Attacked by “card testing” – decline orders with origin unknown?

Hello sonic1243,

Thank you for your reply.

I understand you are using WooCommerce PayPal Payment.
Since this issue is concerned with security, it would be best to create a ticket via your WooCommerce.com account.

This way our Happiness Engineers can take a look at your site and guide you further about how to secure your site from such attacks.

Let me know if you have any more question. ??

Best regards.

I have submitted a ticket.. thanks.

Had to switch Card payments off, had 9 successful ‘card testing’ transactions now, refunded them. So the site is PayPal only until I can find a solution.

Hi @smd_ksu,

If you’re also facing a similar issue, I would recommend opening a new topic so that we can help with troubleshoot the issue with you.

@sonic1243, did you open a ticket with us? Have you already started receiving assistance or otherwise?

@sonic1243 That one line is all I added to the bottom of my functions.php file. I also think the Rewrite code is important which would go in the .htaccess file for most, or virtual host file for people who know how to use those.

That filter&rewrite hasn’t worked for me.. ?? had three failed ‘card testing’ orders, turned Card Payments back off again… Interestingly just noticed ‘draft’ orders show up; 37 ‘card testing’ drafts in there from the last few days and accumulating right now… must be while I’ve had Card Payments disabled.

Hi,

I also has this issue many card test which origin is unknown. the checkout page deploy reCapatcha but still cannot stop card test. I finally decide to ‘turn off guest checkout’ and ‘turn off allow customer to create account during checkout’. It seems stop card test temporarily.

Thanks,

Thanks lub, that post has been updated today and it says “the issue is in the Paypal woocommerce plugin” and provides a way to manually edit the core files…. I might try this…. but I will start a thread on the “PayPal Payments” plugin support as that’s who needs to see this. Cheers.

Hi @sonic1243,

Thanks lub, that post has been updated today and it says “the issue is in the Paypal woocommerce plugin” and provides a way to manually edit the core files…. I might try this…. but I will start a thread on the “PayPal Payments” plugin support as that’s who needs to see this. Cheers.

Starting a thread on the “PayPal Payments” plugin support is a great idea.

While you can certainly try the manual edit suggested in the post, I must advise caution. Editing core files can sometimes lead to more complications if not done correctly.

With that said, allow me to mark this thread as solved now as we’ve identified the issue to be associated with the PayPal Payments and not the core WooCommerce plugin.

Thank you for your patience and understanding.

No, I isolated the problem to the Woocommecre PayPal plugin, deactivate it and problem orders stopped, activated it and it came back.

I have switched off the card payment but kept the plugin activated and we do not have that problem.

Just to conclude, I have a working ‘fix’ in place thanks to denialdesign: https://www.denialdesign.co.uk/blocking-card-testing-attacks-in-woocommerce/

See this thread on the PayPal Payments plugin for further discussion: https://www.ads-software.com/support/topic/attacked-by-card-testing-origin-unknown/

Hello sonic1243,

Thank you for your reply.

I am glad to know that you have resolved the issue.
I appreciate you for sharing the solution here.

Have a great day!