>I run a charity website and am getting a blitz of donation attempts. >It looks like they were trying a list of names and credit card >numbers that they had - but they must have been old because only 1 >out of hundreds suceeded. They tried to donate $1 with different >names and credit card numbers on each attempts, but all from the ip >address 113.161.94.67 which appears to be from vietnam. > I permanently banned that IP address from all of my websites. >I am also going to limit bad attempts and increase the minimum donation to $2.. >Is there anything else I should do?
I should point out, depending how intelligent and determined the attackers are the IP banning may only work temporarily. It is fairly easy to build database/code to dump new proxy ips into it daily (lists are not hard to find), and have your attack software randomly connection through them, downgrading and dumping the proxy ip after n number failures. If ip blocking is working, it probably means the person/group targeting you probably isn't very sophisticated. Some people that barely know what they're doing, copy-catting a get-rich-quick scheme others told them about. Consider yourself fortunate in that regard. Also, those kind of attackers usually use software that does a single direct post to an url, filling all urls it finds. It also has no sense of sessions, or cookies, etc. You can use all that against them. I find they occasionally do send a real live human to test things out though. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352309 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
