Fake Order Attack

  • Resolved Trinitech

    (@trinitech)


    1 year, 4 months ago

    Hi,

    We have been using this plugin successfully for a while but have recently been targeted by fraudulent payment attempts. A fake order is created then 100s of payment attempts are made (30/min) from our checkout page, causing severs resource issues on our server. The payment attempts are rejected by the gateway (Braintree) as our fraud rules are solid (acknowledged by their support staff). We have also restricted API calls on our server, but the problem persists. Is there a vulnerability in the plugin that allows this behaviour? Is there any way we can control the plugin to prevent these attacks?

    Any help greatly appreciated.

Viewing 1 replies (of 1 total)
  • Plugin Author Payment Plugins

    (@mrclayton)

    Hi @trinitech

    There isn’t a vulnerability in the plugin, you just have a card testing attack that’s continually hitting your checkout page.

    WooCommerce doesn’t implement a rate limiter during the checkout experience.

    The best way to stop it would be to add a reCAPTCHA plugin to your checkout page which will mitigate the number of requests.

    You could also add an IP blocking protocol via your host if they support that.

    Kind Regards

Viewing 1 replies (of 1 total)
  • The topic ‘Fake Order Attack’ is closed to new replies.