I am using Magento 2.4.7-p1 hackers are trying to place order using guest cart REST API carding attacks tried cloudflare , rate limit magento and captcha also, but no use in braintree created so many rules, but no use.
As per our analysis, this request will be used while making orders from APIs not from the front end if we disable this API from the code level under this file.
vendor/magento/module-quote/etc/webapi.xml
Code to comment is below.
###############################################
################################################
disabled above code still carding attack is running.
can any one please tell how to stop guest order rest api
2 Answers 2
They can try as many times as they want, if you upgrade your magento 2 to latest security patch releases...they will be blocked by Content Security Policies. More details in CSP ASPB Security Patch
-
already, i am using latest version and enabled cspPavan kumarMG– Pavan kumarMG2024年12月27日 11:38:24 +00:00Commented Dec 27, 2024 at 11:38
Several solutions:
- Turn off guest checkouts completely at Stores > Configuration > Sales > Checkout > Checkout Options > Allow guest checkout:
- Programmatically block guest API orders.
vendor/magento/module-quote/Model/GuestCart/GuestCartManagement.php:
public function placeOrder($cartId, PaymentInterface $paymentMethod = null)
{
+ return; //add this return and remove the plus sign
$quoteIdMask = $this->quoteIdMaskFactory->create()->load($cartId, 'masked_id');
$this->cartRepository->get($quoteIdMask->getQuoteId())
->setCheckoutMethod(CartManagementInterface::METHOD_GUEST);
return $this->quoteManagement->placeOrder($quoteIdMask->getQuoteId(), $paymentMethod);
}
Explore related questions
See similar questions with these tags.