Announcement

Collapse
No announcement yet.

Abandoned Basket Emails & Authorization Failures - Carding Attacks

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • SidFeyDesigns
    replied
    It did just dawn on me how to fix the Abandoned Cart Email bounce backs for now.

    About 99% of these carding attacks add the cheapest products to the cart. Usually the same product at $9.95 and sometimes another at $14.95.

    So I set the Abandoned Basket Emails to only send if the subtotal is greater than $24.95 (incase they move to some other "low hanging fruit") and that has at least stopped all those emails from being triggered.

    Leave a comment:


  • nottheusual1
    replied
    Originally posted by SidFeyDesigns View Post
    nottheusual1 that's a great idea, but unfortunately the logs are telling me they are either in the US or using IP address masking.
    My condolences.....

    Leave a comment:


  • SidFeyDesigns
    replied
    Bruce - PhosphorMedia got it. Thanks for the suggestion. I'll give it a whirl.

    Leave a comment:


  • Bruce - PhosphorMedia
    replied
    Originally posted by SidFeyDesigns View Post
    Bruce - PhosphorMedia

    Thanks Bruce that may be our only option at this point, and yeah unfortunately there's no defense for that.

    What is interesting is the attempts are usually within a minute of each other and each attempt has different order number, "customer" address, and credit card info, leading me to believe there is a bot script involved.

    It would be pretty impressive for a human to fill out the required product options, add it to the cart, go to BASK, OCST, OSEL, OPAY and submit within 1 minute. (4 separate times within 1 minute)

    Unless of course they have a whole team doing it all at the same time.

    Do you think your honeypot/bot detection method used for the product reviews form could be applied to the add to cart form on the PROD page?

    If so, that would be something I would be happy to pay for if its not too much trouble.
    It probably is multiple people, however, they probably just create a form post page that automatically fills the basket I'd still lean towards just putting a block on the OSEL/OPAY transition.

    Leave a comment:


  • SidFeyDesigns
    replied
    nottheusual1 that's a great idea, but unfortunately the logs are telling me they are either in the US or using IP address masking.

    Leave a comment:


  • nottheusual1
    replied
    We were being attacked by a group in the Philippines doing exactly that. We block the country at the server. We only sell into North America, so no biggy. You should be able to see the source of the attacks in your server logs. May be a legit option.

    Leave a comment:


  • SidFeyDesigns
    replied
    Bruce - PhosphorMedia

    Thanks Bruce that may be our only option at this point, and yeah unfortunately there's no defense for that.

    What is interesting is the attempts are usually within a minute of each other and each attempt has different order number, "customer" address, and credit card info, leading me to believe there is a bot script involved.

    It would be pretty impressive for a human to fill out the required product options, add it to the cart, go to BASK, OCST, OSEL, OPAY and submit within 1 minute. (4 separate times within 1 minute)

    Unless of course they have a whole team doing it all at the same time.

    Do you think your honeypot/bot detection method used for the product reviews form could be applied to the add to cart form on the PROD page?

    If so, that would be something I would be happy to pay for if its not too much trouble.

    Leave a comment:


  • Bruce - PhosphorMedia
    replied
    RE: Prevention.

    Simplist thing might be a recaptcha on the OSEL to OPAY form. Though, be forewarned. Many of these BOT attempts are actually humans being paid 1 cent per attempt...

    Leave a comment:


  • Abandoned Basket Emails & Authorization Failures - Carding Attacks

    I was wondering if there is a way to disable the abandoned basket emails from being triggered to send when there is an authorization failure?

    The site is intermittently going through carding attacks and they are using bogus emails (surprise surprise) so there are a ton of undeliverable emails bouncing back.

    The number of carding attempts varies. Sometimes its 25-50 attempts in a night. Sometimes its 100-150. Over the weekends it can be over 500.

    This leads me to a couple more questions:

    When is the order number assigned to a basket?

    How successful has anyone been in combating these types of attacks and what did you do to help alleviate the issue?

    Thanks
Working...
X