With a recent update to the Donations app, we've upgraded Soapbox's ability to ward off carding attacks from nefarious actors.
Prior to this release, the Donations app automatically blocked a given IP address from successfully submitting any form after too many declined transactions within a given time period. The latest update takes this a step further to combat more sophisticated carding attacks from multiple IP addresses. In these cases, Soapbox automatically enables reCAPTCHA across all Donation forms for all users if a given number of IP addresses are blocked in a given time period.
As an administrator, you're able to control the number of instances as well as the time frame for both the initial IP block as well as the automatic enabling of reCAPTCHA.
For more details on reCAPTCHA and these automated security measures, check out the following articles:
- Enabling or disabling reCAPTCHA for your Donation forms
- Adjusting parameters for automatically blocking IP addresses from submitting a Donation page
- Automatically enable reCAPTCHA when multiple IPs are blocked in a given time frame
- Determining if reCAPTCHA was enabled when a given transaction was processed