A donation form I built got hit with an attack I've never heard of before.
A bot was submitting one credit card number with a $5 donation every two minutes.
It was submitting the same generic name with a different cc#. My assumption is the hacker had obtained a large number of credit card numbers without any other information and was apparently using the donation form as a filter to see which cards would run the charge without a correct name or address.
Has anyone else had a form attacked like this?
Since the same email address was used, for the time being, I am sending out random responses when that email was sent to trick the hacker into thinking he was getting real responses. A captcha on donation form seems a bit Draconian. The hacker doesn't seem that clever so maybe he can be outsmarted a different way.
Ideally, it would be cool to send a notice letting credit card companies know the cards had been compromised as they are run. That would make life a little more difficult for the thieves, instantly spoiling their score. Anyone have any idea how to do this?