Post by iroquois » Thu Aug 26, 2021 12:13 am

We are using 1.5.5.1 version and recently our site was attacked by hackers trying to use stolen credit cards. Because we did not have any measures in place they were able to use our site to find cards they could use...meaning we had over $3000 in credit card fees for them trying to put transactions through.
Is there any module we can add that would make it so if a robot (or person) could not keep trying credit card numbers...like after 2-10 tries it stops their account or some kind of security like that. Maybe a captcha they have to enter to finish check out. Any help would be appreciated. Thank you
Last edited by iroquois on Fri Aug 27, 2021 4:50 am, edited 1 time in total.

Newbie

Posts

Joined
Thu Aug 26, 2021 12:09 am

Post by straightlight » Thu Aug 26, 2021 1:27 am

iroquois wrote:
Thu Aug 26, 2021 12:13 am
We are using 1.5.5.1 version and recently our site was attacked by hackers trying to use stolen credit cards. Because we did not have any measures in place they were able to use our site to find cards they could use...meaning we had over $3000 in credit card fees for them trying to put transactions through.
Is there any module we can add that would make it so if a robot (or person) could not keep trying credit card numbers...like after 2-10 tries it stops their account or some kind of security like that. Maybe a captcha they have to enter to finish check out. Any help would be appreciated. Thank you
Solution for credit card numbers: Don't store them in your local database, use a certified payment provider.
Solution to ban an account: Customer Approval account since multiple and constant accounts can still be created automatically otherwise and you'll just keep banning them whether it's by IP address or by account.

Solution for Captcha: Won't prevent these types of attacks.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ADD Creative » Thu Aug 26, 2021 4:11 pm

iroquois wrote:
Thu Aug 26, 2021 12:13 am
We are using 1.5.5.1 version and recently our site was attacked by hackers trying to use stolen credit cards. Because we did not have any measures in place they were able to use our site to find cards they could use...meaning we had over $3000 in credit card fees for them trying to put transactions through.
Is there any module we can add that would make it so if a robot (or person) could not keep trying credit card numbers...like after 2-10 tries it stops their account or some kind of security like that. Maybe a captcha they have to enter to finish check out. Any help would be appreciated. Thank you
It would depend on the payment module used and where the weakness is.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by Johnathan » Thu Aug 26, 2021 10:01 pm

Add Creative is right, this depends totally on the payment extension itself. If it's a commercial one, you should contact the developer about adding a captcha, or a payment attempt count, so it blocks payments after a certain number of attempts.

If it's a built-in payment extension, then you'll probably need to hire someone to modify it for you. If you need to find a developer, you can post a request in the OpenCart "Commercial Support" forum, which is checked by a number of OpenCart developers. You can also try checking out the OpenCart "Partners" area.

Image Image Image Image Image


User avatar
Administrator

Posts

Joined
Fri Dec 18, 2009 3:08 am


Post by iroquois » Fri Aug 27, 2021 4:50 am

We use Authorize Net (eprocessingnetwork) that is in open cart already. They are charging us for every transaction that was tried. They said it is on our end to make sure that someone can't keep entering a credit card number which they assume was not a person but a program doing it. So I am not sure what we can do

Newbie

Posts

Joined
Thu Aug 26, 2021 12:09 am

Post by straightlight » Fri Aug 27, 2021 5:00 am

iroquois wrote:
Fri Aug 27, 2021 4:50 am
We use Authorize Net (eprocessingnetwork) that is in open cart already. They are charging us for every transaction that was tried. They said it is on our end to make sure that someone can't keep entering a credit card number which they assume was not a person but a program doing it. So I am not sure what we can do
Use an up-to-date extension from the Marketplace, not the one provided from the core.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Who is online

Users browsing this forum: No registered users and 16 guests