I am not sure what version you're using, but that option it's already included in the system. Go to configuration, security, and firewall and you'll see it there.

Please note that blocking it at this area only blocks it at the AbleCommerce level, not the server.

-Ray

Edited by user Monday, April 17, 2023 12:34:38 PM(UTC)  | Reason: Not specified

I responded to your statement above.

You're looking for AI to block things automatically; no AI can truly block 100% without blocking some good bots. This capability will never be in
AbleCommerce, nor should the developers spend any time on anything like this.

I suggest you try Cloudflare since this is more of their style. Unfortunately, you're looking for the business edition, which is about 250 per month. Even with their bot's detection AI, they are not 100% accurate.

Human intervention is required.

We have the business edition, and we swear by it, been there, done that; blocking is not the only tool available. There are other options as well, including serious monitoring, which AbleCommerce is not designed to do.

Unless you're willing to invest some money upfront, nothing the developers can do will fit your needs.

I hope this helps.

-Ray

AI is indeed needed because what might be considered a threat to you would not be considered a threat to someone else. Just because something gets written in the error log doesn't mean that it's a hack. I have people who sometimes don't get a shipping quote or search for something with a special character, addresses that don't match, and many other things that would trigger notifications in the error logs. They are not considered threats, at least by me.



If it's not that difficult, you should have no problem creating one yourself. AbleCommerce is a shopping cart platform to sell merchandise, not a platform to act as a heavy-duty, self-adjusting, and learning firewall. I seriously doubt they have the resources to do anything close to what many other platforms on the market have today that are geared specifically for this task.




In the last year, I've had zero suspicious requests; that's why I use Cloudflare. There are already many solutions today that you can implement, but they require that you open your wallet. At the very least, implement a better firewall on the server.

Respectfully,
-Ray

Additional notes: it is also important to note that many people are behind a corporate firewall; in my case, we use a Watch Guard appliance, there are at least 50 individual computers and network resources all using different IPs behind this appliance. However, you will only see one, the public IP.

So if one of my users triggers an IP restriction, you have blocked everyone in my company. Other larger corporations can have 10s of thousands of users in multiple locations, and all you see is one IP.

Furthermore, someone who truly wants to hack into your system will have access to proxies and multiple IPS that keep changing regularly. IP blocking should be used with extreme caution, and there are many other tools that are more effective.

Hope this helps.

Edited by user Monday, April 24, 2023 2:21:58 PM(UTC)  | Reason: Not specified

Even if AbleCommerce would even consider doing anything like this, which I seriously doubt because they're not built for this, it will take some time. You need action now.

Use the built-in firewall in AbleCommerce to block this IP.

Tell your hosting provider to block this IP using the Windows firewall.

If your hosting provider is using an appliance like WatchGuard, make sure that his subscription is up-to-date, as the appliance will block anything that's blacklisted. This IP is blacklisted.

Find another hosting provider, if necessary, that has better firewall capabilities.

Please note, I'm not trying to discourage you, I'm only adding a realistic ingredient to this conversation, if Magento enterprise does not include this feature (they rely on 3rd party) what makes you think AbleCommerce will at any future date?

Start looking for a cloud firewall that's not as expensive as Cloudflare (although they do a lot more); these are your only reasonable choices. IP blocking alone is not going to rectify your problem. You're going to need a third-party tool, and there are many out there.

Even the $20 per month monthly Cloudflare would provide more options than anything AbleCommerce can do. Again, if you're not willing to open your wallet, very little can be done.

I don't like paying $200 a month (the price just went up to $250 by the way, unless you go yearly) for this, but I don't have a choice.

Again, I hope this helps.

---

You could also try changing your robot.txt, although scammers usually ignore this file. I believe it would be something like this:

Disallow: */ProductReviewsPanel
Disallow: *page=

Edited by user Tuesday, April 25, 2023 12:56:39 PM(UTC)  | Reason: Not specified

Is there an easy way to use AbleCommerce with Cloudflare and if so how?