How to stop carding attack on Magento 2.x store

What is a Carding Attack?

A carding attack (also called carding fraud) is a form of credit card fraud where attackers use stolen credit cards to test charges — often against your store's payment forms — and sell validated cards to other people. In simple terms, it's like buying with someone's card without their permission, using your store as the testing ground.

How to Stop a Carding Attack

First check the log files on your server and find the URL path the attacker is hitting. Once you've found it, restrict that path using fail2ban, which blocks IPs that hit a particular URL too frequently (e.g. many requests in under a minute).

You can also list IPs by number of connections to your server with:

netstat -ntu | awk '{print $5}' | cut -d: -f1 -s | sort | uniq -c | sort -nk1 -r

Additional protections worth adding: reCAPTCHA on checkout and payment forms, rate limiting at the CDN/WAF level (Cloudflare works well), and fraud screening in your payment gateway.

Vikram · MagentoWorks

Magento & Adobe Commerce specialist since 2011. I do Hyvä migrations, speed optimization, security patching and hacked-store cleanup.

Get a free store checkup

Related reading

← All 99 posts