XSS, Skimming, cart jacking - how do you use Clodudflare and what else do you use

Hello - just curious what you use to protect your sites - I’m a huge fan of Cloudflare, but I have other solutions in place to protect against XSS/cart jacking/card skimming attacks.

Specifically, I’m looking to filter out nefarious code before it reaches the user/client and then to be able to pin down the threat. I’d love for that to be better baked into the Cloudflare WAF :slight_smile:

Anyhow, curious what this community thinks?
Thanks in advance!

Hi Ivan,

Good questions - the specific types of attacks we’re looking to prevent are along the lines of the most recent Blue Mockingbird exploits that builds off of Magecart - your typical js skimmer with listening events. Specifically, I’m seeing a lot of attacks in the wild (not on our end thankfully) that skim the data from a form (CC, login, etc.), convert it over to hex, and call a .gif or otherwise on an external server. Well designed, well executed attacks - all coming from JS or JQuery. Some got through Cloudflare in my testing (not production), so it’s compelling - I’m really interested in being able to block certain domains and attacks (ideally adding manually if possible). Thanks for your thoughts/time!!

This topic was automatically closed after 30 days. New replies are no longer allowed.