So recently a bot has been harrassing one of a client’s e-commerce websites, seeking to use their payment gateway to verify live CC.
Over time I have been adding various detections and blocks to the website and what has become obvious is that the attacks were backed/monitored/evolved by an actual person.
If I detect and ban attackers by IP they pivot to attacking across a massive set of unique IP. If I detect and ban based on rate of attack they slow it down just enough. If I detect and ban based on attributes of the user/cart created I expect they will begin to randomise that.
If that happens options may start to get more heavy handed, like detecting a run on CC processing which seems anomalous and temporarily auto disabling CC as a payment option.
I’ve also added some honeypots, so we’ll see if/how much that helps.