[ic] Anyone try fail2ban on IC error log

Steve Graham icdev at mrlock.com
Mon Feb 11 22:20:19 UTC 2013

> I had an attacker placing fake orders on my site - I think testing to
> see which credit card numbers are able to be charged. I set up fail2ban
> to watch my webserver access logs, but I think it would be also good to
> have fail2ban watch my IC error log.
> DB

Just a thought..... ..  you could do something like this in log_transaction

give customers __MAX_CC_ATTEMPTS__ tries then they get locked out for the 
duration of your session   - this would thwart most plus limit
your transaction expense with your credit card processor.

if anyone has a better solution I would also be interested.

code in log_transaction

              $Scratch->{cc_attempts} = 0  unless defined 
        [perl]$Scratch->{cc_attempts}++; [/perl]

                undef $Session->{payment_result}{MStatus};
                return if $Scratch->{tmp_total} == 
                my $msg = sprintf "Your credit card was charged %.2f", 
                $Scratch->{pay_cert_total} = $Scratch->{tmp_total} - 
                $Scratch->{charge_total_message} = $msg;
                return "Credit card will be charged 
    [if scratch cc_attempts < __MAX_CC_ATTEMPTS__]
        Charging with payment mode=[value mv_payment_route]
        [tmp name="charge_succeed"][charge route="[value mv_payment_route]" 
amount="[scratch tmp_remaining]" order_id="[value mv_transaction_id]"][/tmp]
           die errmsg(
                                "Real-time charge failed. - too many 
                                'too many failed charge attempts!',
        [perl]$Session->{payment_error} = 'Too many failed attempts - please 
call in your order!'; [/perl]


Steve Graham


More information about the interchange-users mailing list