It would be nice if we could get a notification about rate limiting being engaged by bad traffic.
So for example if your site is being carded - some of the transactions might go through because maximum rate limit time is 1 hour.
Here is an example of an attack:
You can see 5,500 bad requests were made to the payment gateway. The image shows they were challenged (because I set a rule for specific countries / ASNs), but if there was no challenge rule, the rate limiter would get some transactions through.
SIMPLE CASE
IP gets 3 transactions in, then rate limit happens. 1 hour later it keeps going and hits rate limit after 3 transactions.
This means that 6 transactions were made in 1 hour. If you have Payment method set to CAPTURE transactions, it will mean you will need to have a talk with your payment provider about all these fraudulent captures.
It would be nice if I got an email on the first rate limit so I could at least put the site into the Under The Attack Mode.