Some People Are Just Soooo Funny?.!

[Naegle]

Looks like I?ve got some kid with lots of spare time on his hands filling out bogus orders on my site. He submits orders with bogus emails and addreses and he?s favorite methods are payment by Check/COD or my ?Request for Quote? contribution.

 

The sad part is, I?ve been running my store months with both contributions, and have had NO problems with abuse. It wasn?t until last night when I POSTED the contribution that I started to receive a half a dozen bogus orders from a US ip, and now again this morning.

 

Which leads me to believe its some wonderful community member.

 

What can I do? I can block his ip address but that?s not real fix.

 

Suggestions?

[dave111]

I had someone doing this with a contact form on of my sites (not an OSC contact, just a form). Turns out they must have written a script to automatically submit variables to my site.... this could be the same with yours.

 

Try adding something like this to your create_account.php

 

<?php
$referer = $_SERVER['HTTP_REFERER'];
if (($referer == 'http://yourdomain.com/create_account.php') || ($referer == 'http://www.yourdomain.com/create_account.php')) {

 

Above

	if ($error == false) {
  $sql_data_array = array('customers_firstname' => $firstname,
						  'customers_lastname' => $lastname,
						  'customers_email_address' => $email_address,

 

And add a

}

 

Below

   tep_redirect(tep_href_link(FILENAME_CREATE_ACCOUNT_SUCCESS, '', 'SSL'));
}
 }

 

This would be they would be unable to create an account from an external script.

 

 

However if they are actually going through the create account form manually each time... well i'd just keep blocking the IP each time they change it...and they will get bored after a while.

[kwalker]

Hello all,

 

If I may, let's not forget:

 

1. People coming to your site and "testing" what they know that you have working and they may want to see it in action.

 

2. Cart abandonment: From what i've read and it made sense to me is that people will go to your site, and fill out every single detail on the order form.... just to get the FINAL PRICE. Then they move on. It happens.

 

Naegle,

 

You did say it started after you posted your contribution. i'm 1st to think that people were trying out your contribution, if that was what your post was about.

 

Then again, it could have been people constantly forgetting their keys on the keyboard........ >_<

 

There are scripts and so on out there that can verify the email address even before it submits it to you.

 

 

Kevin

[Fredrik.r]

Try Blacklist

[Naegle]

Hello all,

 

If I may, let's not forget:

 

1. People coming to your site and "testing" what they know that you have working and they may want to see it in action.

 

2. Cart abandonment: From what i've read and it made sense to me is that people will go to your site, and fill out every single detail on the order form.... just to get the FINAL PRICE. Then they move on. It happens.

 

Naegle,

 

You did say it started after you posted your contribution. i'm 1st to think that people were trying out your contribution, if that was what your post was about.

 

Then again, it could have been people constantly forgetting their keys on the keyboard........ >_<

 

There are scripts and so on out there that can verify the email address even before it submits it to you.

Kevin

 

Kevin,

 

You do have a valid point. I have no problem with someone testing the check-out process, and I do have people register just to get the final price, but this case is diffrent. It may be someone testing the process, and if it is, I apologize.

 

But you dont have to check out with 9,999,999 peices of multiple items, use random keystokes for the address information, like....

 

asdfasdf asd

lksjfalsd

kjlkjl

lakdsjflasd, 99999

virginia, Uganda

Telephone Number: 00000000000

E-Mail Address: [email protected]

 

and then repeat the process 1/2 a dozen times. THAT SCARES PEOPLE. My first thought was somebody was trying to hack my store, and there are alot of cases of credit card fraud out there. Maybe I over reacted, but I do worry about the security of my site.

 

PLEASE.. If your going to test a site, at least leave a note in the comment box. It would also be nice to use a real name, and don't order millions of items at once...Please!

 

- Dan

[kwalker]

Dan,

 

I couldn't agree with you more. Yeah,, come on in and test it out.. Play around if you want, but come on now people...... don't keep repeating it over and over again. I feel you on that one.

 

Are the submissions "exactly" alike? or slightly different?

 

If exactly alike, I would suspect someone may have on a auto form-fill-in to do it.

 

I think there is a way to limit how many items a person can get,,, or at least, that sounds like a good idea for shop owners to control.

 

 

Kevin

[Naegle]

Dan,

 

....

 

If exactly alike, I would suspect someone may have on a auto form-fill-in to do it.

 

I think there is a way to limit how many items a person can get,,, or at least, that sounds like a good idea for shop owners to control.

Kevin

 

 

Each order was diffrent, and the user loged in for 10 - 20 minutes when submitting the orders. I'm assuming this was someone having a little fun. The ip address is blocked and hopefully it won't happen again.

 

- Dan

[Naegle]

:angry: This just keeps getting sweeter!

 

I just noticed that many of my products are now listed as inactive or have quanties of 2147483646!

 

I had cancelled the orders but, Im wondering if the multi-million peices through oSC for a loop. No I've got to go in and manually update my products!

 

Grrrrrr!

[HSMagic]

There must be something in the air... "asdfasdf asd" was shopping at my store yesterday and placed quite a few orders as well.