tealou-WooCommerce | Stripe Developers | Page 1

frigid rune Dec 14, 2021, 3:45 AM

#

You can always write to our Support to have tailored support. Before that can you provide your account id? I will take a look

scenic rain Dec 14, 2021, 3:47 AM

#

Thanks - acct_18qCsIDhCRZzstLS

frigid rune Dec 14, 2021, 3:48 AM

#

Disabling secret keys normally won't stop the attack vector because they just spam your front end calls. You would want to disabling publishable key and roll a new one. Publishable key is what your client side uses

scenic rain Dec 14, 2021, 3:49 AM

#

I thought I had fixed it yesterday but it resumed again.... ah ok I thought that might be the case.

frigid rune Dec 14, 2021, 3:49 AM

#

What I can recommend is

#

Reroll publishable key
Change your URL temporary
Write into Stripe Support

#

(looking at the account)

scenic rain Dec 14, 2021, 3:50 AM

#

Are you familiar with whether it is the domain or IP? I can roll a new server IP now I am hidden behind Cloudflare, and move to the other Stripe account as well...

#

sorry I meant whether they tend to attack the IP or the domain? I know this is Stripe support haha

frigid rune Dec 14, 2021, 3:51 AM

#

You are under Card Testing. Our Support folks would be able to help you

#

I am seeing Card Testing

#

This is common scenario. Stripe do our best to help merchant combat with these kind of attack vector

#

I think disabling old Publishable key would be easiest and fastest to temporary stop them. But after you populate the new Publishable key they can continue again. So

Disable old Publishable key
Write to Stripe Support
Try to change both your IP and domain

scenic rain Dec 14, 2021, 3:54 AM

#

Yeah this is the odd thing, I have rate limiting on, Recaptcha on every possible field...

#

Ah ok, can't change the domain but will move IP and Cloudflare should conceal it

frigid rune Dec 14, 2021, 3:54 AM

#

General guide: https://stripe.com/docs/card-testing

Card testing

Learn about this fraudulent activity and how to prevent it.

scenic rain Dec 14, 2021, 3:54 AM

#

Do I need Stripe support to change something?

#

Yeah reading that now, thanks. Didn't know what the term was for it... other client checkouts have never had this issue

#

thanks

frigid rune Dec 14, 2021, 3:56 AM

#

good luck 🙂 Always write to Support and they might be able to help you more

scenic rain Dec 14, 2021, 3:56 AM

#

I appreciate the help, truly. Thanks. One more question... do you find that requiring user to login before purchase helps much, in terms of trade-off with User Experience?

frigid rune Dec 14, 2021, 3:58 AM

#

Well it depends on your business. Many business do allow customer to guest-purchase. Like when you order, for example on ecommerce, the site will prompt to either "Login/Register to continue buying" or "buying without register"

#

It comes down to metrics. You can actively monitor 2 patterns and decide which works best for your business

#tealou-WooCommerce