Hacker attack this morning

  • Hello,

    Just to let you know. Got a hacker attack on this plugin this morning.
    They found three of my websites, and used them to attempt some charges.

    After some investigation, found it was a hacker from Philippines, using the plugin to validate stolen credit cards. Stripe blocked the transactions through radar rules.

    I have disabled the plugin until I understand how they found my different websites so fast. If anyone reported the same thing this morning, please advise.
    Thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author mra13

    (@mra13)

    You need to enable the following captcha option in the plugin:
    https://s-plugins.com/stripe-payments-recaptcha-addon/

    That will stop any spam bots trying to do this. When you activate our plugin, it recommends you to set that up. But sometimes users hide that message.

    Same here. We’ve been targetted and they used your plugin. I have disabled it and reported it to Stripe.

    Mine came from Japan.

    I have a site under attack now. Unfortunate that we have to add reCaptcha as the only solution. The attackers are clearly targeting this plugin.

    The transactions aren’t even for the face amount of the item, but a much lower ($4-5 amount) instead.

    Perhaps some sort of limiter (# of attempts per visitor per minute) or some other anti-bot hardening would be possible to implement into the plugin?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Hacker attack this morning’ is closed to new replies.