Page 1 of 1

Block Countries by Geo Code (BIN Attack)

Posted: Mon Dec 07, 2020 8:15 am
by eWarrior
I am experiencing a BIN attack on our website where an automated script has now attempted over 16,000 credit card transactions!

Until I can implement a more advanced security method, I would like to block the checkout from the countries where the attacks originate from. I have tried the code below.

Code: Select all

RewriteCond %{QUERY_STRING} ^route=checkout/checkout$
RewriteCond %{ENV:IP2LOCATION_COUNTRY_SHORT} ^US$
RewriteRule ^(.*)$ https://www.website.com.au/ [L]
Alternatively, I could set this to block all except Australia.

Code: Select all

RewriteCond %{QUERY_STRING} ^route=checkout/checkout$
RewriteCond !%{ENV:IP2LOCATION_COUNTRY_SHORT} ^AU$
RewriteRule ^(.*)$ https://www.website.com.au/ [L]
Unfortunately, the htaccess code does not appear to be working. Any advice here?

Re: Block Countries by Geo Code (BIN Attack)

Posted: Mon Dec 07, 2020 8:44 am
by by mona

Re: Block Countries by Geo Code (BIN Attack)

Posted: Mon Dec 07, 2020 8:49 am
by eWarrior
Thank you Mona,

I have read every one of those posts. Please note that in my post I have provided specific code and I have stated it is not working. I believe it might be the "checkout/checkout" test as I have removed geo code rewrite condition and the redirect from the checkout to the home page still does not work.

I really would prefer to block only the checkout as apposed to the entire site.

So to clarify, even this does not work (I am just using this to test the checkout condition without the geo condition in the previous post):

Code: Select all

RewriteCond %{QUERY_STRING} ^route=checkout/checkout$
RewriteRule ^(.*)$ https://www.website.com.au/ [L]
Would anyone know why this would not work?

Re: Block Countries by Geo Code (BIN Attack)

Posted: Mon Dec 07, 2020 9:23 am
by by mona
No I didn’t see you were trying to do it for one page only sorry ..

Just as a suggestion .. have you tried to add a htaccess file to the checkout folder?

IP_CAM is the master of blocking tips in htaccess, I am sure he will know better.

This should do what you want
https://www.opencart.com/index.php?rout ... 20checkout

Re: Block Countries by Geo Code (BIN Attack)

Posted: Mon Dec 07, 2020 2:35 pm
by eWarrior
by mona wrote:
Mon Dec 07, 2020 9:23 am
Just as a suggestion .. have you tried to add a htaccess file to the checkout folder?
That would only work for static assets, such as an image directory or a static HTML page. As the pages for OpenCart are dynamic (PHP), this is not an option unfortunately.

I will take a look at the other extension you recommended and see if I can modify the code to make this work on an older 1.5.x OpenCart install.

I still feel the htaccess approach would be simpler. I am just a little stumped at why I can't get the "route=checkout/checkout" RewriteCond to redirect to the home page. Once I can figure out how to make this work, I can then look at adding in the geo codes.

Re: Block Countries by Geo Code (BIN Attack)

Posted: Mon Dec 07, 2020 5:50 pm
by JNeuhoff
In a sense it's somewhat similar to automated spambots except that in a BIN attack it also has to go through the checkout guest or checkout registration steps. You can verify this by checking your server's access.log. If the attacker does indeed go through these checkout steps then our SpamBot Buster tool can catch them when filling in the guest or account registration details during the checkout, and cause the OpenCart server to respond with a 403 error (access denied), hence no harm done.

Re: Block Countries by Geo Code (BIN Attack)

Posted: Tue Dec 08, 2020 11:29 am
by ip2location
Hi, the solution below should work for you.

1. Go to https://www.ip2location.com/free/visitor-blocker
2. Generate Australia Apache Allow List.
3. Add the list to .htaccess.

Re: Block Countries by Geo Code (BIN Attack)

Posted: Wed Dec 09, 2020 8:48 am
by eWarrior
Thank you for the replies, but I modified the code to set forbidden access in a different manner.

The code below works perfectly (a new rule is added for each page that I wish to block).

For IP2Location:

Code: Select all

RewriteCond %{ENV:IP2LOCATION_COUNTRY_SHORT} !^AU$
RewriteRule ^checkout/checkout$ - [F,L]
Or for MaxMind GeoIP2:

Code: Select all

RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^AU$
RewriteRule ^checkout/checkout$ - [F,L]
I do realise that it is an extreme step to block all international visitors from accessing the checkout page, but this will suffice until I can work on a more advanced method.

Re: Block Countries by Geo Code (BIN Attack)

Posted: Wed Dec 09, 2020 6:19 pm
by by mona
Thank you for returning with your solution :ok:

Please mark the title as [SOLVED] at the front, someone in the future may benefit from your post.

Re: Block Countries by Geo Code (BIN Attack)

Posted: Sun Jan 24, 2021 1:37 am
by gitbro
Hi, try this site

https://lonewolfonline.net/blocking-web ... untry-php/

I made one using this but added a bit to it i will post my one if anyone wants it.

Re: Block Countries by Geo Code (BIN Attack)

Posted: Sun Jan 24, 2021 3:04 am
by johnp
Stick CIDRAM and Ninja Firewall on and you'll be fine.

https://github.com/CIDRAM/CIDRAM

https://nintechnet.com