Stop C Card checking in Test Mode – Authorize CIM payment

Hello @gagemail,

Thank you so much for keeping us updated on the status!

Please do keep us informed when you receive an update – we’re looking forward to hearing about the progress.

Have a great day, and thank you for your continued communication!

Hi all, I’m still waiting to hear back from the Card Pay Solutions company. In the meantime, I was hit last night again with card testing twice. Once at 2:30am and again at 6:30am PST. Once I see it happening, I can block the IP with a WC WMFO plugin and also at Authorize.net in the FDS, but it’s still a major pain. I hope to hear back soon from this 3rd party company because as I have pointed out numerous times in this thread there is a definite vulnerability some place. If it’s with their plugin I will stop using it and they should remove it from your store. But, we need proof first.

Of course, it’s not possible to completely ever stop CC testing from happening, but the fact that a fraudster posing as a customer who can somehow put the system into TEST MODE is the problem.

Ironically, as I said earlier, I make almost no money from this store. It’s just barely enough to keep it going, but I spend a massive amount of my time dealing with this kind of BS plus many other backend BS chores like book keeping, sales tax, updates, etc.

I meant to mention earlier, but forgot. All the card testing is being referred by one website: https://www.sitelike.org/

I can’t see any way in WP/WC to block users based on their referral origin. Is there a way to do this without buying or installing a new plugin? This would be at least a short-term fix.

Hi @gagemail

While WooCommerce doesn’t have a built-in feature to block users based on referral origin, you can do this by editing your website’s .htaccess file if you’re comfortable making direct changes to your site’s files.

• https://www.javascriptkit.com/howto/htaccess14.shtml
• https://github.com/sleede/htaccess-referral-spam-blacklist-block

Thanks!

@shameemreza Not a problem, I started with coding sites over 20 years ago and I will take care of the htaccess file entry this week.

My contact at https://www.cardpaysolutions.com had been out sick for about 10 days, but we did speak yesterday. I will keep you updated as to what the original plugin programmer has to say.

@shameemreza As you suggested, I updated the .htaccess file and so far, haven’t seen any referrals coming from that site. I hope this solves at least some of the card testing issues.

I just left a message for my contact at cardpaysolutions to check to see if he got a chance to talk with the programmer and what he had to said. I will update you here as soon as I hear back.

This is great news @gagemail – So glad to see @shameemreza ‘s advice seems to have helped!

I am getting crushed by CC testing and fraud. I am lucky to have 3-4 real orders a month, but I waste too much time every day dealing with fraud. I am still waiting to hear back from CardConnect about their plugin. I am not getting any substantial help from Woo or Authorize.net or Wells Fargo Merchant Services or the credit card companies. I have some issues with lack of substantial customer info that I can get from the WooC plugin… I will give you details on what is lacking in the next post. I don’t have a lot of time today. My only workaround has been to shut down the payment plugin during the hours that this a-hole tends to show up – it is one person repeatedly from the same range of IP addresses and I can’t block that range. I have his cell phone number (see below), but no one cares enough to do anything with it.

The following is an email I sent to Wells Fargo who are pretending like they can help. When I escalate to senior support they are essentially clueless as to how it all works and certainly are of no help. Here’s what I sent to WF last week…

===================================================================

“The little creep came in around 8pm my time (10/11/24) which is an hour before I shut off the Payment Processor plugin for the night. He created a new account and again, it’s with a new IP address which was 172.56.xxx.xxx similar to all the other ones which are all spoofed from the Philadelphia area on the T-Mobile network.”

“After he tested two cards, my?Authorize.net?Fraud Detection Suite cut him off, but it’s sad that with the knowledge that we have including his T-Mobile phone number which he was stupid enough to send me (I did talk with him on the phone):?1 865 371 1802, nobody cares enough to even attempt to go after him.”

“As I said on the phone, if these people are not caught and punished, why should they ever stop. As you can see below, 4 attempts were done with MasterCard and 1 with Visa.”

“I previously set up something in WooCommerce to block his email domain (which is owned by SquareSpace), but it failed. Screenshot below.”

“I guess one of the mega corporations involved in the CC process would have to care at least a little bit. So far, WooCommerce, Authorize-net, Wells Fargo, Visa, MasterCard, T-Mobile don’t care enough to solve this problem so small businesses like me have to live with it. Feel free to forward this to anyone at WFMS that you think might be able to do something.”

[I’d like to upload a couple of images, but I don’t see an easy way to do that.]

Hello gagemail,

Thank you for your reply.

Since it’s a targeted attack by the same person, I highly recommend getting in touch with a professional WooCommerce developer to set up stronger security measures. Blocking IPs or emails might not be enough for such persistent attempts.

Consider looking for a developer through Codeable or WooExperts who can help with implementing advanced defenses like rate limiting, better fraud detection tools, or more robust anti-fraud plugins. This will provide a more long-term solution to prevent these attacks from consuming your time.

Please don’t hesitate to contact us again if you have more questions or concerns.

Best regards.

