constellix background

DNS Use Case: Geo IP Filters and Carding Attacks

DNS Provider Resource
Compare DNS Providers - Alternative Comparison Free Demo


Subnet Mask Cheat SheetRecords Cheat SheetGeoDNS ExplainedFree Network TroubleshooterKnowledge BasePricing CalculatorLive CDN PerformanceVideo DemosOutage Prevention - CDN Outage - DDos Attack Prevention - DNS Outage


BlogsNewsPress ReleasesIT NewsTutorials
Book a Free Demo →

Want DNS Freebies?

Give us your email and we'll send you the good stuff.

Thanks for joining our newsletter.
Oops! Something went wrong.
Enterprise DNS


Heather Oliver is a Technical Writer for Constellix and DNS Made Easy, subsidiaries of Tiggee LLC. She’s fascinated by technology and loves adding a little spark to complex topics. Want to connect? Find her on LinkedIn.

Connect with

As internet usage grows, so do attacks against online businesses. This is an unfortunate byproduct of technology. Luckily, there are solutions to this problem. One such method is Constellix’s GeoIP Filters.

This blog is a case study on how one of our clients recently stopped a carding attack against their domain using GeoIP Filters. 

The Challenge

Help the client migrate DNS services during a Carding Attack and stop the attack without causing downtime. 

The Outcome

After successful DNS migration, we helped the client create and implement GeoIP filter rules, and the attack was stopped. 


GeoIP filters enabled the client to successfully stop an ongoing carding attack, preventing further damage to their customers, domain, and brand reputation. For preventative measures, the client also enabled our Real-time Traffic Anamoly Detection (RTTAD) service.

What is a Carding Attack?

Carding is a way in which cybercriminals (carders) commit fraud using stolen card numbers to make purchases or to resell them for profit. To verify that a credit card is valid, the carder uses a bot, which authenticates the account by making small purchases on various websites in hopes of avoiding detection. Once validated, the credit cards are typically used to purchase high-value goods, online gift cards, or are resold to other criminals.  

What is a Bot?

A bot is an automated application that mimics human behavior and can be programmed for certain tasks. Bad actors use bots to carry out malicious and repetitive predefined instructions. Without a bot, carders would have to manually enter in all credit card information for each stolen card number, which is tedious and time-consuming. A bot can do all this quickly and automatically for a high volume of card numbers, thus allowing an attack to continue uninterrupted throughout the day. Bots are also able to change IP addresses, which makes them harder to detect.  

How Do Carding Attacks Hurt Your Business?

Carding doesn’t just affect the people whose cards have been compromised. Repercussions for businesses can be severe. Organizations are held accountable for chargebacks and must stay within a specified limit in order to remain in good standing with payment networks. For example, if your e-commerce store is a card attack victim and you fail to get things under control, it will push you over your allotted threshold and can not only lead to hefty fines but can also result in all of your transactions being blocked by payment networks (Visa, Mastercard, etc.) On top of this, you have to deal with the blowback from customers who are unable to make purchases. And to add injury to insult, this type of attack can have a long-lasting, negative impact on your brand reputation as consumers expect businesses to keep their information safe and be accessible when they need them.

Use Case: GeoIP Filters For Carding Attacks

Recently, one of our clients onboarded to Constellix during an ongoing carding attack. Their previous provider was unable to solve this use case, which led the client to seek another solution. Once their domain and records were imported and nameservers were switched over to Constellix, they were able to quickly configure GeoIP Filters for the regions where the attacks were being instigated. Creating filters caused the bad actors to receive an NXdomain back from Constellix. As the malicious traffic was no longer able to reach the client’s website, the attack was effectively stopped. 

What is a GeoIP Filter and How Does it Work?

Constellix’s  GeoIP Filter solution is a highly scalable service that protects your domain and applications on the DNS level. You can think of it as a custom web application firewall (WAF). When using IP filters, you are able to create rules for how DNS servers should handle your traffic. This is done via query filtering. GeoIP Filters can be configured by continent or country, or can even be at the state or city level. Requests can also be filtered by autonomous system number (ASN) or IP address. Traffic can either be rerouted to a designated endpoint or blocked entirely.  To ensure queries aren’t dropped unnecessarily, default IP Filters are required. This way, if a request doesn’t match any of your rules, it will still be answered by the resource you specify. The best part is, IP filters can be created and applied in a matter of minutes through the Constellix control panel or via API. 

Tools That Detect Attacks For Fast Resolution

Early detection is key to preventing major damage to your domain from any attack. Constellix provides an advanced proprietary monitoring solution that complements our GeoIP Filters: Real-time Traffic Anomaly Detection (RTTAD). This product uses AI and machine learning to learn and analyze your unique web traffic. The longer RTTAD is enabled, the more accurate it becomes. Any time suspicious or unusual activity is detected, RTTAD  instantly alerts your designated contact person(s) so that they can determine whether the traffic is legitimate or malicious. This allows your IT team to make proactive decisions, where you are no longer at the mercy of an attacker or forced to use a mitigation service after the fact. 

Geo IP Filters: Well-Rounded Protection

Along with carding attacks, GeoIP Filters can also help mitigate the following attacks: 

  • DDoS attacks
  • Flood attacks
  • Zero-day attacks

Keeping Domains Safe From Modern-Day Threats

We are proud to have helped our client stop the carding attack against their domain. Creating a safer internet and an amazing customer experience is what we’re all about! Constellix is committed to providing superior DNS speeds and performance, as well as unmatched protection on the DNS level. Our products and services are specially developed in-house from the ground up and are based on real customer feedback and industry needs.

Related Resources:

How to use DNS to Prevent Security Issues

Build Your Own Custom WAF With Geo IP Filters

Powerful GeoDNS Strategies to Maximize Your Site Performance

What is a DNS Firewall

How Advanced DNS Monitoring Can Protect and Optimize Web Traffic

Priority DNS Security - image

Need better DNS?
We can help.

• 100% Uptime guarantee
• Configure with ease
• Prevent DDoS attacks
• Monitor your domains
• Optimize site traffic
• Enhance domain performance
• Free POC Account + Demo


Constellix DNS News

carding attack, dns filters, geoIP filters, safe domains, dns use case, bot attack

Sign up for industry news and insights. It'll be worth it.

Sign up for news and offers from Constellix and DNS Made Easy

Thanks for joining our newsletter.
Oops! Something went wrong.