Brian, The best thing that I can suggest is to take a look at the actual orders themselves and find out if there are any one or two things that seem to be common about them.
Once you can find some sort of pattern, you can then code against it. For example, if you find that he seems to send 20 requests under $10 from one IP within 5 minutes, you may wish to do some pre-submission processing to target this sort of behavior. You can easily create a SQL table with "temp-blocked IPs" that will last for 30 minutes. It'll also help keep track of this behavior. In short - the best way to protect against this sort of thing is to figure out the limitations of the other user's software and use that against them. While some things can definitely be dynamic, it typically will only be so within a particular range. Good luck -M -----Original Message----- From: Brian Dunning [mailto:[EMAIL PROTECTED] Sent: Monday, August 16, 2004 10:27 AM To: [EMAIL PROTECTED] Subject: [PHP] [OFF] - Fraudulent web orders - any ideas? Hi all, I have a simple PHP store, and it appears that someone is using it to test credit card numbers. I'm getting a very high number of small orders every day, but a lot more declines. My merchant provider suggests blocking that person's IP address, but that's not practical since it's dynamic. I'll get a lot of orders from one IP address for a few hours, but then the address changes. I wonder if anyone has any experience with this, and if so, can you suggest a way to deal with it? - Brian -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
