Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GiveWP should rate limit donation attempts. #5258

Open
dschaper opened this issue Sep 11, 2020 · 2 comments
Open

GiveWP should rate limit donation attempts. #5258

dschaper opened this issue Sep 11, 2020 · 2 comments
Labels
keep-fresh "Keep Fresh" issues should not be marked as stale.

Comments

@dschaper
Copy link

Details

GiveWP happily processes 400 fraudulent donation attempts in less than 5 minutes from the same donor. And then new donor is created and things go from there.

Expected Behavior

After the first 5 donation attempts are rejected by the payment gateway then block the IP and the donor. Or notice the 4 dozen cards associated to the accounts.

I thought Akismet would help with this kind of spam but it seems that's completely nonfunctional.

Visuals

Screenshot_2020-09-11 Search – pi-hole net – Stripe(2)

Screenshot_2020-09-11 Customers – pi-hole net – 1Stripe

Screenshot_2020-09-11 Home – pi-hole net – Stripe

Additional Context

Of course, those two dozen or so charges that made it through are being marked as fraud and cost $15USD each in fees.

System Information

Details

GiveWP Version: 2.8.0
GiveWP Cache: Enabled
Database Updates: All DB Updates Completed.
Database Tables: ✔ wp_give_donors - 1.0✔ wp_give_donormeta - 1.0✔ wp_give_comments - 1.0✔ wp_give_commentmeta - 1.0✔ wp_give_sessions - 1.0✔ wp_give_logs - 1.0✔ wp_give_logmeta - 1.0✔ wp_give_formmeta - 1.0✔ wp_give_sequential_ordering - 1.0✔ wp_give_donationmeta - 1.0
GiveWP Cache: Enabled
GiveWP Cache: ✔New Donation✔Donation Receipt❌New Offline Donation❌Offline Donation Instructions✔New User Registration✔User Registration Information✔Donation Note❌Email access✔Daily Email Report✔Weekly Email Report✔Monthly Email Report
Upgraded From: 2.7.5
Test Mode: Disabled
Currency Code: USD
Currency Position: After
Decimal Separator: .
Thousands Separator: ,
@dschaper dschaper added the type: bug Existing functionality is broken label Sep 11, 2020
@dschaper dschaper changed the title GiveWP should rate limit donations. GiveWP should rate limit donation attempts. Sep 11, 2020
@dschaper
Copy link
Author

This really needs some kind of response. This behavior is going to get my account with Stripe disabled.

Screenshot_2020-09-12 Payments – pi-hole net – Stripe
Screenshot_2020-09-12 Home – pi-hole net – Stripe

@JasonTheAdams
Copy link
Contributor

Hi @dschaper!

Thank you for taking the time to write up this issue and give us further details on the troubles you're running into. Fraudulent donations suck. It's something we're aware of and, while I can't say exactly what the next steps are just yet, I wanted to let you know this is on my radar and an issue we want to see resolved. Rate limiting is one tactic that can be taken; I'm also exploring other possibilities.

I will keep this Issue open and reference it once we begin to put some solutions into place.

@github-actions github-actions bot added the Stale label Oct 26, 2022
@kjohnson kjohnson added keep-fresh "Keep Fresh" issues should not be marked as stale. and removed type: bug Existing functionality is broken Stale labels Oct 26, 2022
@impress-org impress-org deleted a comment from github-actions bot Oct 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
keep-fresh "Keep Fresh" issues should not be marked as stale.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JasonTheAdams @dschaper @kjohnson