We already have in place: Cloudflare (free), fail2ban, mod_security with OWASP rules. If such change happens, the IP addresses used for the shopping cart get banned, as well as any subsequent IP addresses that try to use the same shopping cart id. I would like to create a mechanism that tracks the IP address used for each shopping cart id, and detects if there is an IP address change for an individual cart id. As you can see these are requests coming from different IP addresses, but they refer to the same shopping cart id ( oq2xk8h2h3ghvjrii93o in this case). But in the meantime I am trying to find a workaround. I am trying to get Magento's attention to this problem. ![]() Surprisingly, Magento 2 allows for requests to come from multiple IP address even though they refer to a single session and shopping cart ID (Note: the security settings for validate REMOTE_ADDR, HTTP_VIA, HTTP_X_FORWARDED_FOR, and HTTP_USER_AGENT are all enabled). Our security measures quickly detect when this behavior happens from a single IP address but have been much less effective when the attack is distributed. The attacker manually creates a shopping cart and from it is able to send repeated requests to Braintree and my store to test credit card numbers. ![]() I am trying to fend off carding attacks on a Magento 2 store.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |