cancel
Showing results for 
Search instead for 
Did you mean: 

PayPal Payflow extension exploited for fraudulent transactions

   Did you know you can see the translated content as per your choice?

Translation is in progress. Please check again after few minutes.

Re: PayPal Payflow extension exploited for fraudulent transactions

I also faced the same issue. So I installed fail2ban [ https://www.fail2ban.org/wiki/index.php/Main_Page ] on the server to ban repeated activity for 24 hours and also installed Google reCAPTCHA for Payflow Pro payment.

 

Magento provided a solution to add reCAPTCHA for specific Paypal Methods. Please see here for more information:

 https://support.magento.com/hc/en-us/articles/360025515991-PayPal-Payflow-Pro-active-carding-activit...

Re: PayPal Payflow extension exploited for fraudulent transactions

I wrote this, to quickly stop the issue.  Fail2ban would work also.

<?php
$limit = 10;
exec('grep requestSecureToken /var/log/apache2/access.log | sed -e \'s/\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/\' | sort | uniq -c',$output);
foreach($output as $line)
{
echo $line . "\n";
$parts = preg_split("/[\s]+/", $line);
$count = $parts[1];
$ip = $parts[2];
if($count >= $limit)
{
$msg = gethostname() . " has a high count of paypal hits: " . $count . "\n";
$msg .= "IP: " . $ip . " Hits: " . $count . "\n";
$msg = wordwrap($msg,70);
echo $msg;
$cmd = "ufw insert 1 deny from " . $ip;
exec($cmd);
mail("address@test", "CRITICAL Paypal Issue", $msg);
}
else
{
# $msg = "All Good";
# mail("address@test", "CRITICAL Paypal Issue", $msg);

}
}

?>