https://netsuiteprofessionals.com logo
Join Slack
Powered by
Is there any way to block traffic to our website? ...
# suitecommerce
w
Is there any way to block traffic to our website? We are currently under attack by a bot that is creating customer records (not Guest accounts) and trying hundreds of credit cards, which is causing our payment gateway to not take legitimate orders.
l
Maybe mark it as offline for maintenance?
s
Hi Wes. The standard response to this is to add a reCAPTCHA to before login, before register and before order submit events. We are working on adding a reCAPTCHA feature to the product in a future release, but in the meantime you can add one yourself if you feel confident or you can approach ACS who have a ready-made solution, or one of our partners. You can also raise a case to let us know.
w
I don't want to block all traffic, just this bot
Thanks Steve! I really hate CAPTCHA but it might be the best solution for this. I was really hoping there was a way to block traffic from outside the US, as our site will only ship domestically.
s
Honestly, I'm not sure geoblocking would be effective. It's pretty easy nowadays to pretend to be from a particular region when visiting a website
w
true, but it would require extra work on the attacker's side
kind of like having an alarm sticker on your door without actually installing the alarm. The thieves will just go to an easier house
I entered a support case. Maybe we can get on the short list for the reCAPTCHA solution
s
Well, just to be clear, if you want it right now you can pay ACS for the solution; otherwise you're waiting for at least until the next release for us to implement something in the product (and I cannot promise anything)
w
Yeah I get it. I could try to create an extension, but I'm not sure where to start.
d
We use Cloudflare CDN which helps mitigate issues like this. Possibly not something to do in the heat of the moment, but does just require changing nameservers to Cloudflare, then copying over DNS entries from your current domain host. I don't doubt Netsuite's CDN has things like DDoS protection, but there's obviously no user configuration - Cloudflare allows blocking on IP, geolocation and countless other options.
We challenge all traffic from one particular country and it has all but eliminated bot issues.
If your issues are coming from a single originating IP or netblock, you could possibly hard code a hack into shopping.ssp to check the visitor IP and throw an error if it's the attacker.
f
Hi Wes, Do you have a support case for this? I am pretty sure that with a support case the NS security team will be ok about blocking that IP address. Let me know the case number and I will check with them.
p
@wes_w Not sure if this is allowed, but Anchor Group look to have a reCapture extension. https://www.anchorgroup.tech/netsuite-suitecommerce-google-recaptcha
w
@Flo Support was less than helpful. All they told me is that they're adding me to the existing enhancement request for Captcha. Case# 4466974. Can support look into what IP addresses are creating junk leads and fraudulent transactions? My website was hit repeatedly last night from midnight to 5AM Eastern.
@PlanetJupiter Thanks for the link. I'll check it out.
f
No, I don´t think support has access to that, but they should have followed up with an issue record and talked with security.
Let me see what I can do.
w
thanks Flo!
p
It's features like reCaptch that other providers have enabled via a simple checkbox in the Admin portal. SCA really do need to catch-up.
4 Views
Open in Slack
PreviousNext
Powered by