cancel
Showing results for 
Search instead for 
Did you mean: 

Checkout Security & Brute Force Attack

SOLVED
Highlighted

Checkout Security & Brute Force Attack

Hi,

We recently had brute force attack on our checkout process and the attacker was repeatedly sending transactions to Paypal. Does anybody have any recommendations on the best way to handle this before it hits Paypal? As you can imagine Paypal was not to happy about this.

 

We believe they were able to do this through our Guest Checkout process but have since disabled guest checkout and implemented a Captcha for use registration. I would still prefer a solution where repeated attempts are logged and then IP is blocked. 

 

We are also using the Mageplaza One Step Checkout, not sure if there is an exploit in the extension that allows this to happen. I assume it is probably using the same endpoints to submit transactions as the core Magento checkout. 

 

One thing I like is the iThemes Security module for Wordpress which bans IPs after many failed attempts. Something similar for Magento would be ideal. 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Checkout Security & Brute Force Attack

4 REPLIES 4
Highlighted

Re: Checkout Security & Brute Force Attack

Hello @qdrider 

https://www.screencast.com/t/AiL4o8vPS

 

please check above setting, if that works for you


Problem solved? Click Kudos & Accept as Solution!
Sunil Patel
Magento 2 Certified Professional Developer & Frontend Developer

Re: Checkout Security & Brute Force Attack

We have that set. I think I would prefer something that blocks malicious behavior in general. Like bots scanning for admin URLs or known or past exploits. 

Highlighted

Re: Checkout Security & Brute Force Attack

Highlighted

Re: Checkout Security & Brute Force Attack

Hello @qdrider 

 

https://sucuri.net/guides/how-to-clean-hacked-magento

 

may be surcuri help it, you need to buy it for this.

 

 


Problem solved? Click Kudos & Accept as Solution!
Sunil Patel
Magento 2 Certified Professional Developer & Frontend Developer