To

Zubair Zahid (woo-hc)(@doublezed2)

Please stop insulting your clients and the original posters at these forums. To Zubair and others who wander into a forum post and don’t bother to read the complete thread, you are insulting my intelligence and wasting my time. I get it, just spend money and your problem will be solved. It’s the lazy man’s solution. I’ve said MANY, MANY times that I am almost out of business and get about 3-5 legitimate sales a month selling harmonicas and spend many hours a month dealing with all the BS whether it’s fraud or taxes or bookkeeping or questions from customers – I can’t complete with Amazon and eBay. I can’t quite afford to dump this business, but I should have 5 years ago. Frankly instead of WP/WComm, I should have just gone with an all-in-one solution like Spotify. The people I know using it have way less problems and complaints.

I will ask one more set of questions (see below) so I can do the best I can with what I have today. If you don’t want to answer with a cost-free solution, please ignore it, move on, and I will go away.

Questions about WooCommerce:

1a. Is WMFO part of WooComm? If so, it needs an update. It doesn’t do enough and what is in there doesn’t seem to work. The section to block email domains doesn’t work. This current card tester creates fake or real email address from the domain: mmail.biz. So I block mmail.biz and @mmail.biz. I’ve blocked both of those and he still creates a new account with that email domain.

1b. I need to block a range of IP addresses like 172.56.xxx.xxx. He is repeatedly using a T-Mobile phone with this IP address range which comes up as Philadelphia, PA. This would solve my problem for this current issue. The last two sets of the IP keep changing so I need to block the last two sets with wild cards.

1c. If this plugin is NOT yours can you suggest a plugin that will allow me block a range of IP addresses like 172.56.xxx.xxx. and where the email domain blocking actually works?

2. Is there a way I can have WP send me an email notification whenever someone new creates an account? If so, I can block card testers before they do anything significant as I check email all day long. I do already receive emails when someone changes their password, so I would think this option should exist but I couldn’t fine it.

3. Can I make WComm show me the time as well as the date stamp when a person creates a new account. Time of day would be helpful to see if they come in at the same time every day and then I can look for them and block them.

If I can’t so these simple things quickly and cheaply, I seriously have to decide whether or not to shut down the store.

Thanks, Dave

Hey @gagemail ,

I’ve gone through the entire thread, and this sounds frustrating! I’ve addressed each question separately below:

1a. Is WMFO part of WooComm? If so, it needs an update. It doesn’t do enough and what is in there doesn’t seem to work. The section to block email domains doesn’t work. This current card tester creates fake or real email address from the domain:?mmail.biz. So I block?mmail.biz?and @mmail.biz. I’ve blocked both of those and he still creates a new account with that email domain.

+

1b. I need to block a range of IP addresses like?172.56.xxx.xxx. He is repeatedly using a T-Mobile phone with this IP address range which comes up as Philadelphia, PA. This would solve my problem for this current issue. The last two sets of the IP keep changing so I need to block the last two sets with wild cards.

If I understand correctly, you’re referring to WooCommerce Manage Fraud Orders, correct? If so, this is not part of WooCommerce core, and seems to be a plugin that is discontinued: WooCommerce Manage Fraud Orders, which means the plugin will no longer receive updates or support.

1c. If this plugin is NOT yours can you suggest a plugin that will allow me block a range of IP addresses like?172.56.xxx.xxx. and where the email domain blocking actually works?

I’ve done some digging, and while these plugin are not free, they do offer great anti-fraud features:

WooCommerce Anti-Fraud:

• Block by country, IP address, proxies
• Restrict by email address
• Per customer time of day
• Purchase value and volume restrictions
• Lock out by order attempts
• Get email alerts when there are problems

Aelia Blacklister for WooCommerce:

• Blacklist names, addresses, phone numbers and email addresses using exact matches or regular expressions
• Blacklist IP addresses, using exact matches or IP ranges.

YITH WooCommerce Anti-Fraud:

• Block suspicious emails
• Be aware of orders made behind a proxy
• Check large amounts of sudden orders
• Block orders from selected countries
• Check the billing information
• Blacklist email addresses

2. Is there a way I can have WP send me an email notification whenever someone new creates an account? If so, I can block card testers before they do anything significant as I check email all day long. I do already receive emails when someone changes their password, so I would think this option should exist but I couldn’t fine it.

There is actually a handy snippet for this, which you can find here: Notify Admin When New Account Is Created.

To make sure theme updates don’t override this snippet, I’d strongly suggest adding this snippet via a plugin that allows custom functions to be added, such as the?Code snippets?plugin.

3. Can I make WComm show me the time as well as the date stamp when a person creates a new account. Time of day would be helpful to see if they come in at the same time every day and then I can look for them and block them.

I found this nifty free plugin, Users Registration Date, that can help with the date and timestamp for account creation. I’ve also tested this on my site and it seems to add the date and time to already existing accounts too, which is great!

I hope this helps, and please let us know if I missed anything, or if you have any other questions!

Cheers