How to test
send POSTrequest to {domain}/rest/default/V1/guest-carts/dgfjsdhfgsdhfgsdhfgsdhfgsdjfk/payment-information
With the same cart ID multiple times after, your request will be blocked for 5 minutes...
Now you can send GET request for the test with the parameter ?bot_test=1
https://domain.com/rest/default/V1/guest-carts/GKxNF6em8IzxaZlk78YR3soEYby/payment-information?bot_test=1
Also, you can set ENV variables to adjust the logic:
Adjust until bots gone.
Magento 2 is a slow legacy system; however, the new approach is to store configurations in the env variables. Enviremental config has gained significant popularity in PHP over recent years. It uses dotenv files, which are named after the de facto file name: .env. These plain text files define the environment variables required for an application to work as a list of key/value pairs. When using the Magento configuration, you need magento to be up and running. This extension doesn't load the entire magento but blocks bots immediately. If you will load magento bots will consume entire resources from your servers. Don't load Magento when you don't need it. Use PHP microservices!
I am lovers of the magento config. Config contains hundreds of thousands of records and even cached. It takes minutes to load every request from the cache (it still requires unzipping and unserializing). Magento config is an excellent example of how not to do it. With the bigger projects, merchants have more significant issues with magento.
You can adjust the rate and time.
``genaker/module-blockpaymentbot``
* = in production please use the --keep-generated
option
app/code/Genaker
php bin/magento module:enable Genaker_BlockPaymentBot
php bin/magento setup:upgrade
*php bin/magento cache:flush
repo.magento.com
packagist.org
composer config repositories.repo.magento.com composer https://repo.magento.com/
composer require genaker/module-blockpaymentbot
php bin/magento module:enable Genaker_BlockPaymentBot
php bin/magento setup:upgrade
*php bin/magento cache:flush
Using ENV varriables
This Module has a dependency on phpRedis. If your magento store is not running Redis, this module will have no effect on protecting your site. It won't break your site, but the protection will not be enabled.
To verify the module is working as expected, you can use curl on cli to test.
curl -i -X POST https://www.MYDOMAIN.com/rest/default/V1/guest-carts/GKxNF6em8IzxaZlk78YR3soEYby/payment-information
The expected outcome of the above is for the first 20 request you should get something like this:
{"message":"One or more input exceptions have occurred.","errors":[{"...
After the first 20 requests you should get:
Bye!