this post was submitted on 02 May 2026
104 points (96.4% liked)

Technology

85245 readers
4319 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
104
Credit Cards Are Vulnerable To Brute Force Kind Attacks (metin.nextc.org)
submitted 1 month ago by Deep@mander.xyz to c/technology@lemmy.world
25 comments fedilink hide all child comments
 

Hacker News.

you are viewing a single comment's thread
view the rest of the comments
[–] notabot@piefed.social 24 points 1 month ago (18 children)

You don't need to stop them, you just need to make the effort not be worth it compared to using a different site. Things like making sure they have a valid session cookie before they hit the payment flow, and, ideally, require them to be logged in too. That way you can block attacking accounts, and they have to go through the effort of registering a new one, which is, hopefully, well gated against automated attacks.

[–] Steve@startrek.website 19 points 1 month ago (17 children)

Every single attempt registers a new user account, all with fake info. I have been trying all different things to block them but theres no unique data to identify them. I havent had a completed payment from them in a few weeks but I can still see the attempt being made.

At first, they used valid emails which led to me being banned from gmail because all the order notifications were being reported as spam.

[–] thedeadwalking4242@lemmy.world 20 points 1 month ago (4 children)

Make so sign up requires proof of work. Will slow them down.

Become computationally expensive for them at scale

[–] Steve@startrek.website 1 points 1 month ago (2 children)

That would scare away real paying customers

[–] notabot@piefed.social 17 points 1 month ago (1 children)

You might want to try something like Anubis on both the signup and order pages. Real users will either not be stopped, or will only hit it once, and no user interaction is required to continue, but bot users will be slowed down enough to, hopefully, disuade them from returning.

[–] NotMyOldRedditName@lemmy.world 1 points 1 month ago

Could just hide it behind a progress spinner? But it'll slow down the account creation.

load more comments (1 replies)
load more comments (13 replies)
load more comments (13 replies)