We've had some strange merchant account transactions on our payment form over the past few days...they're all for $1, which isn't one of our regular amounts, and they all come from IP's inside Tunisia. ... all of the CC#'s are also different. I'm guessing that we've got someone with some stolen cards testing them against any merchant they can find to see if the # is valid. Here's my question. This has happened 3 different days, from three different IP's, all inside the same country, Tunisia: 041.226.151.077 041.226.100.124 041.226.117.089 Is there a way to block all visitors from Tunisia from accessing our site? We don't do any business there, and don't anticipate doing any business there. I tried this service, but I don't think they have the IP's in question for Tunisia. http://www.blockacountry.com/ recommends using this block code for Tunisia... <Limit GET HEAD POST> order allow,deny deny from 41.224.0.0/13 deny from 192.68.138.0/24 deny from 193.95.0.0/17 deny from 196.203.0.0/16 deny from 213.150.160.0/19 allow from all </LIMIT> Any suggestions would be welcome. -Mark
Banning IPs is not a good solution. Attackers can use proxies to re-abuse your business. The foolproof way is to use Business Logic Control in your web application.