request.ServerVariables("Remote_Addr") = "xxx.xxx.xxx.xxx" Then Response.End End if If Request.ServerVariables("Remote_Addr") = "xxx.xxx.xxx.xxx" Then Response.End End if 'redirect to home page Response.Redirect("pc/home.asp") %> Add additional code for additional IPs:
If Request.ServerVariables("Remote_Addr") = "xxx.xxx.xxx.xxx" Then
Response.End End if Hope this helps some of you out there! |
Replies:
Posted By: macleather
Date Posted: 30-July-2008 at 2:29pm
|
Logistix, I don't mean to sound dense, but why do you want to block IP addresses? Are you having problems with some surfers? Just curious. Alan |
Posted By: Stuck
Date Posted: 30-July-2008 at 3:36pm
I would sure like to block a copycat competitor or two (If I knew how to do it without blocking potential customers at the same time)! 
|
Posted By: Hamish
Date Posted: 30-July-2008 at 4:08pm
|
Hi, This may work, but is easy to circumvent, If they realise the cause of course! They just need to access the site from elsewhere, use an proxy server, or if they have a dynamic IP address they will be straight in next time they get a new IP address. ------------- Editing ProductCart Code? See http://wiki.earlyimpact.com/developers/editcode" rel="nofollow - WIKI Guidelines for Editing ProductCart's ASP Source Code |
Posted By: macleather
Date Posted: 30-July-2008 at 4:11pm
|
Stuck, Good point, I didn't think of the havoc a unscrupulous competitor could cause.  Alan |
Posted By: Logistix
Date Posted: 31-July-2008 at 9:30am
|
@Alan - It appears someone is spamming my website (for whatever reason) and the attacks seem to be coming from set IPs.
The solution isn't perfect, but because I don't have access to IIS, it's the next best thing. All my logon pages require a security code, and I have setup my control panel to alert me if x amount of invalid attempts are made. This is how I know my site is being targetted.
|
Posted By: Hamish
Date Posted: 31-July-2008 at 9:46am
|
Hi Logistix, When you say "spam" your site - I assume they are trying to get in via the logon pages? In which case blocking them is a great idea. You may want to block whole subnets, assuming that the subnets in question are outside your target geographical market. Another instance where you may wish to block specific IP addresses is if you use Google Ads and someone is carrying out click fraud against your adverts. We have discovered very suspicious activity on one of our clients ad campaigns just today. Google provide a tool to prevent the ads being served to specified IP addresses. ------------- Editing ProductCart Code? See http://wiki.earlyimpact.com/developers/editcode" rel="nofollow - WIKI Guidelines for Editing ProductCart's ASP Source Code |
Posted By: Logistix
Date Posted: 31-July-2008 at 10:03am
|
Hamish wrote:Posted By: Hamish
Date Posted: 31-July-2008 at 10:54am
|
Hi Logistix, I'm in the UK as well. IP addresses were handed out in "blocks" to ISP's all round the world, so I don't think there is a simple way of blocking whole countries, BUT you can block whole IP ranges, or rather subnets. A quick bit of googling reveals there are 91,000+ blocks of IP addresses by country - so It's best to target the specific IP or IP range that's causing you trouble. http://www.aspfaqs.com/ASPscripts/PrintFAQ.asp?FAQID=179 - www.aspfaqs.com/ASPscripts/PrintFAQ.asp?FAQID=179 I use a Whois program from Karen Kenworthy ( http://www.karenware.com - www.karenware.com ) to look up IP addresses as this tells me the IP range the address is part of as well as the origin. As an example the random IP address : 87.212.134.19 gives a result of :- inetnum: 87.212.128.0 - 87.212.159.255 netname: VERSATEL-CONSUMER-2 descr: Versatel Consumer is one of the largest ISP's in the Netherlands If you really wanted to block the WHOLE of this range you could try code like :- RemAddr = Request.ServerVariables("Remote_Addr") If (RemAddr >= "87.212.128.0") and (RemAddr <= "87.212.159.255") Then Response.End End if As an aside, whilst writing this I came across : http://www.proxyserverprivacy.com/ipaddress_range.php%20 - www.proxyserverprivacy.com/ipaddress_range.php where you can get lists of IP address ranges by country. If it's a really important issue you could use a service such as the one provided by GeoIP.com - which provide a DB and API's to allow you to check IP addresses against the DB. http://www.proxyserverprivacy.com/ipaddress_range.php%20 - ------------- Editing ProductCart Code? See http://wiki.earlyimpact.com/developers/editcode" rel="nofollow - WIKI Guidelines for Editing ProductCart's ASP Source Code |
Posted By: Logistix
Date Posted: 31-July-2008 at 1:22pm
| Thanks for that Hamish very useful info :) |
Posted By: Logistix
Date Posted: 03-August-2008 at 3:00pm
|
How would I go about blocking an IP with the variable "Local_Addr" using your whole range method Hamish? The spam is coming from the same local IP each time.
RemAddr = Request.ServerVariables("Local_Addr")
If (RemAddr >= "x.x.x.x") and (RemAddr <= "x.x.x.x") Then Response.End End if This doesn't seem to work, any ideas?
|
Posted By: Hamish
Date Posted: 03-August-2008 at 3:26pm
|
Hi Logistix, Hmmm - I'm no great expert on this so I did a quick Google. According to the info I found:- LOCAL_ADDR : Returns the server address on which the request came in. I would understand that to mean that the address you would get from that is the server at your ISP that received the request - I would think this would always be the same for ALL traffic, legitimate or spam. If so then if you succeed you would you block your site off from the world  (I guess that would block the site spammer !!!! ) Have I misunderstood this? ------------- Editing ProductCart Code? See http://wiki.earlyimpact.com/developers/editcode" rel="nofollow - WIKI Guidelines for Editing ProductCart's ASP Source Code |
Posted By: Logistix
Date Posted: 03-August-2008 at 4:25pm
|
Sorry Hamish I mis-understood what Local_Addr does. It's the local IP of the server not of the workstation which made the request. My bad :) Is there a quicker way of blocking IPs if I want to block lots of ranges of IPs?
|
Posted By: Hamish
Date Posted: 04-August-2008 at 1:57pm
|
Hi, there are several options, as always. It partly depends on how much updating it will require & how many ranges you want to block. What are these miscreants doing? Are they trying to login to your site as Admin or Users? If so then an easier solution that will pretty much stop them in their tracks is to switch on the "captcha" images in :- Settings > Advanced Security Settings - Enable both the "Use random number images" options. It blocks pretty much every automated method of attacking the login pages and slows dramatically slows down manual attacks as they have to get the password right AND make sure they get the numbers from the image entered correctly. If you enable this the bad guys will most likely move on to fresh targets. ------------- Editing ProductCart Code? See http://wiki.earlyimpact.com/developers/editcode" rel="nofollow - WIKI Guidelines for Editing ProductCart's ASP Source Code |
Posted By: Logistix
Date Posted: 06-August-2008 at 9:29am
| Check your Private Messages Hamish :) |