Possible replay attack

Resolved

(@systasiscomputersystems)

Hi,

I’m seeing what I think is a replay attack to validate credit cards via a low-cost purchase.

I’ve got the following log

167.88.45.225 [01/Apr/2025:19:58:30 "GET /product/belt-bag/?quantity=1&add-to-cart=86083&attribute_attribute_color=Red&product_id=86083&variation_id=91763 302 0 "-"
167.88.45.225 [01/Apr/2025:19:58:30 "GET /product/belt-bag/?quantity=1&add-to-cart=86083&attribute_attribute_color=Red&product_id=86083&variation_id=91763 302 0 "-"
167.88.45.225 [01/Apr/2025:19:58:35 "GET /product/belt-bag/?quantity=1&add-to-cart=86083&attribute_attribute_color=Red&product_id=86083&variation_id=91763 302 0 "-"
167.88.45.225 [01/Apr/2025:19:58:37 "GET /product/belt-bag/?quantity=1&add-to-cart=86083&attribute_attribute_color=Red&product_id=86083&variation_id=91763 302 0 "-"
167.88.45.225 [01/Apr/2025:19:58:38 "GET /product/belt-bag/?quantity=1&add-to-cart=86083&attribute_attribute_color=Red&product_id=86083&variation_id=91763 302 0 "-"
167.88.45.225 [01/Apr/2025:19:58:42 "GET /product/belt-bag/?quantity=1&add-to-cart=86083&attribute_attribute_color=Red&product_id=86083&variation_id=91763 302 0 "-"
167.88.45.225 [01/Apr/2025:19:58:42 "GET /cart/ 200 438601 "-"
167.88.45.225 [01/Apr/2025:19:58:42 "GET /cart/ 200 438601 "-"
167.88.45.225 [01/Apr/2025:19:58:44 "GET /cart/ 200 438607 "-"
167.88.45.225 [01/Apr/2025:19:58:46 "GET /checkout 301 0 "-"
167.88.45.225 [01/Apr/2025:19:58:47 "GET /cart/ 200 438601 "-"
167.88.45.225 [01/Apr/2025:19:58:48 "GET /checkout 301 0 "-"
167.88.45.225 [01/Apr/2025:19:58:50 "GET /checkout 301 0 "-"
167.88.45.225 [01/Apr/2025:19:58:50 "GET /cart/ 200 438601 "-"
167.88.45.225 [01/Apr/2025:19:58:52 "GET /checkout 301 0 "-"
167.88.45.225 [01/Apr/2025:19:58:52 "GET /cart/ 200 438601 "-"
167.88.45.225 [01/Apr/2025:19:58:54 "GET /checkout 301 0 "-"
167.88.45.225 [01/Apr/2025:19:58:56 "GET /checkout 301 0 "-"
167.88.45.225 [01/Apr/2025:19:58:58 "GET /checkout/ 200 483449 "-"
167.88.45.225 [01/Apr/2025:19:58:58 "GET /checkout/ 200 483445 "-"
167.88.45.225 [01/Apr/2025:19:59:00 "GET /checkout 301 0 "-"
167.88.45.225 [01/Apr/2025:19:59:01 "GET /checkout/ 200 483405 "-"
167.88.45.225 [01/Apr/2025:19:59:03 "GET /checkout 301 0 "-"
167.88.45.225 [01/Apr/2025:19:59:03 "GET /checkout/ 200 483445 "-"
167.88.45.225 [01/Apr/2025:19:59:09 "GET /checkout/ 200 483461 "-"
167.88.45.225 [01/Apr/2025:19:59:10 "GET /checkout/ 200 483405 "-"
167.88.45.225 [01/Apr/2025:19:59:12 "POST /wp-admin/admin-ajax.php 400 1 "-"
167.88.45.225 [01/Apr/2025:19:59:13 "POST /wp-admin/admin-ajax.php 400 1 "-"
167.88.45.225 [01/Apr/2025:19:59:15 "GET /checkout/ 200 483405 "-"
167.88.45.225 [01/Apr/2025:19:59:15 "POST /wp-admin/admin-ajax.php 400 1 "-"
167.88.45.225 [01/Apr/2025:19:59:17 "POST /wp-admin/admin-ajax.php 400 1 "-"
167.88.45.225 [01/Apr/2025:19:59:19 "GET /checkout/ 200 483449 "-"
167.88.45.225 [01/Apr/2025:19:59:19 "POST /wp-admin/admin-ajax.php 400 1 "-"
167.88.45.225 [01/Apr/2025:19:59:20 "POST /wp-admin/admin-ajax.php 400 1 "-"
167.88.45.225 [01/Apr/2025:19:59:23 "POST /wp-admin/admin-ajax.php 400 1 "-"
167.88.45.225 [01/Apr/2025:19:59:28 "POST /?wc-ajax=checkout 200 78 "-"
167.88.45.225 [01/Apr/2025:19:59:28 "POST /?wc-ajax=checkout 200 78 "-"
167.88.45.225 [01/Apr/2025:19:59:30 "POST /?wc-ajax=checkout 200 78 "-"
167.88.45.225 [01/Apr/2025:19:59:30 "POST /wp-admin/admin-ajax.php 400 1 "-"
167.88.45.225 [01/Apr/2025:19:59:32 "POST /?wc-ajax=checkout 200 78 "-"
167.88.45.225 [01/Apr/2025:19:59:35 "POST /?wc-ajax=checkout 200 78 "-"
167.88.45.225 [01/Apr/2025:19:59:35 "GET /product/belt-bag/ 200 63080 "https://photonictherapyinstitute.com/cart"
167.88.45.225 [01/Apr/2025:19:59:38 "POST /?wc-ajax=checkout 200 78 "-"
167.88.45.225 [01/Apr/2025:19:59:39 "GET /product/belt-bag/ 200 63093 "https://photonictherapyinstitute.com/cart"
167.88.45.225 [01/Apr/2025:19:59:40 "POST /?wc-ajax=checkout 200 78 "-"
167.88.45.225 [01/Apr/2025:19:59:40 "GET /product/belt-bag/ 200 63059 "https://photonictherapyinstitute.com/cart"
167.88.45.225 [01/Apr/2025:19:59:43 "GET /product/belt-bag/?quantity=1&add-to-cart=86083&attribute_attribute_color=Red&product_id=86083&variation_id=91763 302 0 "-"
167.88.45.225 [01/Apr/2025:19:59:44 "GET /product/belt-bag/ 200 63128 "https://photonictherapyinstitute.com/cart"
167.88.45.225 [01/Apr/2025:19:59:44 "POST /?wc-ajax=checkout 200 78 "-"
167.88.45.225 [01/Apr/2025:19:59:49 "GET /product/belt-bag/?quantity=1&add-to-cart=86083&attribute_attribute_color=Red&product_id=86083&variation_id=91763 302 0 "-"
167.88.45.225 [01/Apr/2025:19:59:49 "GET /product/belt-bag/?quantity=1&add-to-cart=86083&attribute_attribute_color=Red&product_id=86083&variation_id=91763 302 0 "-"
167.88.45.225 [01/Apr/2025:19:59:50 "GET /product/belt-bag/ 200 63082 "https://photonictherapyinstitute.com/cart"
167.88.45.225 [01/Apr/2025:19:59:50 "GET /product/belt-bag/ 200 63057 "https://photonictherapyinstitute.com/cart"
167.88.45.225 [01/Apr/2025:19:59:53 "GET /product/belt-bag/?quantity=1&add-to-cart=86083&attribute_attribute_color=Red&product_id=86083&variation_id=91763 302 0 "-"
167.88.45.225 [01/Apr/2025:19:59:54 "GET /product/belt-bag/ 200 63054 "https://photonictherapyinstitute.com/cart"
167.88.45.225 [01/Apr/2025:19:59:55 "GET /cart/ 200 438601 "-"
167.88.45.225 [01/Apr/2025:19:59:57 "GET /product/belt-bag/ 200 63086 "https://photonictherapyinstitute.com/cart"
167.88.45.225 [01/Apr/2025:19:59:58 "GET /cart/ 200 438607 "-"
167.88.45.225 [01/Apr/2025:19:59:59 "GET /cart/ 200 438607 "-"
167.88.45.225 [01/Apr/2025:20:00:00 "GET /cart/ 200 438601 "-"

