Hi Brian, One possibility is to use a MySQL database which records all failures with the credit card verifications, the IP address of the failure, and when the failure was. Write a script which looks at the failures and if it detects three or more failures from any IP in a set time frame (24 hours?), that address is blocked by the script for 24 hours from making any order.
Your MySQL database should include at least the card number, time of failure, IP of failure. Then query the database based on the just attempted order, and if the count of failures from that IP address is greater than three (especially with different card numbers), refuse the order, and continue the block of that IP for 24 hours after the last failure. In particular, you could also check if the credit card numbers are different, and if they are, you know your dealing with a bad person and can take some steps to deal with them. While its maybe not an ideal solution, I can't think of anything better off hand. best regards Markus On Monday 16 August 2004 16:26, Brian Dunning wrote: > I have a simple PHP store, and it appears that someone is using it to > test credit card numbers. I'm getting a very high number of small [snip...] > I wonder if anyone has any experience with this, and if so, can you > suggest a way to deal with it? - This is a second try, my previous mail seems to have not come through... Sorry if people get this twice - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
