logo
Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Icon
Error

Options
Go to last post Go to first unread
brant25348293  
#1 Posted : Monday, April 17, 2023 12:09:54 PM(UTC)
brant25348293

Rank: Advanced Member

Groups: HelpDesk
Joined: 1/20/2020(UTC)
Posts: 43

I would like to see some option to (Automatically) block IP addresses temporarily (for a week or so) that are trying to hack into the system. Several times a week we get "suspicious request" requests errors in the log. Some days we get hundreds of these and they are filling up the database until we delete them. For example:

suspicious request, sortexpresssion querystring paramter do not match the regex. sortExpression = -2300%' OR 5661=5661-- Bufc IP ADDRESS: 152.89.196.113

Edited by user Monday, April 24, 2023 10:28:09 AM(UTC)  | Reason: Not specified

Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.

ray22901031  
#2 Posted : Monday, April 17, 2023 12:33:09 PM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
I am not sure what version you're using, but that option it's already included in the system. Go to configuration, security, and firewall and you'll see it there.

Please note that blocking it at this area only blocks it at the AbleCommerce level, not the server.

-Ray

Edited by user Monday, April 17, 2023 12:34:38 PM(UTC)  | Reason: Not specified

brant25348293  
#3 Posted : Monday, April 17, 2023 2:21:20 PM(UTC)
brant25348293

Rank: Advanced Member

Groups: HelpDesk
Joined: 1/20/2020(UTC)
Posts: 43

The configuration - security - firewall only allows you to manually block IP addresses. That does not help. I am looking for something that will automatically block this if it detects hacking. Many of these attacks occur in the middle of the night and by morning when we are awake there were hundreds of hacking attempts and by then the hacker has already moved on. So updating the IP manually does not help.
ray22901031  
#4 Posted : Monday, April 17, 2023 2:42:54 PM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
Quote:
>> I would like to see some option to temporarily block IP addresses that are trying to hack into the system. <<


I responded to your statement above.

You're looking for AI to block things automatically; no AI can truly block 100% without blocking some good bots. This capability will never be in
AbleCommerce, nor should the developers spend any time on anything like this.

I suggest you try Cloudflare since this is more of their style. Unfortunately, you're looking for the business edition, which is about 250 per month. Even with their bot's detection AI, they are not 100% accurate.

Human intervention is required.

We have the business edition, and we swear by it, been there, done that; blocking is not the only tool available. There are other options as well, including serious monitoring, which AbleCommerce is not designed to do.

Unless you're willing to invest some money upfront, nothing the developers can do will fit your needs.

I hope this helps.

-Ray
brant25348293  
#5 Posted : Monday, April 24, 2023 10:34:52 AM(UTC)
brant25348293

Rank: Advanced Member

Groups: HelpDesk
Joined: 1/20/2020(UTC)
Posts: 43

This is not that difficult to implement and it does not require AI. It would work like an if-then routine.
If AbleCommerce reports more than 10 "suspicious Requests" from the same IP address within a 10 minute window in the error log, Then block that IP for a week. I am sure it would not be that difficult to add it as an option in the security section. Last night I received 160 "suspicious Requests" in a 2 minute timeframe; hackers from some other country for sure.
ray22901031  
#6 Posted : Monday, April 24, 2023 12:45:02 PM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
Quote:
This is not that difficult to implement and it does not require AI. It would work like an if-then routine.


AI is indeed needed because what might be considered a threat to you would not be considered a threat to someone else. Just because something gets written in the error log doesn't mean that it's a hack. I have people who sometimes don't get a shipping quote or search for something with a special character, addresses that don't match, and many other things that would trigger notifications in the error logs. They are not considered threats, at least by me.

Quote:
If AbleCommerce reports more than 10 "suspicious Requests" from the same IP address within a 10 minute window in the error log, Then block that IP for a week. I am sure it would not be that difficult to add it as an option in the security section.


If it's not that difficult, you should have no problem creating one yourself. AbleCommerce is a shopping cart platform to sell merchandise, not a platform to act as a heavy-duty, self-adjusting, and learning firewall. I seriously doubt they have the resources to do anything close to what many other platforms on the market have today that are geared specifically for this task.


Quote:
Last night I received 160 "suspicious Requests" in a 2 minute timeframe; hackers from some other country for sure.


In the last year, I've had zero suspicious requests; that's why I use Cloudflare. There are already many solutions today that you can implement, but they require that you open your wallet. At the very least, implement a better firewall on the server.

