abbuzz again ! Today fake orders again when your plugin was disabled

  • Resolved catdec

    (@catdec)


    3 years, 10 months ago

    abbuzz again ! Today fake orders again when your plugin was disabled

    hi,

    Thanks for the official plugin !

    since last time when we were attacked and woo team updated woocommerce, my shops were ok, but today 3 of them got the same fake orders as before. What about you ? do you keep the plugin enabled all the time ?

    I had disabled it since the Woo fix, but now I enabled it again to find if it can still block orders.

    By the way is the plugin that you uploaded here exactly the same as the one we manually downloaded before wordpress accepted your official plugin ?

    Thanks again.

Viewing 15 replies - 1 through 15 (of 18 total)
  • Plugin Author Alex Wigmore

    (@wigster)

    Hi,

    Yes I’ve left it enabled personally—as there has been no official update from WooCommerce regarding the problem.

    It’s a simple plugin, so no harm leaving it enabled.

    The version you downloaded from my site is pretty much identical, though there was a minor update to help block a few extra orders, so it depends when you downloaded it.

    Alex

    Thread Starter catdec

    (@catdec)

    Thank you, I have the first version I think, not downloaded on wordpress but with your direct link. Should I install the official one to get new updates that you release ?

    After the first attack I had more websites getting fake orders, but now only 3, I will report here if they attack the remaining shops.

    Plugin Author Alex Wigmore

    (@wigster)

    Yes, if possible I suggest to use the official version via this WordPress platform so that you get any further updates I release.

    @wigster Official response here: https://developer.woocommerce.com/2020/11/05/woocommerce-4-6-2-fix-release/

    Thread Starter catdec

    (@catdec)

    Weird to still get fake orders when it is supposed to be fixed ??

    Plugin Author Alex Wigmore

    (@wigster)

    @madjax – thanks for the link. It’s good to see half of the issue has been solved. Though the annoying issue of fake orders still getting through exists, hence this plugin is still necessary for the moment.

    Thread Starter catdec

    (@catdec)

    And now getting 1 more fake order on another shop, I guess that everybody who disabled this plugin will get these orders.

    Same Problem – ORDER and USER are created I’m using WordPress version: 5.6 and WooCommerce Version 4.9.1, i has blocked create account during order but still they can create fake orders

    User details are:
    bbbbb bbbbb, bbbbb, 74 Eastbourne Rd, ROBOROUGH, EX14 5HN, United Kingdom (UK)

    Thread Starter catdec

    (@catdec)

    still no problem anymore with the great plugin from @wigster
    Thanks again !

    I can’t find any information about how to use it, how to set it up, what is it doing. Where is all this necessary information??
    I installed it – that’s it. I have no idea what is it doing in the background, and can’t find any word about the “side effects”. If the side effect is that account creation during checkout doesn’t work anymore, just like the silly idea from WooCommerce, it is useless. We all go to a new store 1st time one day, stuff the shopping cart, and want to create an account when we are asked to do so on the checkout page. If this doesn’t work anymore, we will all lose some potential customers because of the missing convenience.
    So please be so kind and add some text on how the plugin works, what it is actually doing, and how it affects other functions.
    Thank you.

    Plugin Author Alex Wigmore

    (@wigster)

    Hi @volkerforster – thanks for your feedback, I have now added a brief description to the plugin:
    https://www.ads-software.com/plugins/block-specific-spam-woo-orders/

    In summary; you simply install and activate the plugin, it will then extend WooCommerce’s checkout validation, checking if the order is using the known spammer’s details—if so, it simply rejects that order, stopping the attack. There are no side effects, it’s currently a fairly simple plugin that is doing 1 specific task.

    Bert O

    (@websitehelperberto)

    @volkerforster the plugin does not do any of that, all it does is prevent your website from being spammed by a certain known domain, it does that by validating the user’s first name and email domain during checkout.

    It will not do anything else.

    Thread Starter catdec

    (@catdec)

    @volkerforster Please be kind ! We are lucky enough that @wigster helps us when the ones who are supposed to help us by contract do nothing !

    Sorry if it’s the first time that you install a plugin on your own, but anybody else would have guessed how to works and what it does. We must be champions ??

    Thank you, this is awesome!
    Sometimes the simple solutions are the best.

    @catdec
    When I install a plugin, and there is neither any information on the plugin site nor any settings to find on my WordPress installation after it was installed, it should be to expect that my questions will once come up. If you don’t care about installing a piece of code with unknown functions and settings (since nobody tells you that there are no settings at all), I clearly see your website at risk. Leaving it to chance that a plugin is doing something completely harmless is quite silly.

    Stef

    (@serafinnyc)

    I don’t understand how these settings block bad actors

    
 $customer_name_to_block = 'bbbbb';
 $email_domain_to_block = 'abbuzz.com';

    Huh?

Viewing 15 replies - 1 through 15 (of 18 total)
  • The topic ‘abbuzz again ! Today fake orders again when your plugin was disabled’ is closed to new replies.