The ideal fix was to upgrade the version of Stripe checkout. At the time though I was looking for a quick solution and was scared to update the Stripe libraries for fear of accidentally breaking something else. So here's what I did:
- First I tried adding an IP address based rate limiter to the signup and payment routes, and required that all users had translated at least one word before being allowed to upgrade. It stopped the attempts for a few hours, but then they started back up again.
- Next, I used a more drastic approach, which would prevent all payment attempts from all IP address if we received more than 10 failed payment attempts within a 1 minute window. Still didn't work.
- Next, I changed the thresholds to 4 failed payment attempts within 5 minutes, and this finally worked!
Since buying Readlang back, I've updated the Stripe checkout to the latest version, turned off the circuit breaker, and haven't had any further problems.
- First I tried adding an IP address based rate limiter to the signup and payment routes, and required that all users had translated at least one word before being allowed to upgrade. It stopped the attempts for a few hours, but then they started back up again.
- Next, I used a more drastic approach, which would prevent all payment attempts from all IP address if we received more than 10 failed payment attempts within a 1 minute window. Still didn't work.
- Next, I changed the thresholds to 4 failed payment attempts within 5 minutes, and this finally worked!
Since buying Readlang back, I've updated the Stripe checkout to the latest version, turned off the circuit breaker, and haven't had any further problems.