PayPal Payflow extension exploited for fraudulent ... - Page 3

pankajpragma · ‎04-12-2019

I also faced the same issue. So I installed fail2ban [ https://www.fail2ban.org/wiki/index.php/Main_Page ] on the server to ban repeated activity for 24 hours and also installed Google reCAPTCHA for Payflow Pro payment.

Magento provided a solution to add reCAPTCHA for specific Paypal Methods. Please see here for more information:

https://support.magento.com/hc/en-us/articles/360025515991-PayPal-Payflow-Pro-active-carding-activit...

khaldeman · ‎05-05-2019

I wrote this, to quickly stop the issue. Fail2ban would work also.

<?php
$limit = 10;
exec('grep requestSecureToken /var/log/apache2/access.log | sed -e \'s/\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/\' | sort | uniq -c',$output);
foreach($output as $line)
{
echo $line . "\n";
$parts = preg_split("/[\s]+/", $line);
$count = $parts[1];
$ip = $parts[2];
if($count >= $limit)
{
$msg = gethostname() . " has a high count of paypal hits: " . $count . "\n";
$msg .= "IP: " . $ip . " Hits: " . $count . "\n";
$msg = wordwrap($msg,70);
echo $msg;
$cmd = "ufw insert 1 deny from " . $ip;
exec($cmd);
mail("address@test", "CRITICAL Paypal Issue", $msg);
}
else
{
# $msg = "All Good";
# mail("address@test", "CRITICAL Paypal Issue", $msg);

}
}

?>

PayPal Payflow extension exploited for fraudulent transactions

Re: PayPal Payflow extension exploited for fraudulent transactions

Re: PayPal Payflow extension exploited for fraudulent transactions