Failed Orders – Fake Information

  • Resolved mywebmaestro

    (@mywebmaestro)


    4 years, 4 months ago

    This morning I had several clients report they’ve been seeing “failed orders” in their stores, where the payment failed and the info was obviously fake. (See below.) I haven’t found any reference to this online yet, but wanted to know if there’s a way to determine if this is a general software spam attack against woocommerce stores overall, or something specific to sites on my server. Has anyone else here seen this? Or is there some way I can determine more information and/or protect against it?

    Order info:
    bbbbb bbbbb
    bbbbb
    74 xxxxxxx Rd
    xxxxxxx
    EX14 5HN
    United Kingdom (UK)
    xxx xxxx xxxx
    [email protected] (another one used [email protected])

Viewing 15 replies - 76 through 90 (of 159 total)

  • Okay.
    So you mean if i install a “No Captia” on my site, it will prevent them right? or if anyone can simply tell me what i need to install on my site to keep such people away, will highly appreciate..

    Hi everyone,

    happened to me too on 24.10 and today, 1.11.

    And today my site got hacked and site url changed to some spam

    https://i.ibb.co/6YDLc9w/image-2020-11-01-T15-46-14-293-Z.png

    Go check your USERS in the backend. You will probably find some “customer”-role ones that they use to exploit…

    Same here.
    Not using TI Wishlist Plugin.

    I have some securities (not going to specificy which ones, as this thread is surely monitored by who is running this hack) that prevented more damage, but I found a new “client” and a failed order.

    By inspecting logs, I verified that the bot tried to exploit several known vulnerabilities in the following plugins:
    – Loginizer
    – Drag and Drop multiple file upload for Contact Form 7
    – Super Store Finder
    – Super Interactive Maps
    – Super Logo Showcase
    – WP File Manager

    I have none of them, but if you have, disable and delete them immediately.

    I didn’t find any modified WP file or modified settings, but now I need to audit everything…

    Very interesting!

    Not using any of these plugins you mentioned either though…

    As per WordPress best practices after an hacking happened or attempted, it is also recommended to change your security keys in wp-config.php.

    You can generate new keys here: https://api.www.ads-software.com/secret-key/1.1/salt/

    This will also logout every user connected to the website and invalidate its cookies.

    much appreciated. have three similar orders with the mentioned same phone number.

    I also had two orders, same address different emails but still from abbuzz.com

    this need to be seriously looked into by woo.

    I have also had a few “fake” orders with the same details.
    Can “users” that are not required, be deleted?
    Is there a way to stop these fake customers?

    My site was “Hacked” two weeks ago and I couldn’t even get into wordpress admin to restore a back up. I eventually got the site back online.

    There must be a way to get rid of these “leeches”

    hello,
    same problem here, all with abbuzz email address but different IPs most of the time, how to stop fake orders please ?
    thank you

    Anonymous User 13665966

    (@anonymized-13665966)

    Morning,

    I’ve been investigating this very issue after a client reported this to me over the weekend. The order details, change of IP address and email etc all match up.

    This has all the hallmarks of an exploit, although it’s unclear whether this is a vulnerabilty in WP Core, WooCommerce Core, or a particular plugin. In this particular case, my client’s site isn’t set up to allow account registrations at all. All users are added manually, and no customer accounts are used.

    The exploit appears to find a way to create a user, give it the customer role and then an order is placed.

    I’ll share any further findings if I’m able.

    Anonymous User 13665966

    (@anonymized-13665966)

    Same here, can verify that these attempts are being made.

    so the bot is trying to do more now than the fake user and false order that occurs.

    As posted earlier, the bot ultimately is about changing site url to some scam website. The fake orders are just vehicle to get into the system

    I can confirm the same. In fact this is happening across multiple web hosts. I have websites on Siteground & Cloudways where these orders have been placed.

    On one of the website, user registrations are disabled altogether, still they somehow managed to create a user with “Customer” role.

    Any luck with figuring out the solution to this?

    I have added some new rules to my .htaccess file – Preventing XSS attacks & preventing SQL injections. Not sure if that will help.

    Reference : https://thrivewp.com/sql-injections-hack-wordpress-security/

    On one of the website, user registrations are disabled altogether, still they somehow managed to create a user with “Customer” role.

    Same here. Is there a way to permanently make it impossible to create any user with “customer” role?

    I googled and found out this .htaccess rule. This will prevent any registration.

    Please backup your website/db & htaccess file before testing these.

    <IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{THE_REQUEST} ^.*(wp-login.php\?action=register).* [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>
Viewing 15 replies - 76 through 90 (of 159 total)
  • The topic ‘Failed Orders – Fake Information’ is closed to new replies.