DolSch Posted September 18, 2022 Posted September 18, 2022 Fraudsters attempted over 1,700 donation for $1 via our donation form - /customers/donations/. Fortunately, Stripe refused the payments. We believe that the fraudsters were testing stolen credit card information. Please add reCAPTCHA requirement to the form. We are a non-profit organization. We need the ability to accept donations from all parents in our community. Restricting the form to our members will not work for us. Thank you.
Randy Calvert Posted September 18, 2022 Posted September 18, 2022 (edited) (Removed comment) Edited September 18, 2022 by Randy Calvert
SeNioR- Posted September 18, 2022 Posted September 18, 2022 52 minutes ago, DolSch said: Fraudsters attempted over 1,700 donation for $1 via our donation form - /customers/donations/. Hi. Update the software to the latest version where only registered users can make donations. More here: https://invisioncommunity.com/forums/topic/468875-delete-mass-pending-invoices/?do=findComment&comment=2903729 DawPi 1
DolSch Posted September 21, 2022 Author Posted September 21, 2022 On 9/18/2022 at 4:18 PM, SeNioR- said: Hi. Update the software to the latest version where only registered users can make donations. More here: https://invisioncommunity.com/forums/topic/468875-delete-mass-pending-invoices/?do=findComment&comment=2903729 We want the donation process as simple as possible. We don't want to require donors to sign in the website first and then fill out the donation form. Please add reCAPTCHA to the donation form.
Randy Calvert Posted September 22, 2022 Posted September 22, 2022 Captcha alone won’t solve this problem unfortunately. It’s super easy to solve it once manually and then trigger a bunch of automated attempts afterwards.
SeNioR- Posted September 22, 2022 Posted September 22, 2022 (edited) 4 hours ago, Randy Calvert said: Captcha alone won’t solve this problem unfortunately. It’s super easy to solve it once manually and then trigger a bunch of automated attempts afterwards. Then the Q&A should be effective. Edited September 22, 2022 by SeNioR-
Shawn RR Posted September 22, 2022 Posted September 22, 2022 Looking for the same. PayPal recently would require people to create an account before donatiing but I expect that to be solely because of PayPal and not over Invision. Whatever the problem is the process is not seamless.
DolSch Posted September 22, 2022 Author Posted September 22, 2022 13 hours ago, SeNioR- said: Then the Q&A should be effective. What is the Q&A?
Randy Calvert Posted September 22, 2022 Posted September 22, 2022 (edited) 24 minutes ago, DolSch said: What is the Q&A? Q&A is a feature that can be enabled when new accounts are being registered. You can provide a question (such as "What color is the sky?" and provide an answer (such as "blue"). In order to create the account, you would have to answer that question correctly. You can find it in yourdomain.com/admin/?app=core&module=moderation&controller=spam&tab=qanda The challenge with these is that you need the question to typically be something your community would know, but not easy enough for human spammers or automated system to already have the answer to. (For example "What is one plus two?" with the answers being "3" or "three".) Chances are the bot has seen those questions before and could answer them. But if the questions are too hard, legitimate members may not be able to answer them and register. The suggestion was to extend the same system used for registration to use it also when someone attempts to make a donation. In order for that to be done, someone would need to develop a plugin that makes donations available to guests again (since it's blocked now in the software for guests) AND also adds that Q&A logic to the donation area. Edited September 22, 2022 by Randy Calvert SeNioR- 1
Recommended Posts