Talking with some others about serious fraud on their X stores.
We need the following tools available to stop spammers/fraudsters.
Ban Users/Block users by the following methods:
1- IP Address
2- Username
3- Email Address
4- Credit Card #
This is essential.
…I also think we should keep more info on a user. like storing any/all ip’s they used while logged in, and have the ability to ban one or all of the ip’s that user ever used…
Instant admin notification if a user tries to use a banned Credit card, along with their IP, username, email addy.
another feature…which we need which xcrap refused to implement is we noticed on several occassions some real ingenious idiots attempted to login into our admin area. What we would like to happen is when someone enters a failed admin login more then 3 times to have CS record and automatically ban that IP address. Would be nice to have the ability to specify how many login attemps before automatically banning the intrusive ip address.
[quote name=‘snorocket’]another feature…which we need which xcrap refused to implement is we noticed on several occassions some real ingenious idiots attempted to login into our admin area. What we would like to happen is when someone enters a failed admin login more then 3 times to have CS record and automatically ban that IP address. Would be nice to have the ability to specify how many login attemps before automatically banning the intrusive ip address.[/quote]
Excellent idea!
I have not been a victim of fraud in the past but am keen on all of these features.
Perhaps even be able to set it so you can only log in to the admin area if you have a certain IP - be able to enter an IP, or a list of IPs who are able to login.
Simon
[quote name=‘recedo’]I have not been a victim of fraud in the past but am keen on all of these features.
Perhaps even be able to set it so you can only log in to the admin area if you have a certain IP - be able to enter an IP, or a list of IPs who are able to login.
Simon[/QUOTE]
This is starting to be a common practice as well, I personally would’nt use it because I’m on the road alot but this would be a good feature for someone who’s business is stationary.
Making it so that only a certain IP can login to the admin area would be pretty easy. Here’s a simple example:
if ($ip != 'MY.IP.ADDRESS')
{
echo '
You are gay dude
';}
else
{
rest of pages code
}
?>
This might even work for you :)
Thanks for the code! Thinking about it, couldn’t this be done easily in an .htaccess file??
Simon
Yes it can.
why not add multiple level of access like for level of admin login
1- login…user name login /password
2- added with it is the captcha will get rid of robots or crawlers
3- added to that is a secret question
forgot ip…
chahine
There are some great ideas here.
[QUOTE]Thanks for the code! Thinking about it, couldn’t this be done easily in an .htaccess file??[/QUOTE]
Interesting.
How can I just allow a couple of IP addresses to access my admin page using .htaccess?
Many thanks
[quote name=‘granthams’]
How can I just allow a couple of IP addresses to access my admin page using .htaccess?[/QUOTE]
[url]htaccess deny allow[/url] - Google Suche
Thanks Zyles.
I found this one particularly helpful at - [URL=“htaccess”]http://home.golden.net/htaccess.html[/URL]
The group function could be very useful.
I take it for this to work we would need to move the admin.php file to a directory and update the path in config.php
line 56 - $admin_index = ‘admin.php’; to something like $admin_index = ‘newdirectory/admin.php’;
Many thanks
You can also change admin.php to somethingelse.php.
I did this when I could bring up the admin login page on many sites simply by looking for admin.php. Here are the instructions from cs cart support to change admin.php to backend.php (as an example).
Yes, you are able to rename admin.php to something more complex
Once you rename the file you must make a change in the “config.php” file to support the new name you gave the “admin.php” file.
The way of accomplishing this is step by step below:
- Rename “admin.php” on the server to whatever you like, for example:
backend.php
- Download “config.php”(that is located in the root directory of your CS-Cart location) from your server and open it in a notepad.
- Change the following line in “config.php” to reflect the changes you made:
$admin_index = ‘admin.php’;
to
$admin_index = ‘backend.php’;
- Save the “config.php” file.
That is all. I hope it is clear.
[quote name=‘recedo’]I have not been a victim of fraud in the past but am keen on all of these features.
Perhaps even be able to set it so you can only log in to the admin area if you have a certain IP - be able to enter an IP, or a list of IPs who are able to login.
Simon[/QUOTE]
Would this only work though if you had a dedicated IP yourself, just a thought ?
Oh, and good luck if anyone attempts to get in my admin as its pretty much secure, though nothing is 100%
no, you most likely also have a dns with your isp.
that will stay the same, so you can use that…