So I run a site for a long time customer and I have a custom shopping cart. Over the past 6 months, there is a specific user that appears to be testing credit cards. They always use the same 1 or 2 products and there was some consistency in the name/address. It's a different IP every time.
I can't block by IP, I can't block by email (it's a pattern, but it's too common to outright block... FirstLast1234@gmail.com format that is different every time). I have blocked by address, name at one point, but it seems like every time I block something, they make that part dynamic after a few days. I already have recaptcha but they're getting past that.
Is anyone familiar with another JS library or another trick I can try to use? I read somewhere that putting a hidden input on the form and blocking anyone that fills it might work so I was going to try that next. The owner of the site even took down the product that they were 'buying' but they just picked another one.
Any other thoughts on ways to stop these assholes?