Support » Plugin: WooCommerce » Failed Orders – Fake Information

  • Resolved mywebmaestro


    This morning I had several clients report they’ve been seeing “failed orders” in their stores, where the payment failed and the info was obviously fake. (See below.) I haven’t found any reference to this online yet, but wanted to know if there’s a way to determine if this is a general software spam attack against woocommerce stores overall, or something specific to sites on my server. Has anyone else here seen this? Or is there some way I can determine more information and/or protect against it?

    Order info:
    bbbbb bbbbb
    74 xxxxxxx Rd
    EX14 5HN
    United Kingdom (UK)
    xxx xxxx xxxx (another one used

Viewing 9 replies - 151 through 159 (of 159 total)
  • @carike – That would be lovely if everyone could update WooCommerce, however, many sites aren’t in the position to suddenly update the whole WooCommerce library to apply a patch.



    @carike Great ! A billion $$$ company cannot pay staff to work correctly and rely on volunteers…
    I guess that you all support this ?!

    Thank you again @wigster for your help, are you going to edit your code to make it easy to add more @domain in case of future attacks ? It’s so weird that this kind of plugin has never been available until now ?!



    Unfortunately not many sites will become aware that they need to install an additional plugin either.
    Realistically, an update to security plugin firewalls have the highest probability of protecting the most sites.
    Some posters in this thread got their information from the NinTechNet blog.
    They have a WAF called Ninja Firewall in the plugin repository:
    There is no waiting period for their firewall rules, like with the free version of some other security plugins.
    People who have interacted with me before know that I am very weary of recommending specific plugins, but it may be a good idea for those who are interested in this thread to see if the current firewall rules for the above plugin already protect against this particular attack.
    There are also a number of other options (under Firewall Policies – Basic Policies – General) which may help protect sites.



    @celsta I think you may be confusing with is a non-profit organization that is a collaboration between various developers to create free opensource code.
    No one is anyone’s customer here.
    If you are using paid WooCommerce products, please make use of their support here:
    In the meantime, I am sorry you are having a hard day(s) because of the issues on your site, but you do not get to take your bad day out on me, or on anyone else here.

    @carike Thanks for helping out.
    I have tried that NinjaFirewall plugin and unfortunately it doesn’t (yet) solve the problem.
    The issue in this particular situation is it’s a pretty simple “hack”, and pretty hard to trace—it’s more of a spam technique than a true vulnerability.
    I have sites that are fully secure Cloudflare/Amazon WAF/Security plugins/Wordfence/WP Engine/Cloudways etc etc, and the spam orders will still get through as the IP’s they come from and user agents are easily spoofed.



    This Spam issue must be a serious issue.
    I will try the (@wigster) and see how it work on my site.



    I’m also using Woocommerce Stripe Gateway plugin, and have been hacked.
    So it must me something related to this plugin or Woocommerce itself.

    Plugin Support Mike Straw


    To prevent important updates from being buried in the other comments, we’ve requested that this thread be locked.

    Our team is actively investigating this, and an update will be posted as soon as one is available.

    If you have new information that can help, please contact us at > My Account > Support. You may need to create an account before you can access that page.

    If the information pertains to a WooCommerce vulnerability you’ve identified please report it via the HackerOne portal so it can be responsibly disclosed.

    For tracking purposes, please link to this forum thread.

    Internal tracking ID: p3btAN-1j5-p2

    Moderator Steven Stern (sterndata)


    Forum Moderator & Support Team Rep


    The problem is acknowledged and a fix is available.

Viewing 9 replies - 151 through 159 (of 159 total)
  • The topic ‘Failed Orders – Fake Information’ is closed to new replies.