Spam orders attack

  • Resolved panoramix71

    (@panoramix71)


    3 months, 2 weeks ago

    Hi all,

    in last 12 hours I received 180 failed orders. Different products, value less then 100€.

    They cames from differents IP address.

    I updated the site and all the plugins and put it maintenance mode but the orders keep coming in.

    How can I stop them quickly?

    Thanks in advance.

    The page I need help with: [log in to see the link]

Viewing 9 replies - 1 through 9 (of 9 total)

  • Hi @panoramix71,

    Thank you for reaching out.

    I’m sorry to hear you’re facing possible spam order attacks.

    It could be possible you’re dealing with fraudulent activity on your site. To quickly mitigate this, consider implementing security measures such as CAPTCHA to verify users before they can place an order. You could also use a security plugin that can block IP addresses suspected of malicious activities.

    Please always keep your site and plugins updated, as this also contributes to the overall security of your site.

    I hope this helps.

    Thread Starter panoramix71

    (@panoramix71)

    Hi,

    thanks for your anser.

    I implemented reCAPTCHA first but not helped.

    Then, i implementend the email verification (I bought the official WC plugin) but no lucky with this one as well.

    IP address are alway different and orders spam continue
    What else can I do?

    thanks in advance

    Plugin Support Jonayed (woo-hc)

    (@jonayedhosen)

    Hi @panoramix71 ,

    I understand you’re still receiving a significant amount of spam orders, even after implementing CAPTCHA on your checkout and enabling email verification.

    To help us investigate further, it would be helpful to review your current System Status Report for more insight into your setup. You can find this report by navigating to WooCommerce > Status in your dashboard. From there:

    1. Select Get system report.
    2. Click Copy for support.

    Additionally, if there are any error logs for your Payment Gateway plugin or Woocommerce, please share those as well. These can be accessed under WooCommerce > Status > Logs.

    Once you’ve gathered this information, please paste it into a Code block in your reply or use pastebin.com to share the link with us.

    Let us know once you have this information, and we’ll assist you further.

    Hi,

    We are currently facing fraudulent attacks involving card testing. Despite implementing various paid plugins, such as Google reCAPTCHA for WooCommerce and reCAPTCHA for WooCommerce, bots are still able to bypass the reCAPTCHA process. The attacker appears to be using different IP addresses and Gmail accounts for each attempt, resulting in around 8 to 10 failed orders every 15 minutes.

    As a temporary measure, we have disabled guest checkout and now require customers to register or log in before completing their purchases.

    We are looking for a solution to securely re-enable guest checkout, as it previously worked without any issues. Any advice or recommendations would be greatly appreciated.

    Thank you.

    Plugin Support shahzeen(woo-hc)

    (@shahzeenfarooq)

    Hi @pdagency

    If you’re experiencing the same issue, we recommend creating a new support ticket. This helps us investigate your specific setup and provide a tailored solution. Sometimes, similar issues may have different causes, so a new ticket ensures we can offer the best assistance. Thank you!

    In the meantime, I recommend trying our?WooCommerce Anti-Fraud?plugin to help prevent fake or fraudulent orders:?WooCommerce Anti-Fraud.

    Alternatively, you can try this free plugin:?Woo Blocker Lite – Prevent Fake Orders and Blacklist Fraud Customers.

    Thank you


    Thread Starter panoramix71

    (@panoramix71)

    Hello,

    here my report: https://pastebin.com/jvwqPiPh

    Thanks in advance.

    Massimiliano

    Plugin Support Jonayed (woo-hc)

    (@jonayedhosen)

    Hi @panoramix71 ,

    Thank you for sharing the SSR details. Upon reviewing them, I noticed that you are using the following premium plugin:

    WooCommerce?Anti-Fraud

    For more specific guidance on this issue, I recommend reaching out directly to the Happiness support team. You can open a support request here:?Contact?WooCommerce?Support.

    I hope this points you in the right direction!

    Thread Starter panoramix71

    (@panoramix71)

    Hi,

    I installed those plugin after the card testing attack.

    I’m can’t understand yours support strategy:

    A: Help request
    R: please install plugins
    R2: then, please ask plugin support teams?


    • This reply was modified 3 months, 1 week ago by panoramix71.
    Plugin Support Jonayed (woo-hc)

    (@jonayedhosen)

    Hi @panoramix71 ,

    I understand there might be some confusion regarding our support policy. While we aim to assist everyone as much as possible, premium users do receive priority support tailored to their specific issue. Since you’re a premium plugin holder, we encourage you to reach out to us directly through your WooCommerce account. This way, our expert Happiness Engineers can provide you with faster, personalized assistance.

    We’re here to help, so feel free to reach out through your account for more guidance.

Viewing 9 replies - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.