-
Notifications
You must be signed in to change notification settings - Fork 192
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GiveWP should rate limit donation attempts. #5258
Comments
Hi @dschaper! Thank you for taking the time to write up this issue and give us further details on the troubles you're running into. Fraudulent donations suck. It's something we're aware of and, while I can't say exactly what the next steps are just yet, I wanted to let you know this is on my radar and an issue we want to see resolved. Rate limiting is one tactic that can be taken; I'm also exploring other possibilities. I will keep this Issue open and reference it once we begin to put some solutions into place. |
Details
GiveWP happily processes 400 fraudulent donation attempts in less than 5 minutes from the same donor. And then new donor is created and things go from there.
Expected Behavior
After the first 5 donation attempts are rejected by the payment gateway then block the IP and the donor. Or notice the 4 dozen cards associated to the accounts.
I thought Akismet would help with this kind of spam but it seems that's completely nonfunctional.
Visuals
Additional Context
Of course, those two dozen or so charges that made it through are being marked as fraud and cost $15USD each in fees.
System Information
Details
GiveWP Version: 2.8.0
GiveWP Cache: Enabled
Database Updates: All DB Updates Completed.
Database Tables: ✔ wp_give_donors - 1.0✔ wp_give_donormeta - 1.0✔ wp_give_comments - 1.0✔ wp_give_commentmeta - 1.0✔ wp_give_sessions - 1.0✔ wp_give_logs - 1.0✔ wp_give_logmeta - 1.0✔ wp_give_formmeta - 1.0✔ wp_give_sequential_ordering - 1.0✔ wp_give_donationmeta - 1.0
GiveWP Cache: Enabled
GiveWP Cache: ✔New Donation✔Donation Receipt❌New Offline Donation❌Offline Donation Instructions✔New User Registration✔User Registration Information✔Donation Note❌Email access✔Daily Email Report✔Weekly Email Report✔Monthly Email Report
Upgraded From: 2.7.5
Test Mode: Disabled
Currency Code: USD
Currency Position: After
Decimal Separator: .
Thousands Separator: ,
The text was updated successfully, but these errors were encountered: