Subnet Mask Cheat SheetRecords Cheat SheetGeoDNS ExplainedFree Network TroubleshooterKnowledge BasePricing CalculatorLive CDN PerformanceVideo Demos
BlogsNewsPress ReleasesIT NewsTutorials
Give us your email and we'll send you the good stuff.
Heather Oliver is a Technical Writer for Constellix and DNS Made Easy, subsidiaries of Tiggee LLC. She’s fascinated by technology and loves adding a little spark to complex topics. Want to connect? Find her on LinkedIn.
As internet usage grows, so do attacks against online businesses. This is an unfortunate byproduct of technology. Luckily, there are solutions to this problem. One such method is Constellix’s GeoIP Filters.
This blog is a case study on how one of our clients recently stopped a carding attack against their domain using GeoIP Filters.
Help the client migrate DNS services during a Carding Attack and stop the attack without causing downtime.
After successful DNS migration, we helped the client create and implement GeoIP filter rules, and the attack was stopped.
GeoIP filters enabled the client to successfully stop an ongoing carding attack, preventing further damage to their customers, domain, and brand reputation. For preventative measures, the client also enabled our Real-time Traffic Anamoly Detection (RTTAD) service.
Carding is a way in which cybercriminals (carders) commit fraud using stolen card numbers to make purchases or to resell them for profit. To verify that a credit card is valid, the carder uses a bot, which authenticates the account by making small purchases on various websites in hopes of avoiding detection. Once validated, the credit cards are typically used to purchase high-value goods, online gift cards, or are resold to other criminals.
A bot is an automated application that mimics human behavior and can be programmed for certain tasks. Bad actors use bots to carry out malicious and repetitive predefined instructions. Without a bot, carders would have to manually enter in all credit card information for each stolen card number, which is tedious and time-consuming. A bot can do all this quickly and automatically for a high volume of card numbers, thus allowing an attack to continue uninterrupted throughout the day. Bots are also able to change IP addresses, which makes them harder to detect.
Carding doesn’t just affect the people whose cards have been compromised. Repercussions for businesses can be severe. Organizations are held accountable for chargebacks and must stay within a specified limit in order to remain in good standing with payment networks. For example, if your e-commerce store is a card attack victim and you fail to get things under control, it will push you over your allotted threshold and can not only lead to hefty fines but can also result in all of your transactions being blocked by payment networks (Visa, Mastercard, etc.) On top of this, you have to deal with the blowback from customers who are unable to make purchases. And to add injury to insult, this type of attack can have a long-lasting, negative impact on your brand reputation as consumers expect businesses to keep their information safe and be accessible when they need them.
Recently, one of our clients onboarded to Constellix during an ongoing carding attack. Their previous provider was unable to solve this use case, which led the client to seek another solution. Once their domain and records were imported and nameservers were switched over to Constellix, they were able to quickly configure GeoIP Filters for the regions where the attacks were being instigated. Creating filters caused the bad actors to receive an NXdomain back from Constellix. As the malicious traffic was no longer able to reach the client’s website, the attack was effectively stopped.
Constellix’s GeoIP Filter solution is a highly scalable service that protects your domain and applications on the DNS level. You can think of it as a custom web application firewall (WAF). When using IP filters, you are able to create rules for how DNS servers should handle your traffic. This is done via query filtering. GeoIP Filters can be configured by continent or country, or can even be at the state or city level. Requests can also be filtered by autonomous system number (ASN) or IP address. Traffic can either be rerouted to a designated endpoint or blocked entirely. To ensure queries aren’t dropped unnecessarily, default IP Filters are required. This way, if a request doesn’t match any of your rules, it will still be answered by the resource you specify. The best part is, IP filters can be created and applied in a matter of minutes through the Constellix control panel or via API.
Early detection is key to preventing major damage to your domain from any attack. Constellix provides an advanced proprietary monitoring solution that complements our GeoIP Filters: Real-time Traffic Anomaly Detection (RTTAD). This product uses AI and machine learning to learn and analyze your unique web traffic. The longer RTTAD is enabled, the more accurate it becomes. Any time suspicious or unusual activity is detected, RTTAD instantly alerts your designated contact person(s) so that they can determine whether the traffic is legitimate or malicious. This allows your IT team to make proactive decisions, where you are no longer at the mercy of an attacker or forced to use a mitigation service after the fact.
Along with carding attacks, GeoIP Filters can also help mitigate the following attacks:
We are proud to have helped our client stop the carding attack against their domain. Creating a safer internet and an amazing customer experience is what we’re all about! Constellix is committed to providing superior DNS speeds and performance, as well as unmatched protection on the DNS level. Our products and services are specially developed in-house from the ground up and are based on real customer feedback and industry needs.
Sign up for news and offers from Constellix and DNS Made Easy