Bogus order on site

[Guest]

Hi just got an order through my OSC store -

 

Delivery Address

------------------------------------------------------

qwerty qwerty

eeee eee

eerreww, 80800

Antigua and Barbuda

 

Billing Address

------------------------------------------------------

qwerty qwerty

eeee eee

eerreww, 80800

Antigua and Barbuda

 

Payment Method

------------------------------------------------------

Check/Money Order

 

Why would soembody place an order and open an account with these details?

 

It makes me nervous to think that perhaps they were trying to exploit the software somehow?

 

Please let me know what you guys think?

[Dolcev]

Maybe they are your competition looking at how your site works.

I've been guilty of doing the same myself on a few occasions before building a clients site.

It's just a healthy interest. Nothing to be alarmed with. ;)

[♥Vger]

This is just someone checking out your site. It's most likely someone new to osCommerce who wants to see how it works, maybe someone with a problem in their checkout trying to see where they are going wrong.

 

Vger

[Guest]

maybe they're collecting email addresses. If you want to at least eliminate bots try the vvc contribution.

[Dolcev]

maybe they're collecting email addresses. If you want to at least eliminate bots try the vvc contribution.

<{POST_SNAPBACK}>

 

I doubt a bot is going to fill out an order form on the off chance that their might be an email address it can harvest on the next page.

[Guest]

I doubt a bot is going to fill out an order form on the off chance that their might be an email address it can harvest on the next page.

 

well lets see:

- Some bot hijacks a machine with a valid email account

- Sends notification to the spammer who in turn visits your shop goes through the process of placing an order.

- You reply with an email thanking him for his order (automatically done)

 

And now he has a valid email address from your shop he could abuse. :o

or he could have the bot place the order since many osc stores do not use a visual verification code

[Dolcev]

well lets see:

- Some bot hijacks a machine with a valid email account

- Sends notification to the spammer who in turn visits your shop goes through the process of placing an order.

- You reply with an email thanking him for his order (automatically done)

 

And now he has a valid email address from your shop he could abuse. :o

or he could have the bot place the order since many osc stores do not use a visual verification code

<{POST_SNAPBACK}>

 

And Elvis is working in a bakery down the road from me <_<

If they were going to go to that much trouble it would probably be easier to fill out the contact form with a bogus querie and wait for a response.

[Guest]

people do very weird stuff. i used to get these all the time when i used to have a javascript shopping cart.

 

i still to this day don't have an explanation for it. my email i used on that store was hardly ever spammed

[Guest]

there is a lot of discussions about the contact_us page and many people have re-organized it not to send automatic emails or even taking it down. Bots also try everything, every form, every link available, advanced ones operate like spiders with integrated scripts to fill in every input value they see in html code.

 

By placing a vvc with your forms you're ruling out bots thats all. Simple & easy :D and you can only have the vvc on the login & create account, if all the other forms can only be submitted if someone is logged in. (That includes the contact us form)

 

see also these threads

http://www.oscommerce.com/forums/index.php?showtopic=162664

[Guest]

another good and very basic way to slow down (some) bad bots is to use the "noindex,nofollow" meta tag. google won't touch it, and most bad bots crawl google looking for these pages.

 

i have a somewhat insecure support ticket system (as in, basic authentication methods used for open a support ticket, etc. not all fields are checked before submission) - so it's the perfect exploit for a spammer.

 

i have all of the system noindex,nofollow. i've never been spammed by a bot once through there, nor have i ever had anything but a human click submit and have it successfully send through :D

 

the 1 form i left open (no meta tag) i averaged 10-20 [email protected] emails.

[Guest]

"noindex,nofollow" meta tag. google won't touch it,

 

That's interesting because you could then answer my question I posted here

 

http://www.oscommerce.com/forums/index.php?sho...ndpost&p=706202

 

how its possible?

[Guest]

i never seen that :)

 

i just assume that unless the FULL meta tags are there, google will do as they please with it. what did the meta tags in question, look like?

 

i generate my meta tags through htmlbasix.com in hope that google and other spiders will do as i ask. i do not use partial meta tags like most of the SEO contributions here offer.

 

i'm not 100% sure how google works, and i don't think very many others do either. so i play it safe and assume meta tags are as big as they are for a reason :D

[Guest]

You can check my pages with forms for the metatags. They do indicate noindex,nofollow. I have a suspicion but havent verified it yet. Even if you have the noindex,nofollow if someone else (another site) places a link directly to such page or a spider goes through a redirection it may happen. But its just a hunch I am not sure yet.

 

There are always ways to deal with it :D

[Guest]

you have a lot less in your meta tags than i do.

 

yours:

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

  <title>your title</title>

  <meta name="robots" content="noindex,nofollow">

<base href="http://www.yourwebsite.com">

<link rel="stylesheet" type="text/css" href="stylesheet.css">

</head>

 

 

mine:

 

<title>Contact Me</title>

<META HTTP-EQUIV="Content-Type" content="text/html; charset=iso-8859-1">

<META NAME="Copyright" content="me">

<META HTTP-EQUIV="content-language" content="EN">

<META NAME="Rating" content="General">

<META NAME="Designer" content="me">

<META NAME="Keywords" CONTENT="contact">

<META NAME="Abstract" content="contact">

<META NAME="Title" content="my title">

<META NAME="revisit-after" content="7">

<META NAME="Robots" content="noindex,nofollow">

<META NAME="Description" Content="Got a question? Email me">

<META HTTP-EQUIV="Cache-Control" content="no-cache">

<META HTTP-EQUIV="Expires" content="0">

<META NAME="Author" content="me">

<base href="http://www.mysite.com/">

<link rel="stylesheet" type="text/css" href="stylesheet.css">

</head>

 

i've used this for over a year now, my support and contact pages do not get spammed, the only pages that are in google are my opening contact page (which explain the support ticket system). the actual open ticket and ticket pages are not there :)

 

try the full meta tag for a few weeks and see if your contact page disappears from google's index

[Guest]

Thanks, I changed my tags I added the no-cache ones, just in case, as you had more or less. I guess I will find out once the spider comes back :blink: