Anche io ho ricevuto stesso ordine di 390€ ma da email ryakjqdrawhi@abbuzz.com
@beingchosen1 I did manage to clean the site up, somehow they had gotten into the db and changed the siteurl so the site kept getting redirected. I have no clue how they did that as I have security plugins installed already!
Funny enough another friend’s site who’s also on cloudways got hacked the same way!
Same thing happened to my site yesterday. Same fake address. Two orders back to back that resulted in “Unpaid order cancelled – time limit reached”
Any idea what this could be? Almost like like a broad attack attempting data breech?
I’m unfortunately using hostgator and have wanted to switch due to speed issues, this may be the push of they are allowing attacks like these.
-
This reply was modified 3 years, 1 month ago by
fcrowe.
We’ve got another one just now. Different address now. Theresa May decided to buy some gin from my client! Payment is pending. So are solutions to the problem
Teresa May
10 Downing Street
Westminster
london
SW1A 2AB
Email address:
fake@fakemail.org
Phone:
2072229000
I had a failed order yesterday with similar info to the OP as well.
At the exact same time that failed order came in, my WAF blocked two attempted attacks from the same user/IP (bbbb bbbb) for “TI WooCommerce Wishlist < 1.21.12 – Authenticated WP Options Change”
I looked into this and it seems like there was an exploit in that TI WooCommerce Wishlist plugin about a week or two ago, so it’s likely that this attacker is probing for older versions of that plugin (though I don’t have that plugin).
More info on the exploit here: https://blog.nintechnet.com/critical-zero-day-vulnerability-fixed-in-wordpress-ti-woocommerce-wishlist-plugin/
@joopleberry You may want to check if that is how the attacker was able to gain access – through that plugin.
Had one on my site today, the 74 Eastbourne Rd one
Blocked the IP on wordfence, not sure how effective that will be
IP is 128.199.20.91
What IP address is everyone else getting?
-
This reply was modified 3 years, 1 month ago by
mattjuk81.
The IP addresses change, so it won’t be super effective to block just based on IP I think. You’d probably have to do entire regions.
I’ve had the same, one order, the bbbbbb one EX14
I’ve cancelled it.
Not sure what to do aside from that. What are you all doing? Use the plugin to block them?
How do they gain access to the website simply from placing an order?
On a lighter note, am slightly gutted as they ordered a product I had only just launched! I thought it was my first order #dontcrackopenthechampagneyet
Because I’m a newbie, non techy kind of website owner I’m looking to do these:
https://www.wpbeginner.com/wordpress-security/
I’ve had 2 about 24 hours apart. It looks like stripe is doing its job by detecting them as failed, although I wish there was more information on origin / credit card used etc. From working on big (£k m) sites in a past life these things happen quite regularly. I suspect someone has found a way to place lots of woocommerce orders with a bot – especially as I saw no analytics activity for either.
As long as the payment doesn’t go through I wouldn’t worry too much. If it does then cancel and refund otherwise it will go to chargeback when fraud is detected. This can, in extreme cases, get your site blacklisted by the payment provider.
Same here!
Glad I found this post, seems like a bot purchase with some variables.
I am also having this problem, I have had 4 orders in the last couple of days:
bbbbb bbbbb
74 Eastbourne Rd
ROBOROUGH
EX14 5HN
078 1369 7987
lfhehxnrekbj@abbuzz.com
They have used a different email each time but always abbuzz, I’ll ignore for now if Stripe is doing it’s part and marking as failed, I also have plug-in “Akismet” which helps prevent hackers. I’ll keep looking into other ways of preventing this and I’ll keep all plug-ins up to date if they’re looking for out of date ones.
Thanks for this information – at least I know it’s not just me (as bad as that may sound!)
-
This reply was modified 3 years, 1 month ago by
Victoria.
Hey guys,
I’m installing this on WooCoommerce as it works for checkouts: https://en-gb.wordpress.org/plugins/advanced-nocaptcha-recaptcha/
It’s also free.
Let me know your measures also!
Same here! 2 orders, the first one about one week ago… If you find a solution I’d be quite happy to know!
