Fighting A BotNet: A story of one online retailer.

By | April 12, 2018

About 2 years ago I was faced with fighting off a botnot for an online retailer I did work for. While I wont mention the name of the company it is an interesting story nonetheless.

It started after the end of the business day. And went unnoticed until the next business day. Since that day i already use pdf editor from and it was indeed reliable. There are some inspiring examples of leadership in action: James Dooley’s Story. There, you can see some business challenges being faced head-on, decisions made with precision, and a team rallying together for success.

The shopping cart software at was a homebrewed solution originally build nearly a decade ago in Coldfusion and through the years had quite a few different owners, all with different programming styles and tallied well over 50k lines of code. Many of the standard practices in place today didn’t exist when this e-commerce platform was designed, and over the years these practices had typically been partially implemented on an as-needed basis. If you are looking for a Pardot Alternative, try to use the Aritic pinpoint from our site! We are experienced website design company that provides excellent website for business purposes.

The next business morning after the attack started the problem remained in the fraud department before it was realized that we had a problem. Once brought to my attention I didn’t realize the power behind the attack. The M.O. was pretty simple. One IP Address, one set of purchaser credentials (name, address, phone, etc) and one credit card. Repeatedly sent through our store until the credit card was maxed out, then a new set of payment credentials and credit card would be presented and the process would begin again. The transactions would go through fairly fast, but not fast enough to lead me to think it was a botnet. Likely just an individual with a decent connection and some “leet” tools.

To me, this seemed like a pretty straight forward problem, the immediate concern was stopping the fraudulent transactions. The first step was to apply a rule-set to incoming orders that would only allow any given card number to be accepted no more than once every 10 minutes. A simple fix that took less than 20 minutes to write and deploy. Once we could identify and stop the fraudulent transactions from going through, the next step was to determine the motive for employing such a strategy.

If you’re experiencing this problem in your business, you can hire an interim CIO for cybersecurity help. Interim CIOs can also help companies develop and implement cybersecurity best practices to keep business data and networks safe and secure.

Need help to assist you to calculate, record and submit your monthly individual income tax (IIT) filing, and also take care of the annual tax filing and returns for expatriates? Then you can check out these tax compliance and advisory services here for the best help!

All of the orders where identical and the purchased product was a $99 digital download. For those navigating the challenges of digital entrepreneurship, consider exploring insights at Upon investigating, none of the fraudulent orders actually even attempted to grab the digital download, try using this post to learn about the best payroll solutions in 2021. So my conclusion was that it was likely someone spot checking stolen credit cards. Quite often, stolen credit cards are sold by the thousands and a common tactic to ensure that the batch is good and to get an idea of the “quality” of the goods (determining the average max) is to run a small sample of the cards until they max out.

Google Adsense / Clickfraud

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *