Solved: Re: Checkout Security & Brute Force Attack

qdrider · ‎04-30-2019

Hi,

We recently had brute force attack on our checkout process and the attacker was repeatedly sending transactions to Paypal. Does anybody have any recommendations on the best way to handle this before it hits Paypal? As you can imagine Paypal was not to happy about this.

We believe they were able to do this through our Guest Checkout process but have since disabled guest checkout and implemented a Captcha for use registration. I would still prefer a solution where repeated attempts are logged and then IP is blocked.

We are also using the Mageplaza One Step Checkout, not sure if there is an exploit in the extension that allows this to happen. I assume it is probably using the same endpoints to submit transactions as the core Magento checkout.

One thing I like is the iThemes Security module for Wordpress which bans IPs after many failed attempts. Something similar for Magento would be ideal.

qdrider · ‎04-30-2019

Looks like this was the attack we had on our site.

https://support.magento.com/hc/en-us/articles/360025515991

View solution in original post

Sunil Patel · ‎04-30-2019

Hello @qdrider

https://www.screencast.com/t/AiL4o8vPS

please check above setting, if that works for you

Problem solved? Click Kudos & Accept as Solution!
Sunil Patel
Magento 2 Certified Professional Developer & Frontend Developer

qdrider · ‎04-30-2019

We have that set. I think I would prefer something that blocks malicious behavior in general. Like bots scanning for admin URLs or known or past exploits.

qdrider · ‎04-30-2019

Looks like this was the attack we had on our site.

https://support.magento.com/hc/en-us/articles/360025515991

Sunil Patel · ‎04-30-2019

Hello @qdrider

https://sucuri.net/guides/how-to-clean-hacked-magento

may be surcuri help it, you need to buy it for this.

Problem solved? Click Kudos & Accept as Solution!
Sunil Patel
Magento 2 Certified Professional Developer & Frontend Developer