Author Topic: Issue with credit card brute force  (Read 9309 times)

Offline mgcby2001

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Issue with credit card brute force
« on: March 04, 2021, 05:49:29 PM »
Someone just use my website to brute force cardconnect. Now, cardconnect requires me to have Captcha in the payment form.
Also, they require me to lock down the user if there are 3 failed payment or so on.

How to do that?

Offline abolabo

  • core-developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 2046
  • Karma: +318/-13
  • web for all, all for web!
    • View Profile
    • AbanteCart
Re: Issue with credit card brute force
« Reply #1 on: March 05, 2021, 03:18:04 AM »
what version of abantecart do you use?
“No one is useless in this world who lightens the burdens of another.”
― Charles Dickens

Offline Basara

  • Administrator
  • Hero Member
  • *****
  • Posts: 5774
  • Karma: +274/-2
    • View Profile
Re: Issue with credit card brute force
« Reply #2 on: March 05, 2021, 06:29:01 AM »
Hello.
Disable Guest checkout in the AbanteCart settings. You can enable the reCaptcha for customer registration form

Offline maxter

  • Full Member
  • ***
  • Posts: 228
  • Karma: +64/-0
    • View Profile
Re: Issue with credit card brute force
« Reply #3 on: March 05, 2021, 09:13:56 AM »
The easiest solution is to block guest checkout. If you still want a guest checkout, you would need to program Captcha into the process. This requires some coding skills.

Also, you can change the payment provider to Stripe, for instance. I think they have better way of handling this.

Offline mgcby2001

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Issue with credit card brute force
« Reply #4 on: March 07, 2021, 10:15:11 AM »
1.2.16

Offline mgcby2001

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Issue with credit card brute force
« Reply #5 on: March 07, 2021, 10:16:25 AM »
I disabled the guest check out. However, the credit card processor requires Captcha in the check out as requirement for now.

Offline usphil

  • Newbie
  • *
  • Posts: 2
  • Karma: +1/-0
    • View Profile
Re: Issue with credit card brute force
« Reply #6 on: April 14, 2022, 02:24:15 AM »
I also encountered this case. Someone enters more than 7,000 times in the credit card number input box.

Now Cardconnect has disabled my account, until I can add Captcha in this section.

Don't know if this issue has been updated in the latest versions. I am still using the old version 1.2.15.

I can pay someone who can help me to add the captcha to this section.

Offline Basara

  • Administrator
  • Hero Member
  • *****
  • Posts: 5774
  • Karma: +274/-2
    • View Profile
Re: Issue with credit card brute force
« Reply #7 on: April 14, 2022, 06:17:49 AM »
Hello.
Disable the Guest checkout, enable the captcha for account registration and you can enable the new accounts email verification to prevent fake emails to register.
https://abantecart.atlassian.net/wiki/spaces/AD/pages/6094921/Captcha+on+create+account
https://abantecart.atlassian.net/wiki/spaces/AD/pages/6258768/Google+reCAPTCHA
https://abantecart.atlassian.net/wiki/spaces/AD/pages/6815852/Email+Activation
« Last Edit: April 14, 2022, 08:21:54 AM by Basara »

Offline usphil

  • Newbie
  • *
  • Posts: 2
  • Karma: +1/-0
    • View Profile
Re: Issue with credit card brute force
« Reply #8 on: April 14, 2022, 04:18:37 PM »
I have done all your tips.

Thank you for your support.

BTW, Just signed up with Stripe instead of Cardconnect and I feel so much better.

Offline miazanurrahmand

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Issue with credit card brute force
« Reply #9 on: November 28, 2022, 09:57:51 AM »
Thanks for the tips.

Offline vignesh895623

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
    • ISO 13485 Certification in Singapore
Re: Issue with credit card brute force
« Reply #10 on: November 29, 2022, 05:05:33 AM »
what version you are using in current tyr to check it

Offline Basara

  • Administrator
  • Hero Member
  • *****
  • Posts: 5774
  • Karma: +274/-2
    • View Profile
Re: Issue with credit card brute force
« Reply #11 on: August 03, 2023, 05:22:43 AM »
Someone just use my website to brute force cardconnect. Now, cardconnect requires me to have Captcha in the payment form.
Also, they require me to lock down the user if there are 3 failed payment or so on.

How to do that?

Hello. You can add Recaptcha to the checkout with the Order Attributes 3rd party extension

 

Powered by SMFPacks Social Login Mod