Jump to content
thirty bees forum
  • 0

Over 1100 declined CC's in 20 minutes.

bhtoys

Asked by bhtoys,

 Share

Question

bhtoys Enthusiast

bhtoys

Posted
Posted (edited)

My site is being hammered with fraudulent credit cards, attempting to verify a stolen credit card list. over 1100 so far. (Card testing)

Is there a module or something that will allow me to get the IP address  of each person adding items to a cart, or that creates an account so I can:

1) Block It

2) Give the information to my merchant account. 

cctesting.jpg

Edited by bhtoys

10 answers to this question

Recommended Posts

  • 0
lesley Newbie

lesley

Posted
Posted

If you are using paypal pro they will ban you. You have a couple options, one would be to move the server behind cloudflare and then enable the under attack. Another would be to add a brute force protection to your payment module. We have done this before where we log all of the ips for failed transactions, then after the 3rd one ban it from the site. Sometimes this works, other times they just rotate ips out. Another solution might be to rename a couple form elements in the checkout or the payment module, that will usually break their script for a point. They could fix it, or they might decide to move to a different site. I would use cloudflare with one of those other suggestions though.  

  • 0
bhtoys Enthusiast

bhtoys

Posted
  • Author
Posted
1 hour ago, lesley said:

If you are using paypal pro they will ban you. You have a couple options, one would be to move the server behind cloudflare and then enable the under attack. Another would be to add a brute force protection to your payment module. We have done this before where we log all of the ips for failed transactions, then after the 3rd one ban it from the site. Sometimes this works, other times they just rotate ips out. Another solution might be to rename a couple form elements in the checkout or the payment module, that will usually break their script for a point. They could fix it, or they might decide to move to a different site. I would use cloudflare with one of those other suggestions though.  

No, I'm using Moneris. A Canadian processing company. I've spoken with them, they don't seem worried about it that much. 
My hosting company said they should be able to block the entire area since I don't ever plan on shipping there anyway. (Philippines)

  • 0
AndyC Enthusiast

AndyC

Posted
Posted
20 hours ago, bhtoys said:


My hosting company said they should be able to block the entire area since I don't ever plan on shipping there anyway. (Philippines)

I would take this route to start with.. The TB google captcha is brilliant.. I used to get literally thousands of emails until I started using it..Not 1 since 

Good luck though

 

  • 0
Mediacom87 Community Regular

Mediacom87

Posted
Posted
1 hour ago, AndyC said:

The TB google captcha is brilliant

That's great for Google and its business, but what happens when Google's products don't work as they did a few weeks ago?

Also, how do you manage your customers' data with Google, do you inform your customers that you share all their data with Google and if so, do you know how to reference all the data transmitted to Google?

I'm that it's a lost debate, but I remind you of the obvious things that if you install a Google product on your site you share everything with Google and therefore you have an obligation to inform your customers, and I'm not even talking about services that close, become paying, like Maps that displays beautiful dead maps on millions of sites.

  • 0
connorgreig Newbie

connorgreig

Posted
Posted
2 hours ago, Mediacom87 said:

That's great for Google and its business, but what happens when Google's products don't work as they did a few weeks ago?

Also, how do you manage your customers' data with Google, do you inform your customers that you share all their data with Google and if so, do you know how to reference all the data transmitted to Google?

I'm that it's a lost debate, but I remind you of the obvious things that if you install a Google product on your site you share everything with Google and therefore you have an obligation to inform your customers, and I'm not even talking about services that close, become paying, like Maps that displays beautiful dead maps on millions of sites.

Utilise HCaptcha, not a Google product, and just as effective. Also has a revenue sharing model for completed captchas.

  • Like 1
  • 0
bhtoys Enthusiast

bhtoys

Posted
  • Author
Posted
11 hours ago, connorgreig said:

Utilise HCaptcha, not a Google product, and just as effective. Also has a revenue sharing model for completed captchas.

is coding involved? Or is it just a module I install? 

I guess one comes with ThirtyBees, but it let two accounts in tonight. One made an order for $200 which i had to refund. 

 

  • 0
connorgreig Newbie

connorgreig

Posted
Posted
On 1/11/2021 at 4:00 AM, bhtoys said:

is coding involved? Or is it just a module I install? 

I guess one comes with ThirtyBees, but it let two accounts in tonight. One made an order for $200 which i had to refund. 

 

I've Dm'd you on here to provide assistance. HCaptcha can be implemented easily through Cloudflare. As well as in the ThirtyBees PHP 🙂  Thanks, Connor

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to question listing
×
×
  • Create New...