Rule= Country >does not equal>united states>block set to fire first. getting ips from other countries through
What steps have you taken to resolve the issue?
wordfence, tried rate limiting through cloudflare and i am now in under attack mode, which seems to be working for now, this person/bot has been hitting me the last few days with failed card attempts
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Full
What are the steps to reproduce the issue?
out of country IP site loads or at least people are getting around it
thanks for the response! That is correct we only want to have users from USA as it seems most of our issues come from outside of the US.We would love to be able to allow external traffic but havent been able to stop these attacks. The CF-connecting-IP forces cloudflare use?
What we are seeing right now are attempts to use a card on our checkout (1300 attempts in the last 48 hrs cvv declines for the most part) ideally the rate limiting rule we set URL path>Wildcard>/checkout/* 6 requests> 1 minute>managed challenge>first
but it didn’t do anything, the bot/person just continued on like nothing was there. we turned on under attack mode which seems to have stopped the bleed for now.
Does it come from the same IP address or it’s rotating IP addresses?
At Cloudflare dashboard under the Security → Events, or rather in Wordfence?
While keeping it, you might have to track & trace the requests from the Security → Analytics and Security → Events to create a Custom WAF Rules accordingly to block this kind of type of attack so you can disable “I am under an attack” mode and keep blocking it while your Websites keeps functioning normally for your Website visitors and customers.
Rotating IPS once i block in wordfence it switches name address card info and IP
I am not even getting failed notifications in woo for most of it, 2 today out of a few hundred maybe even thousand attempts it doesnt seem to be going through cloudflare at al. I did just change that WF setting to get IP from cloudflare
