Support » Plugin: GiveWP - Donation Plugin and Fundraising Platform » ddos attack with stripe with your plugin

  • Resolved obertscloud

    (@obertscloud)


    now is over 100,000 it is coming through your plugin, even though I took the shortcode away from the page they cannot give, but they are still trying through ajax

    I have been on the phone for almost 4 hours with cloudflare, with stripe, with my host, and it all points back to your plugin

    https://ibb.co/r6XL13g
    https://ibb.co/92f3BDT

    this is a catastrophe!

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Contributor Ben Meredith

    (@benmeredithgmailcom)

    Hi @obertscloud

    That’s certainly not what we want! I want to be as helpful as I can, to get this resolved for you.

    Don’t just remove the shortcode from the site: completely remove the donation form by making it a draft:

    That should stop it as far as is possible from our side. Beyond that, either your host or Cloudflare will need to be the ones to turn off the flood.

    You mention DDOS, so is the site completely down? Cloudflare should definitely be able to stop a DDOS attack: that’s what they do.

    Once you get the site back operational, we can definitely work with you to get your donations back up and running, but the step before the first step is to stop the DDOS attack. That’s not something that we can help with, and it’s directly in Cloudflare’s wheelhouse.

    Definitely keep us posted.

    Thread Starter obertscloud

    (@obertscloud)

    Cloudflare said it was injecting through your plugin as well as Stripe also said that and the report from the team at my hosts also have logs showing your plugin is effected. Maybe recaptcha will help your plugin.

    Plugin Contributor Ben Meredith

    (@benmeredithgmailcom)

    Hi @obertscloud

    I’m happy to help in any way I can, but I am not clear yet as to whether you took my advice to completely remove the form from the site.

    If you did, and the attack is still ongoing, Here are two ways you can potentially fend this off from the WordPress side of things:

    1) The Zero Spam Plugin
    This is not a plugin that we developed, but the developers there have been excellent at providing support: https://wordpress.org/plugins/zero-spam/

    It claims to support GiveWP right out of the box. There’s a chance that it will help, but given that you say the attack is happening via admin-ajax at this point, I am not sure that will help.

    5) Implementing a reCAPTCHA
    We don’t generally recommend the reCAPTCHA option because it slows down the donation experience and looks unsightly. It can harm your donations sometimes more than benefit them. But sometimes it’s really your last line of defense. So if you really want to implement it, here’s how:

    Here is the link to that code.

    If you need assistance implementing custom code on your website we have this guide.

    We want to help, but the distributed nature of WordPress itself means that we can only really provide pointers and we rely on you to give us as clear a picture as possible of exactly how GiveWP is being exploited. If there is sensitive data that you’d rather not post on this public forum, you can reach out to us at https://givewp.com/contact-us and mention this forum post.

    Thread Starter obertscloud

    (@obertscloud)

    got the recaptcha enabled, thank you with the code

    now I have to get this on restrict content plugin also a ddos but they want us to pay a lot of money for a pro version to have recaptcha

    Thread Starter obertscloud

    (@obertscloud)

    now donation circle spins on test site it worked

    Thread Starter obertscloud

    (@obertscloud)

    sorry got it to work on live site now

    Thread Starter obertscloud

    (@obertscloud)

    i take it back one of the donation pages it spins

    Plugin Support stephanieliy

    (@stephanieliy)

    Hi @obertscloud,

    Send along the URL to the donation form that has reCaptcha spinning, and we’ll give things a look!

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘ddos attack with stripe with your plugin’ is closed to new replies.