Post by eWarrior » Mon Dec 07, 2020 8:15 am

I am experiencing a BIN attack on our website where an automated script has now attempted over 16,000 credit card transactions!

Until I can implement a more advanced security method, I would like to block the checkout from the countries where the attacks originate from. I have tried the code below.

Code: Select all

RewriteCond %{QUERY_STRING} ^route=checkout/checkout$
RewriteCond %{ENV:IP2LOCATION_COUNTRY_SHORT} ^US$
RewriteRule ^(.*)$ https://www.website.com.au/ [L]
Alternatively, I could set this to block all except Australia.

Code: Select all

RewriteCond %{QUERY_STRING} ^route=checkout/checkout$
RewriteCond !%{ENV:IP2LOCATION_COUNTRY_SHORT} ^AU$
RewriteRule ^(.*)$ https://www.website.com.au/ [L]
Unfortunately, the htaccess code does not appear to be working. Any advice here?
Last edited by eWarrior on Wed Dec 09, 2020 8:52 am, edited 2 times in total.

New member

Posts

Joined
Wed Aug 29, 2012 4:27 pm

Post by eWarrior » Mon Dec 07, 2020 8:49 am

Thank you Mona,

I have read every one of those posts. Please note that in my post I have provided specific code and I have stated it is not working. I believe it might be the "checkout/checkout" test as I have removed geo code rewrite condition and the redirect from the checkout to the home page still does not work.

I really would prefer to block only the checkout as apposed to the entire site.

So to clarify, even this does not work (I am just using this to test the checkout condition without the geo condition in the previous post):

Code: Select all

RewriteCond %{QUERY_STRING} ^route=checkout/checkout$
RewriteRule ^(.*)$ https://www.website.com.au/ [L]
Would anyone know why this would not work?

New member

Posts

Joined
Wed Aug 29, 2012 4:27 pm

Post by by mona » Mon Dec 07, 2020 9:23 am

No I didn’t see you were trying to do it for one page only sorry ..

Just as a suggestion .. have you tried to add a htaccess file to the checkout folder?

IP_CAM is the master of blocking tips in htaccess, I am sure he will know better.

This should do what you want
https://www.opencart.com/index.php?rout ... 20checkout

DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.


https://www.youtube.com/watch?v=zXIxDoCRc84


User avatar
Expert Member

Posts

Joined
Mon Jun 10, 2019 9:31 am

Post by eWarrior » Mon Dec 07, 2020 2:35 pm

by mona wrote:
Mon Dec 07, 2020 9:23 am
Just as a suggestion .. have you tried to add a htaccess file to the checkout folder?
That would only work for static assets, such as an image directory or a static HTML page. As the pages for OpenCart are dynamic (PHP), this is not an option unfortunately.

I will take a look at the other extension you recommended and see if I can modify the code to make this work on an older 1.5.x OpenCart install.

I still feel the htaccess approach would be simpler. I am just a little stumped at why I can't get the "route=checkout/checkout" RewriteCond to redirect to the home page. Once I can figure out how to make this work, I can then look at adding in the geo codes.

New member

Posts

Joined
Wed Aug 29, 2012 4:27 pm

Post by JNeuhoff » Mon Dec 07, 2020 5:50 pm

In a sense it's somewhat similar to automated spambots except that in a BIN attack it also has to go through the checkout guest or checkout registration steps. You can verify this by checking your server's access.log. If the attacker does indeed go through these checkout steps then our SpamBot Buster tool can catch them when filling in the guest or account registration details during the checkout, and cause the OpenCart server to respond with a 403 error (access denied), hence no harm done.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by ip2location » Tue Dec 08, 2020 11:29 am

Hi, the solution below should work for you.

1. Go to https://www.ip2location.com/free/visitor-blocker
2. Generate Australia Apache Allow List.
3. Add the list to .htaccess.

Newbie

Posts

Joined
Tue Dec 08, 2020 11:12 am

Post by eWarrior » Wed Dec 09, 2020 8:48 am

Thank you for the replies, but I modified the code to set forbidden access in a different manner.

The code below works perfectly (a new rule is added for each page that I wish to block).

For IP2Location:

Code: Select all

RewriteCond %{ENV:IP2LOCATION_COUNTRY_SHORT} !^AU$
RewriteRule ^checkout/checkout$ - [F,L]
Or for MaxMind GeoIP2:

Code: Select all

RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^AU$
RewriteRule ^checkout/checkout$ - [F,L]
I do realise that it is an extreme step to block all international visitors from accessing the checkout page, but this will suffice until I can work on a more advanced method.

New member

Posts

Joined
Wed Aug 29, 2012 4:27 pm

Post by by mona » Wed Dec 09, 2020 6:19 pm

Thank you for returning with your solution :ok:

Please mark the title as [SOLVED] at the front, someone in the future may benefit from your post.

DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.


https://www.youtube.com/watch?v=zXIxDoCRc84


User avatar
Expert Member

Posts

Joined
Mon Jun 10, 2019 9:31 am

Post by gitbro » Sun Jan 24, 2021 1:37 am

Hi, try this site

https://lonewolfonline.net/blocking-web ... untry-php/

I made one using this but added a bit to it i will post my one if anyone wants it.

New member

Posts

Joined
Sat Oct 31, 2015 6:58 am

Post by johnp » Sun Jan 24, 2021 3:04 am

Stick CIDRAM and Ninja Firewall on and you'll be fine.

https://github.com/CIDRAM/CIDRAM

https://nintechnet.com

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK
Who is online

Users browsing this forum: Ahrefs [Bot] and 138 guests