Failed Orders – Fake Information

Another thanks here @wigster

But could you please tell us how to add more emails or order names if we want to block more fake orders from different email addresses ?

thanks again for your help !

Yes, thanks mywebmaestro for the post with the detail, I’ve had multiple such “failed” transactions with the same bogus info. Thanks also to the folks who have posted suggestions.

@celsta Currently there’s no extra functionality in my plugin for that kind of thing.
I will try and update it manually for the moment if the spam orders change. When the WordPress team have accepted my plugin into their official plugin network I will begin adding further dynamic functionality.

@mvenkadesan those settings will allow account creation, some of us here have all those options unchecked and still got user accounts created.

@madjax

Thanks for the Link on how to find the logs… I got it but don’t want to make it public here. Is there a way to PM or e-mail you the relevant part?

Thanks!

@wpstack92 you can email me here – https://jacksonwhelan.com/contact/ – and send a link to Dropbox, google drive – whatever to download.

@madjax

Done.

@madjax : Thank you for the clarification. One question: how do I find logs for an AWS LightSail Bitnami instance of WordPress?

@wigster : I would suggest the following modified code of your plugin so that it can block domains in a case-insensitive manner and also allow the easy addition of multiple domains as an array.

if ( ! defined( 'ABSPATH' ) ) {
    exit; // Exit if accessed directly
}
/**
 * Check if WooCommerce is active
 **/
if ( in_array( 'woocommerce/woocommerce.php', apply_filters( 'active_plugins', get_option( 'active_plugins' ) ) ) ) {
    add_action( 'woocommerce_after_checkout_validation', 'block_spam_checkout', 10, 2 );

    function block_spam_checkout( $fields , $errors) {
        $blacklisted_domains = array (
            "abbuzz.com",
            "example.com"
        );
        $is_bad = !(empty(
            array_filter($blacklisted_domains, function($list) use ($fields) {
            return stripos($fields[ 'billing_email' ] , $list);
        })));
        if ($is_bad ) {
            $errors->add( 'validation', 'Spam attempt.' );
        }
    }
}

@wpstack92 got it thanks – it looks like they were hitting /my-account/ – but you’re saying you had all these settings unchecked at the time?

WP Settings > General
“Anyone can register” ?

WooCommerce Settings > Accounts & Privacy
“Allow customers to create an account during checkout” ?
“Allow customers to create an account on the “My account” page” ?

@madjax

I have all those settings unchecked, but they successfully managed to create the fake order and the fake user.

I have read about half of the pages on this thread, so I may have missed things.
I suspect that reCAPTCHA may not protect against this issue.
Until the source of the issue is found, I would recommend restricting shipping addresses to places that the websites actually ship to. Of course, this would not help people who ship world-wide, or who want to sell digital goods anywhere, but it should help a significant percentage of sites.

@carike I agree, wish I was able to recreate it

Just FYI, I posted a bit of an analysis further back here:
https://www.ads-software.com/support/topic/failed-orders-fake-information/page/8/#post-13611713

it was initially held for moderation, but seems to have been approved now.

Does anyone know the IP#(s) that is being used?