the same here, 3 orders in the last 24h from above “customer”
One of our woocommerce has also encountered this, the origin was an IP in Germany so we have blacklisted the IP and watching activity a little closer! There is a known bot that has been active in the last 3 days which may be related.
One of our clients had 3 spam orders.
Just to find out some general relation here: where is the site hosted?
Our case is hosted on Siteground; i’ve read in this thread Siteground a few times.
Did it happen on other hosting platforms? (just curious)
@joopleberry No problem, glad I could help!
@davelo There doesn’t seem to be much correlation with regards to hosting service so far.
I’m also having same issue. Already got 3 orders.
My hosting is Flywheel so definitely no correlation to hosting service as @paski1993 says. I did install the free “Advanced noCaptcha & invisible Captcha” plugin this morning (only enabled for the registration form) but as yet – no fake accounts or orders…but time will tell if the bot carries on.
It’s definitely not a hosting issue. I host my own sites, and everyone here has different providers. I think the recaptcha plugin may help, though quite honestly I’ve been seeing spammers break through recaptcha the last few months through Gravity Forms and I’m told there’s nothing that can be done about it without locking things down so tight that you start getting lots of false positives. Though, Gravity Forms only supports v2, and maybe v3 of recaptcha would work better – I’m unsure of whether the recaptcha plugin I installed that works with WooCommerce allows for v3 or not. I will have to check.
In the past week I’ve 3 of these fake orders with the same info as the OP. In addition, I found that along with each of the orders, a new WordPress User account was created with the Role set to Customer. Right after the 3rd Fake Order, my WAF blocked a rankmath attempt. (was blocked by firewall for WAF-RULE-233 at https://blackwatercreatures.com/wp-json/rankmath/v1/updateMeta) What’s even more interesting, while typing this post, I’ve been hit with 15 of these rankmath hits. Three cheers for Wordfence.
Bob
@abbuzz and @desry created accounts on my website yesterday. If anyone finds a way to stop these fake accounts/orders to be created please share, would be really helpful.
My website also had 4 orders like that in the last 3 days. Don’t know how to solve this problem
Also received an order that used the same information. Googled it and found this post.
I disabled the “PayPal Checkout” payment option and have gone through “PayPal Standard” instead. Not sure if that will help.
Also, I use the “Sucuri Security – Auditing, Malware Scanner and Hardening” plugin, and realized I had not requested an API key, which I now did. Just make sure to turn off alerts for super mundane stuff.
I have also had the same failed attempts. I have looked around and there is a plugin called Ban HammerBan Hammer which I haven’t yet used. In order for it to work with woocommerce you need a hook which can be seen here https://github.com/Ipstenu/ban-hammer/wiki#woocommerce
I had the same issue, two orders from spam accounts with @abbuzz.com as the email 24 hours apart. Hosting is with SiteGround.
On the advice of people on this thread I installed Wordfence and Advanced noCaptcha & invisible Captcha and haven’t had any suss orders since… I don’t know if that is luck or enough to prevent any new attempts
If you are running the free version of Wordfence, I would recommend manually refreshing the firewall rules every so often. Automatic refreshes occur on a weekly basis, and with all this going on, you want to be as safe as you can. I’ve had 45 of the rankmath hits in the last 24 hours. My last Fake Order was 2 days ago. NoCaptcha may be helping there. I’m still trying figure out how the WordPress User accounts got created. Not many people have reported them. Store accounts yes, but not User accounts.
Bob