Respectfully,
-Ray

Additional notes: it is also important to note that many people are behind a corporate firewall; in my case, we use a Watch Guard appliance, there are at least 50 individual computers and network resources all using different IPs behind this appliance. However, you will only see one, the public IP.

So if one of my users triggers an IP restriction, you have blocked everyone in my company. Other larger corporations can have 10s of thousands of users in multiple locations, and all you see is one IP.

Furthermore, someone who truly wants to hack into your system will have access to proxies and multiple IPS that keep changing regularly. IP blocking should be used with extreme caution, and there are many other tools that are more effective.

Hope this helps.

Edited by user Monday, April 24, 2023 2:21:58 PM(UTC)  | Reason: Not specified

brant25348293  
#7 Posted : Tuesday, April 25, 2023 11:37:05 AM(UTC)
brant25348293

Rank: Advanced Member

Groups: HelpDesk
Joined: 1/20/2020(UTC)
Posts: 43

We are a small company with just a few employees so we don't have the resources to setup an extensive firewall, we do not use cloudflare and we do not do development in AbleCommerce; That is why I am posting feature requests. This is an example of a hacking attempt last night, we received over 450 of these errors in a just a few minutes all form the same IP address:

2023-04-24T22:51:18.8900000-04:00,Error,"An error has occured at https://www.idautomation...3&ProductId=71%27%29 AND SLEEP%285%29 AND %28%27hkLK%27%3D%27hkLK&showPanelView=False IP ADDRESS: 193.29.13.232","Exception: Object reference not set to an instance of an object.
ray22901031  
#8 Posted : Tuesday, April 25, 2023 12:41:19 PM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
Even if AbleCommerce would even consider doing anything like this, which I seriously doubt because they're not built for this, it will take some time. You need action now.

Use the built-in firewall in AbleCommerce to block this IP.

Tell your hosting provider to block this IP using the Windows firewall.

If your hosting provider is using an appliance like WatchGuard, make sure that his subscription is up-to-date, as the appliance will block anything that's blacklisted. This IP is blacklisted.

Find another hosting provider, if necessary, that has better firewall capabilities.

Please note, I'm not trying to discourage you, I'm only adding a realistic ingredient to this conversation, if Magento enterprise does not include this feature (they rely on 3rd party) what makes you think AbleCommerce will at any future date?

Start looking for a cloud firewall that's not as expensive as Cloudflare (although they do a lot more); these are your only reasonable choices. IP blocking alone is not going to rectify your problem. You're going to need a third-party tool, and there are many out there.

Even the $20 per month monthly Cloudflare would provide more options than anything AbleCommerce can do. Again, if you're not willing to open your wallet, very little can be done.

I don't like paying $200 a month (the price just went up to $250 by the way, unless you go yearly) for this, but I don't have a choice.

Again, I hope this helps.



You could also try changing your robot.txt, although scammers usually ignore this file. I believe it would be something like this:

Disallow: */ProductReviewsPanel
Disallow: *page=

Edited by user Tuesday, April 25, 2023 12:56:39 PM(UTC)  | Reason: Not specified

david9688526  
#9 Posted : Friday, December 22, 2023 9:25:35 PM(UTC)
david9688526

Rank: Newbie

Groups: Developers
Joined: 4/17/2020(UTC)
Posts: 1

Thanks: 1 times
I agree this is needed. In the last 2 days, I've had over 189,000 PageViews from just 3 "users". Their IP addresses traced back to AWS blocks. No idea if this bot would respect the robots.txt file or how I should set that up to block bots from using search and category queries.
brant25348293  
#10 Posted : Saturday, January 6, 2024 12:34:58 PM(UTC)
brant25348293

Rank: Advanced Member

Groups: HelpDesk
Joined: 1/20/2020(UTC)
Posts: 43

Is there an easy way to use AbleCommerce with Cloudflare and if so how?
ray22901031  
#11 Posted : Sunday, January 7, 2024 9:03:02 PM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
Unfortunately, there is no help manual for Cloudflare accept the information you'll find online, and their online help is quite good.

You'll have to try to figure it out on your own, but many people on their forum can help. I'll be more than happy to answer any questions related to Ablecommerce and Cloudflare.

Besides the fact that it will help improve the speed of your website, an understated benefit is that once you propagate your DNS to Cloudflare, you can change servers instantly without any downtime. This became critical for us last year when our provider was down for almost a week.

Within a few hours, once I realized they could not get their act together, we instantly switched to a different server by changing the IP at Cloudflare.

I hope this helps,
-Ray



Users browsing this topic
Guest (10)
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.