Fake SPAM Orders

  • Resolved kirkdickinson

    (@kirkdickinson)


    1 year, 4 months ago

    I am getting hundreds of orders every day. They are all from different addresses, different emails, different IP addresses, etc… I have installed Captcha4WP and have the captcha enabled for every form. Still get the fake orders.

    I have it checked so that people have to verify their email and have the Email Verification plug-in by WPFactory, that doesnt’ stop them either.

    This is driving me crazy.

    How can I stop them?

    The page I need help with: [log in to see the link]

Viewing 13 replies - 1 through 13 (of 13 total)
  • ckadenge (woo-hc)

    (@ckadenge)

    1 year, 4 months ago

    Hi @kirkdickinson,

    Thank you for reaching out.

    I’m sorry to hear about the issue you’re facing with fake SPAM orders. So that we can be able to have a better understanding, could you please help confirm the payment gateways used in your store?

    Thread Starter kirkdickinson

    (@kirkdickinson)

    1 year, 4 months ago

    Braintree and Paypal are the payment gateways. It almost looks like someone is testing a list of addresses and credit cards trying to find one that works. I have hundreds of complete addresses, phone numbers, etc…

    Here is my site. Sorry it didn’t get included in the first post.

    https://head2tail.com

    And it is not resolved. Not sure why it says that.

    ckadenge (woo-hc)

    (@ckadenge)

    1 year, 4 months ago

    Hi @kirkdickinson,

    Thank you for confirming this with us.

    We are yet to fully understand how the attackers are gaining access to your store, therefore, in the meantime, to help investigate this issue further, please temporarily disable PayPal payments and check if the issue persists or otherwise.

    Let us know how this goes.

    Thread Starter kirkdickinson

    (@kirkdickinson)

    1 year, 4 months ago

    I actually am only using the Braintree plugin. It handles both Paypal and Credit cards.

    ckadenge (woo-hc)

    (@ckadenge)

    1 year, 4 months ago

    Hi @kirkdickinson,

    Thank you for confirming this with us here.

    Our team is investigating into the issues and once a solution is implemented, it will be shared here with you.

    Thank you for your patience and understanding.

    pitzputz

    (@pitzputz)

    1 year, 3 months ago

    How did you resolve it @kirkdickinson ?

    Plugin Support shahzeen(woo-hc)

    (@shahzeenfarooq)

    1 year, 3 months ago

    Hi @pitzputz

    I understand that you have a somewhat similar problem. Sometimes, similar issues may have different causes, so a new ticket ensures we can offer the best assistance.

    However, per forum best practices shown here, it is advised that you create a new thread so that we can address your issue(s) separately.

    You can create a new thread here: https://wordpress.org/support/plugin/woocommerce/#new-topic-0 and make sure to include as much information as you can.

    Thanks for understanding!


    Thread Starter kirkdickinson

    (@kirkdickinson)

    1 year, 3 months ago

    I have not resolved this problem. All of the fake orders are going through Braintree.

    I have noticed something interesting though. Every single one of the fake orders has the city name repeated right below the name. Also, the fake orders don’t increment the WooCommerce orders menu. In other words, in the WordPress control panel, when see the orders, if I get one real order and 80 fake orders, it only shows 1 as a new order. Not sure if that is because it only counting successful orders or now?

    I did a screen capture of real vs fake order. I blurred out the customer info on the real order.

    https://www.head2tail.com/temp/fake-real-order.jpg

    Mahfuzur Rahman

    (@mahfuzurwp)

    1 year, 3 months ago

    Hi @kirkdickinson,

    Thanks for the additional details. From what you’ve described, it seems like the issue may be specific to the Braintree payment gateway, as the fake orders are being processed through it. The repeated city name and the discrepancy in the order count suggest that something might be off with the integration or configuration.

    Since the issue seems related to the Braintree payment gateway, I recommend reaching out to the plugin’s dedicated support team for further assistance. You can create a thread on their support forum here:

    https://wordpress.org/support/plugin/woocommerce-gateway-paypal-powered-by-braintree/

    They should be able to provide you with more specific guidance for resolving this.

    Thank you!

    Thread Starter kirkdickinson

    (@kirkdickinson)

    1 year, 3 months ago

    I don’t believe that it is specific to the Braintree plugin. These orders seem to be bypassing part of WooCommerce. I have WooCommerce set up to not allow orders until email addresses are verified. None of these emails are valid and never get verified. Also, when these orders come through, they don’t increment the order count in the dashboard. If I get 2 valid orders and 100 fake orders, the dashboard only gets incremented by 2.

    It is almost like they have some way to direct inject an order and bypass the email verification and capcha.

    Zee

    (@doublezed2)

    1 year, 3 months ago

    Hello kirkdickinson,

    Thank you for your reply.

    It looks like these orders are related to card testing attacks.
    We have a guide on how to prevent these attacks.
    I suggest you read the guide and implement the steps suggested.
    https://woocommerce.com/document/how-do-i-prevent-and-respond-to-card-testing-attacks/#how-to-respond

    Let me know if yo have any questions.

    Best regards.

    Thread Starter kirkdickinson

    (@kirkdickinson)

    1 year, 3 months ago

    Yeah, “Card Testing Attack” seems like what it could be. I suspected that someone was testing a bunch of stolen credit card numbers. I turned off the Braintree plug-in last night and enabled only the Paypal method of payment and the fake orders stopped.

    I have been using the Braintree plug-in because it was part of WooCommerce before the WooPayments. I may activated the WooPayments and see if those attacks continue.

    Thanks for the article. I will review it.

    Jonayed (woo-hc)

    (@jonayedhosen)

    1 year, 3 months ago

    Hey @kirkdickinson  ,

    Sounds like a plan! Please keep us updated on how it goes. If switching to WooPayments doesn’t make a difference, we’re happy to investigate further.

    In the meantime, this developer blog provides additional details on preventing card testing: Card Testing Attacks and the Store API.

    Cheers!

Viewing 13 replies - 1 through 13 (of 13 total)

The topic ‘Fake SPAM Orders’ is closed to new replies.