Attack on the Braintree payment module of our site in Magento2

Good morning everyone,
from about 14.42 to 16.03 yesterday morning we suffered a bot attack on the Braintree payment module of our site in Magento2. They were American bots who stole sensitive American / English credit card data to try and put them on our site. From the access logs, all the IPs refer to Cloudflare so it was impossible to block them. Is there any particular setting to prevent this kind of attack?
Best Regards

Since Cloudflare acts as a reverse proxy, when it’s configured as expected, all connections to your origin webserver come from Cloudflare’s IP addresses, and that may or may not be a problem for you:

  • If your web application is using the originating IP of the visitor as part of its logic, it will now use a Cloudflare IP address
  • If you use the content of your access logs, they now contain a Cloudflare IP address as the $remote_addr

Depending on your setup, you can restore the visitor IPs in a number of ways. You can find a complete list here, or below are a few of the most popular:

1 Like