Author Topic: Blocking suggestions  (Read 831 times)

ober

  • Ashton Shagger
  • Ass Wipe
  • Posts: 14333
  • Karma: +73/-790
  • mini-ober is taking over
    • Windy Hill Web Solutions
Blocking suggestions
« on: October 18, 2024, 08:36:07 AM »
So I run a site for a long time customer and I have a custom shopping cart.  Over the past 6 months, there is a specific user that appears to be testing credit cards.  They always use the same 1 or 2 products and there was some consistency in the name/address.  It's a different IP every time.


I can't block by IP, I can't block by email (it's a pattern, but it's too common to outright block... FirstLast1234@gmail.com format that is different every time).  I have blocked by address, name at one point, but it seems like every time I block something, they make that part dynamic after a few days.  I already have recaptcha but they're getting past that. 


Is anyone familiar with another JS library or another trick I can try to use?  I read somewhere that putting a hidden input on the form and blocking anyone that fills it might work so I was going to try that next.  The owner of the site even took down the product that they were 'buying' but they just picked another one.


Any other thoughts on ways to stop these assholes?

hans

  • Guitar Addict
  • Jackass In Charge
  • Posts: 3536
  • Karma: +46/-18
Re: Blocking suggestions
« Reply #1 on: October 18, 2024, 12:00:27 PM »
Do you think it's automated or manual? The extra field thing might work if it's automated. Is it a popular product? There might be something you can do with that info too, or if they're coming in multiple times from the same IP in short time, to maybe slow the process and make it more annoying for them.
This signature intentionally left blank.

ober

  • Ashton Shagger
  • Ass Wipe
  • Posts: 14333
  • Karma: +73/-790
  • mini-ober is taking over
    • Windy Hill Web Solutions
Re: Blocking suggestions
« Reply #2 on: October 19, 2024, 12:43:34 AM »
I suspect it's automated, but the agent is a normal browser so at least something like Selenium or Cypress.  I don't see any reuse of IPs.  It's not a popular product and it's not a lot of money... usually 15-25 as the total.  I suspect they're actually testing credit card numbers because even the ones that do get through get declined most of the time.