unexpected behavior after enabling the firewall module
Hi,
I finally got around to installing the firewall module. Our server was getting hit really hard. With the recent changes, it no longer causes Stripe to disable our account, but that's obviously not much comfort to those whose credit card info has been stolen.
The thing I find quite odd is that the attack has stopped, almost immediately after enabling the module. Yet I don't have any entries in civicrm_firewall_ipaddress. For me, the source is quite clearly a botnet. There are just too many different IP addresses that I get POSTs from. So I was thinking that this 5 events in 2 hours was just not going to do it.
Are there other countermeasures in the module? Or just- any idea what's going on with our adversary?