Announcement

Collapse
No announcement yet.

Hundreds of Spam Orders

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Hundreds of Spam Orders

    Morning everyone. I have a nasty problem I hope someone might be able to offer a solution to. The past two nights a spam bot has generated hundreds of orders on my website, last night almost 500 in the space of an hour. It has taken a long time to download them all as I always get a "server reset the connectiont" message whenever I do anything. What can I do to stop this spam attack? It is clearly going to come back as it has two nights in a row. I see certain things are changed, such as email addresses, and card details also, so maybe the bot is checking stolen card details. It is going to break my site at some point. Sagepay is chosen as the payment menthod. I am considering adding a captcha at checkout. This is the first time in 20 years I am seeing this. Have any of you had the same problem, and what did you do to stop it?
    Many thanks in advance for any help.

    Karen
    Kind Regards Karen
    Tags: None
    #2
    I didn’t have orders but I was receiving hundreds of hits showing up on my live analytics from Germany. So much so that my visits for the day were tremendous.

    My site uses Cloudflare so I just setup a bot check for Germany and the hits stoped immediately. I have had similar before with Hong Kong and Singapore which are also restricted with a bot check.
    Regards

    Jason

    Comment

      #3
      Hello Karen

      If you are still getting these spam orders perhaps you should consider suspending orders - Business Settings | Ordering while you are trying to get the issue resolved, or at least to cover the times when the spam orders are being received.

      You may also consider setting up a temporay header message on your website pages like the one set out in KB post below with text amended to keep customers informed:

      https://community.sellerdeck.com/for...d-on-each-page

      This may or may not stop them.

      ... and consult your domain host / SiteLock SECURE to try and identify the spam bot that is causing the problem to see if they have a means of putting protection in place to block this kind of attack.

      I am not in a position to provide qualified guidance, however, for for your information there were a number of PCI site vulnerability scan fail issues for Sellerdeck sites identified in May 2024 and I found the KB posts in the links below helpful in getting these resolved and these just may help prevent the kind of attack you experienced if not in place for the version of Sellerdeck you are using:

      https://community.sellerdeck.com/for...nce#post557146

      https://community.sellerdeck.com/for...s-pci-dss-scan

      If you are not familiar with making the changes suggested then your host provider or site developer may be able to help.

      Always make a backup copy of any file before changing just in case of problems so that the original can be re-instated and recovered.

      Kind regards
      Martin

      Comment

      Previous template Next
      Working...
      X