Spam Orders Getting past Captcha and even hooks

  • Resolved AshtonSanders

    (@ashtonsanders)


    2 months ago

    I have a very odd spam order bot hitting my site once every 45-90 minutes. It looks like they are just testing credit cards, because they all fail.

    They submit their orders with some obvious similarities, so I created a plugin to detect and stop the spam orders.

    I hooked up my plugin to all three of these hooks, and none of them were triggered when the spam orders came through:

    add_action(‘woocommerce_checkout_process’, ‘check_order_conditions’); 
    add_action(‘woocommerce_checkout_order_processed’, ‘check_order_conditions’, 10, 3);
    add_action(‘woocommerce_checkout_order_processed’, ‘check_order_conditions’, 10, 3);

    Any idea how these spam orders could be getting into our system (and attempting to charge a card) without triggering any of these hooks? This looks to me like a back-door access or security breach.

    Thank you for your time.
    Ashton
    (I have been working on this for a month on this other thread: https://www.ads-software.com/support/topic/spam-orders-getting-past-hooks/12
    It looks like the spammers have slowed down to be very rare, but we had to switch payment gateways for a bit, and we prefer this PayPal experience (where the card is accepted on the site.))

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Syde Jamie

    (@jamieong)

    Hi @ashtonsanders ,

    Thank you for reaching out to us, we are here to help.

    We are aware of this issue, and it appears to be a potential fraud attempt aimed at testing the validity of credit cards. However, there are several measures you can implement to help minimize and prevent such fraudulent activities.

    • Enable 3D Secure: If you use Advanced Card Processing feature, you can require 3D Secure for transactions. This adds an extra layer of verification and makes it more difficult for unauthorized users to make transactions with stolen card information.
    • Activate FraudNet: In the plugin settings, specifically in the Connection tab, enable FraudNet. This is a service by PayPal designed to identify and prevent fraudulent activities using sophisticated fraud detection technology. For more detailed guidance, visit the documentation at?WooCommerce PayPal Payments.
    • Set Payment Intent to Authorize: By changing the payment intent setting to “Authorize,” you can manually review transactions before they are finalized. This allows you to verify orders and void any that appear to be fraudulent before the funds are captured.
    • Adding the following rules to your?.htaccess?file can also help block specific automated requests, as long as you don’t rely on the legacy WooCommerce API to create orders:
    RewriteEngine On 
    RewriteCond %{REQUEST_URI} ^/wp-json/wc/store/products$ [NC] 
    RewriteCond %{QUERY_STRING} ^stock_status=instock&order=asc&orderby=price&min_price=1&max_price=5000&type=simple&page=1&per_page=100$ [NC] 
    RewriteRule ^ - [F,L]

    Beyond this, some users have shared a code snippet that helps prevent the use of automated APIs to create orders, and it to work for some. You can check out the snippet here: Blocking Card Testing Attacks in WooCommerce.

    We have tested it, and it doesn’t seem to directly impact PayPal Payments, but it should temporarily help prevent the issue.

    We are still analyzing the situation further and working on a more permanent solution.

    Lastly, it will be helpful if you could share your current System Status Report.

    You can do this by navigating to WooCommerce > Status > Get system report > Copy for support. You can either attach it directly or provide it via our secure?PrivateBin.

    Best Regards,
    Jamie

    Plugin Support Krystian from Syde

    (@inpsydekrystian)

    Hello @ashtonsanders

    Since we have not received any further communication from you, we are assuming that your issue has been resolved. Therefore, we mark this thread as resolved. If you still have any questions or if a new problem arises, don’t hesitate to open a new thread.

    Kind regards,
    Krystian

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.