To combat carding attacks, the Donations app is designed to disable the processing of Donation page submissions from a given IP address after a given number of failed attempts by that IP address to submit a page. You can adjust the settings that trigger this block by following these instructions.
While this is effective in eliminating submissions from a given IP address, sophisticated carding attacks often utilize multiple different IP addresses for their attack. As a countermeasure, the Donations app will automatically enable reCAPTCHA for a site if there are a given number of IPs that are blocked due to rejected credit cards within a given time frame.
You can adjust the number of blocks and the time frame by doing the following:
- Open the Configuration for the Donations app
- Click the Payment tab
- For Block Incidents Number, enter the number of IP blocks required to trigger reCAPTCHA being enabled
- For Block Incidents Seconds, enter the number of seconds within which the number of incidents must occur to trigger reCAPTCHA. For instance, if you set this to 600 and the Block Incidents Number to 3, if three different IP addresses are blocked within a 10 minute period, reCAPTCHA will be enabled automatically for all visitors for all Donation forms on the site.
- Click Save
If you wish, you may disable reCAPTCHA at any time by following these instructions.