[ic] Anyone try fail2ban on IC error log

Steve Graham icdev at mrlock.com
Mon Feb 11 22:20:19 UTC 2013


> I had an attacker placing fake orders on my site - I think testing to
> see which credit card numbers are able to be charged. I set up fail2ban
> to watch my webserver access logs, but I think it would be also good to
> have fail2ban watch my IC error log.
>
> DB
>


Just a thought..... ..  you could do something like this in log_transaction

give customers __MAX_CC_ATTEMPTS__ tries then they get locked out for the 
duration of your session   - this would thwart most plus limit
your transaction expense with your credit card processor.

if anyone has a better solution I would also be interested.


code in log_transaction

>>>
        [calc]
              $Scratch->{cc_attempts} = 0  unless defined 
$Scratch->{cc_attempts};
        [/calc]
        [perl]$Scratch->{cc_attempts}++; [/perl]

        [calc]
                undef $Session->{payment_result}{MStatus};
                return if $Scratch->{tmp_total} == 
$Scratch->{tmp_remaining};
                my $msg = sprintf "Your credit card was charged %.2f", 
$Scratch->{tmp_remaining};
                $Scratch->{pay_cert_total} = $Scratch->{tmp_total} - 
$Scratch->{tmp_remaining};
                $Scratch->{charge_total_message} = $msg;
                return "Credit card will be charged 
$Scratch->{tmp_remaining}";
        [/calc]
    [if scratch cc_attempts < __MAX_CC_ATTEMPTS__]
        Charging with payment mode=[value mv_payment_route]
        [tmp name="charge_succeed"][charge route="[value mv_payment_route]" 
amount="[scratch tmp_remaining]" order_id="[value mv_transaction_id]"][/tmp]
     [else]
          [calc]
           die errmsg(
                                "Real-time charge failed. - too many 
attempts\n",
                                'too many failed charge attempts!',
                        );
          [/calc]
        [perl]$Session->{payment_error} = 'Too many failed attempts - please 
call in your order!'; [/perl]

<<<

Steve Graham


 




More information about the interchange-users mailing list