Odd behaviour - Billing page attack? - Ecommerce forum at WebmasterWorld

Forum Moderators: buckworks

Message Too Old, No Replies

Odd behaviour - Billing page attack?

rumirunto

11:34 pm on Sep 22, 2005 (gmt 0)

Here's an odd one... For the last month or so, we've been seeing at least one daily event like this:

Someone comes to our website, adds a large count of any random product into their shopping basket, for a total of somewhere between $1000 and $2000, and then attempts to place the order, which always fails. They then repeat over and over and over, trying different combinations of credit card numbers, CVV2 codes and/or expiration dates. The first posting of the billing page seems to come from the web browser, but subsequent postings might be coming from some script, since they do not request the images that are included on the redirected-to-after-the-failure billing page.

The IP addressess of the "attackers" are all over the world, although the pattern is always the same.

Anyone know anything about this?

philbish

1:59 am on Sep 23, 2005 (gmt 0)

They trying to find credit card numbers that work, so then they can use them to buy things somewhere else.

rumirunto

4:34 am on Sep 23, 2005 (gmt 0)

> They trying to find credit card numbers that work,
> so then they can use them to buy things somewhere else.

If that's the case, why try for the large amounts? it would make more sense to use smaller totals. Also, I wonder if this is common out there or if there's something specific about our setup that's making us targets for this.

hanuman

7:26 am on Sep 23, 2005 (gmt 0)

someone cheated him and sold him bad CC numbers, and ....he still does not belive it! <vbg>