Hello - just curious what you use to protect your sites - I’m a huge fan of Cloudflare, but I have other solutions in place to protect against XSS/cart jacking/card skimming attacks.
Specifically, I’m looking to filter out nefarious code before it reaches the user/client and then to be able to pin down the threat. I’d love for that to be better baked into the Cloudflare WAF
Anyhow, curious what this community thinks?
Thanks in advance!
Good questions - the specific types of attacks we’re looking to prevent are along the lines of the most recent Blue Mockingbird exploits that builds off of Magecart - your typical js skimmer with listening events. Specifically, I’m seeing a lot of attacks in the wild (not on our end thankfully) that skim the data from a form (CC, login, etc.), convert it over to hex, and call a .gif or otherwise on an external server. Well designed, well executed attacks - all coming from JS or JQuery. Some got through Cloudflare in my testing (not production), so it’s compelling - I’m really interested in being able to block certain domains and attacks (ideally adding manually if possible). Thanks for your thoughts/time!!
This topic was automatically closed after 30 days. New replies are no longer allowed.