Viewing 3 replies - 1 through 3 (of 3 total)

Jonayed (woo-hc)
(@jonayedhosen)

1 year, 1 month ago

Hi @stvdesigns ,

Thank you for reaching out!

Based on your message and the nature of the issue and log pattern, it seems your site might be experiencing card testing activity. This often occurs when guest checkout is enabled, as it’s a common entry point for such fraudulent behavior.

Unfortunately, this type of activity has been increasing. Rest assured, our team is actively working on solutions to help reduce its impact.

In the meantime, we recommend reviewing the steps in our guide on how to respond to card testing. If you’d like to prevent it while keeping guest checkout enabled, you can jump directly to this section: Preventing Card Testing.

For additional information, you can also check out this developer blog that provides more details on preventing card testing: Card Testing Attacks and the Store API.

Thank you for your understanding, and feel free to reach out if you have any further questions!

Thread Starter Systasis Computer Systems
(@systasiscomputersystems)

1 year, 1 month ago

Thanks.
I’ve implemented the rate limiting function via the API

Moses M. (woo-hc)
(@mosesmedh)

1 year, 1 month ago

Hi @systasiscomputersystems,

I’m glad to hear the previous response was helpful! If you have a moment, we’d really appreciate it if you could leave an honest review for the plugin here: https://ww.wp.xz.cn/support/plugin/woocommerce/reviews/#new-post

Your feedback is important to us and helps us continue improving WooCommerce.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Possible replay attack’ is closed to new replies.