Jump to content

Welcome, Guest!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

  • 0
bhtoys

Over 1100 declined CC's in 20 minutes.

Question

Posted (edited)

My site is being hammered with fraudulent credit cards, attempting to verify a stolen credit card list. over 1100 so far. (Card testing)

Is there a module or something that will allow me to get the IP address  of each person adding items to a cart, or that creates an account so I can:

1) Block It

2) Give the information to my merchant account. 

cctesting.jpg

Edited by bhtoys

Share this post


Link to post
Share on other sites

10 answers to this question

Recommended Posts

  • 0

In the stats menu you can click on visitors online that shows the IP address so may help

Probably your server logs also. 

Share this post


Link to post
Share on other sites
  • 0

If you are using paypal pro they will ban you. You have a couple options, one would be to move the server behind cloudflare and then enable the under attack. Another would be to add a brute force protection to your payment module. We have done this before where we log all of the ips for failed transactions, then after the 3rd one ban it from the site. Sometimes this works, other times they just rotate ips out. Another solution might be to rename a couple form elements in the checkout or the payment module, that will usually break their script for a point. They could fix it, or they might decide to move to a different site. I would use cloudflare with one of those other suggestions though.  

Share this post


Link to post
Share on other sites
  • 0
1 hour ago, lesley said:

If you are using paypal pro they will ban you. You have a couple options, one would be to move the server behind cloudflare and then enable the under attack. Another would be to add a brute force protection to your payment module. We have done this before where we log all of the ips for failed transactions, then after the 3rd one ban it from the site. Sometimes this works, other times they just rotate ips out. Another solution might be to rename a couple form elements in the checkout or the payment module, that will usually break their script for a point. They could fix it, or they might decide to move to a different site. I would use cloudflare with one of those other suggestions though.  

No, I'm using Moneris. A Canadian processing company. I've spoken with them, they don't seem worried about it that much. 
My hosting company said they should be able to block the entire area since I don't ever plan on shipping there anyway. (Philippines)

Share this post


Link to post
Share on other sites
  • 0
20 hours ago, bhtoys said:


My hosting company said they should be able to block the entire area since I don't ever plan on shipping there anyway. (Philippines)

I would take this route to start with.. The TB google captcha is brilliant.. I used to get literally thousands of emails until I started using it..Not 1 since 

Good luck though

 

Share this post


Link to post
Share on other sites
  • 0
1 hour ago, AndyC said:

The TB google captcha is brilliant

That's great for Google and its business, but what happens when Google's products don't work as they did a few weeks ago?

Also, how do you manage your customers' data with Google, do you inform your customers that you share all their data with Google and if so, do you know how to reference all the data transmitted to Google?

I'm that it's a lost debate, but I remind you of the obvious things that if you install a Google product on your site you share everything with Google and therefore you have an obligation to inform your customers, and I'm not even talking about services that close, become paying, like Maps that displays beautiful dead maps on millions of sites.

Share this post


Link to post
Share on other sites
  • 0
2 hours ago, Mediacom87 said:

That's great for Google and its business, but what happens when Google's products don't work as they did a few weeks ago?

Also, how do you manage your customers' data with Google, do you inform your customers that you share all their data with Google and if so, do you know how to reference all the data transmitted to Google?

I'm that it's a lost debate, but I remind you of the obvious things that if you install a Google product on your site you share everything with Google and therefore you have an obligation to inform your customers, and I'm not even talking about services that close, become paying, like Maps that displays beautiful dead maps on millions of sites.

Utilise HCaptcha, not a Google product, and just as effective. Also has a revenue sharing model for completed captchas.

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
11 hours ago, connorgreig said:

Utilise HCaptcha, not a Google product, and just as effective. Also has a revenue sharing model for completed captchas.

is coding involved? Or is it just a module I install? 

I guess one comes with ThirtyBees, but it let two accounts in tonight. One made an order for $200 which i had to refund. 

 

Share this post


Link to post
Share on other sites
  • 0
On 1/11/2021 at 4:00 AM, bhtoys said:

is coding involved? Or is it just a module I install? 

I guess one comes with ThirtyBees, but it let two accounts in tonight. One made an order for $200 which i had to refund. 

 

I've Dm'd you on here to provide assistance. HCaptcha can be implemented easily through Cloudflare. As well as in the ThirtyBees PHP 🙂  Thanks, Connor

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...