Braintree form hacked

  • Resolved srilekhalella

    (@srilekhalella)


    4 years, 8 months ago

    Hi,

    We’ve used your plugin to make payments via Braintree. Unfortunately, the Braintree shortcode form is getting spammed by multiple transactions.

    Can you please provide the solutions to avoid the form from spambots.

    Website URL: https://udaan-trust.org/

    Because of this issue, we have shut down the whole site.

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Support mbrsolution

    (@mbrsolution)

    Do you know who is spamming your site? How are you protecting your site? Do you have any security plugins set up in your site?

    Regards

    Thread Starter srilekhalella

    (@srilekhalella)

    We found that all these transactions are done from a single IP address and we blocked that IP. Still, multiple spam transactions are happening.

    As a security measure, we’ve implemented SSL on the website.

    Currently, we are not using any security plugins.

    Plugin Support mbrsolution

    (@mbrsolution)

    Hi, I strongly suggest that you install a security plugin. There are many in WordPress repository. I recommend All In One WP Security and Firewall plugin.

    Kind regards

    • This reply was modified 4 years, 8 months ago by mbrsolution.
    • This reply was modified 4 years, 8 months ago by mbrsolution.
    Plugin Contributor Alexander C.

    (@alexanderfoxc)

    Hi.

    Are they spamming with actual card numbers or just some rubbish?

    Thread Starter srilekhalella

    (@srilekhalella)

    We can see random card numbers.

    Plugin Contributor Alexander C.

    (@alexanderfoxc)

    Looks like it’s some automated system is testing stolen\generated card numbers.

    We’ll see what can be done about it. There are 2 possible solutions:

    1. Add “honeypot” to the form, which is invisible for a regular visitor, but should be visible for bots. If the honeypot is touched, a message should be displayed that automatic submissions are not allowed. This should help against simple bots, but won’t help against more advanced.

    2. Add Google reCaptcha support to the form. It should handle most of the bots, or at least greatly decrease their number.

    If you don’t mind your customers clicking “I’m not a robot” before submitting the form, I guess #2 would be the best solution in this situation.

    Thread Starter srilekhalella

    (@srilekhalella)

    Hi,

    We’ve already added those options. Still, we got spam transactions in Braintree.

    Right now our Braintree account was suspended because of this issue.

    Plugin Contributor Alexander C.

    (@alexanderfoxc)

    We will add reCaptcha support for the credit card payment form shortly. Then you can contact Braintree, explaining the situation, they should unblock your account after this.

    Plugin Contributor Alexander C.

    (@alexanderfoxc)

    reCaptcha support for the payment form has been added. You need to configure it in plugins settings first. WP Braintree -> Settings, reCaptcha tab. Tick “Enabled”, enter your site keys and save changes. After this, your customers would need to click “I’m not a robot” checkbox to complete the payment.

    You can get new plugin version with reCaptcha support here https://github.com/Arsenal21/wp-braintree/releases/download/2.0.3t1/wp-braintree.zip or wait until its released on WordPress repo (this could take a couple of days).

    Plugin Author mra13

    (@mra13)

    The new version has been released and it has the reCAPTCHA option in the settings menu that you can enabled (if your site is being targeted by bots)

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Braintree form hacked’ is closed to new replies.