Open dschaper opened 4 years ago
This really needs some kind of response. This behavior is going to get my account with Stripe disabled.
Hi @dschaper!
Thank you for taking the time to write up this issue and give us further details on the troubles you're running into. Fraudulent donations suck. It's something we're aware of and, while I can't say exactly what the next steps are just yet, I wanted to let you know this is on my radar and an issue we want to see resolved. Rate limiting is one tactic that can be taken; I'm also exploring other possibilities.
I will keep this Issue open and reference it once we begin to put some solutions into place.
Details
GiveWP happily processes 400 fraudulent donation attempts in less than 5 minutes from the same donor. And then new donor is created and things go from there.
Expected Behavior
After the first 5 donation attempts are rejected by the payment gateway then block the IP and the donor. Or notice the 4 dozen cards associated to the accounts.
I thought Akismet would help with this kind of spam but it seems that's completely nonfunctional.
Visuals
Additional Context
Of course, those two dozen or so charges that made it through are being marked as fraud and cost $15USD each in fees.
System Information
Details
GiveWP Version: 2.8.0 GiveWP Cache: Enabled Database Updates: All DB Updates Completed. Database Tables: ✔ wp_give_donors - 1.0✔ wp_give_donormeta - 1.0✔ wp_give_comments - 1.0✔ wp_give_commentmeta - 1.0✔ wp_give_sessions - 1.0✔ wp_give_logs - 1.0✔ wp_give_logmeta - 1.0✔ wp_give_formmeta - 1.0✔ wp_give_sequential_ordering - 1.0✔ wp_give_donationmeta - 1.0 GiveWP Cache: Enabled GiveWP Cache: ✔New Donation✔Donation Receipt❌New Offline Donation❌Offline Donation Instructions✔New User Registration✔User Registration Information✔Donation Note❌Email access✔Daily Email Report✔Weekly Email Report✔Monthly Email Report Upgraded From: 2.7.5 Test Mode: Disabled Currency Code: USD Currency Position: After Decimal Separator: . Thousands Separator: ,