Attack on the Braintree payment module of our site in Magento2

logicagiochi · June 22, 2022, 3:50pm

Good morning everyone,
from about 14.42 to 16.03 yesterday morning we suffered a bot attack on the Braintree payment module of our site in Magento2. They were American bots who stole sensitive American / English credit card data to try and put them on our site. From the access logs, all the IPs refer to Cloudflare so it was impossible to block them. Is there any particular setting to prevent this kind of attack?
Best Regards

domjh · June 22, 2022, 4:05pm

Since Cloudflare acts as a reverse proxy, when it’s configured as expected, all connections to your origin webserver come from Cloudflare’s IP addresses, and that may or may not be a problem for you:

If your web application is using the originating IP of the visitor as part of its logic, it will now use a Cloudflare IP address
If you use the content of your access logs, they now contain a Cloudflare IP address as the $remote_addr

Depending on your setup, you can restore the visitor IPs in a number of ways. You can find a complete list here, or below are a few of the most popular:

system · July 7, 2022, 4:06pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need recommendation to block DDOS attack Security	3	2037	June 19, 2020
Still getting DDOS'ed? DNS & Network	3	2064	November 7, 2019
My website is under brute force attack by IPs all belonging to cloudflare Security dash-troubleshooting	5	2921	March 17, 2019
Bots with Cloudflare IP addresses Security ExpertReply	8	4496	March 28, 2021
Cloudflare block google bot Security	2	4137	July 11, 2022

Attack on the Braintree payment module of our site in Magento2

Related topics