You have no items in your shopping cart.

Thursday, June 17, 2021 8:11:06 PM

Feature Requests

Avatar

Posted: 6 years ago

#480 Quote

Support

Posted: 6 years ago

#480 Quote
Here you can order a new plug-in functionality.
Avatar

Posted: 5 years ago

#1769 Quote

objecta

Posted: 5 years ago

#1769 Quote
I recently purchased the NopIPFilter plugin to help stop unwanted requests on one of our customers site.

Until we purchased the plugin we used the query below to find unwanted requests, and added them to a blocking IP list in the web.config file.

SELECT distinct [IpAddress], '<add ipAddress="' + [IpAddress] + '"/>'
  FROM [energy-nop].[dbo].[Log]
  where ShortMessage like 'The file %' or ShortMessage like 'The controller for path %'
  order by IpAddress

After we installed the NopIPFilter all the "'The controller for path " requests seems to has disappeared, but all the "'The file " is stilling showing up.

Is there any way to added the filtering for "'The file " to the NopIPFilter?

Best regards
Objecta Data
Denmark
Avatar

Posted: 5 years ago

#1770 Quote

Support

Posted: 5 years ago

#1770 Quote
What NopCommerce version do you use?
I'll add new feature. You will be able to set the word phrases yourself.

Avatar

Posted: 5 years ago

#1771 Quote

objecta

Posted: 5 years ago

#1771 Quote
Thank You very much for Your reply.

I have installed the plugin on nopCommerce Ver. 3.50.

Looking forward to the update.

Best Regards
Objecta Data
Denmark
Avatar

Posted: 5 years ago

#1772 Quote

Support

Posted: 5 years ago

#1772 Quote
Download the new version from our site. Replace plugin folder (all files) and restart your site.
Open all setting for Nop store and look for the value "ipfiltersettings.hackpatterns".

Version 2.06 - May 04, 2016

+ added a new parameter "ipfiltersettings.hackpatterns". The store's owner can set rules for looking for hacker's attacks (comma-separated).


Thank you for your idea.
Avatar

Posted: 5 years ago

#1773 Quote

objecta

Posted: 5 years ago

#1773 Quote
Thank You very much for the update.

I have now updated our site and added the following phrases:

was not found or does not implement icontroller,the controller for path '/, the file '/

There are still some requests showing up in the log, that should have been cought by the filter

The file '/products.132/f((brand/3T.1049831)(category/Track-Bars.1334))/3T-Scatto.1048980.aspx' does not exist.
The controller for path '/Brands.134/Vredestein.1049822.aspx' was not found or does not implement IController

Best regards
Objecta Data
Denmark
Avatar

Posted: 5 years ago

#1774 Quote

Support

Posted: 5 years ago

#1774 Quote
IIS couldn't update internal .NET cache.
Open the file Global.asax and add spacebar to the end of the file and save. After it IIS recreate internal cache.
Write me about result.
Avatar

Posted: 5 years ago

#1782 Quote

objecta

Posted: 5 years ago

#1782 Quote
Hi

I have been watching the log for the last 3-4 days and there are still showing entries up in the log that I would expect the IP Filter plugin to block.

Please take a look at the log from this link https://onedrive.live.com/view.aspx?resid=409A5CD59EBD6DB2!64328&ithint=file%2cxlsx&app=Excel&authkey=!AMI7h-R6FI0MHYY

Below You can see my current settings for "ipfiltersettings.hackpatterns"

was not found or does not implement icontroller,the controller for path '/, the file '/

Best regards
Objecta Data
Denmark
Avatar

Posted: 5 years ago

#1783 Quote

Support

Posted: 5 years ago

#1783 Quote
Plugin uses the next patterns for getting hacker attacks.

was not found or does not implement icontroller
hacker

You can add new pattern
.aspx' does not exist.

But I recommend you to deny all .aspx and .php files in Web.config. If you don't use old Nop 1.*version it will be more effective solution.


        <rewrite>
            <rules>
                <clear />
            <rule name="BlockASPXfiles" patternSyntax="Wildcard">
                <match url="*" />
                <conditions>
                    <add input="{URL}" pattern="*.aspx*" />
                </conditions>
                <action type="AbortRequest" />
            </rule>
            <rule name="BlockPHPfiles" patternSyntax="Wildcard">
                <match url="*" />
                <conditions>
                    <add input="{URL}" pattern="*.php*" />
                </conditions>
                <action type="AbortRequest" />
            </rule>
            </rules>
        </rewrite>


The new pattern for ipfiltersettings.hackpatterns

was not found or does not implement icontroller, hacker, .aspx' does not exist, .php' does not exist.

Powered by nopCommerce

Copyright © 2019 FoxNetSoft. All rights reserved