Block Multipurchase working properly?

Author	« Topic »
ekrzycki Advanced Member USA 351 Posts Pre-sales questions only (More Details...)	Posted - 03/26/2021 : 12:45:35 Had a carder hit my site -- IP finally got blocked by multipurchase. I have block set: blockmultipurchase=10 But they managed to perform 498 checkout attempts Anybody else see anything like this?
Vince Administrator 42768 Posts	Posted - 03/27/2021 : 02:02:50 Hi there Are they spoofing the IP address maybe? Check on the admin orders page to see if there is a different IP address per order. Or are you maybe saying there was only one order but they hit the payment provider 498 times? Vince Click Here for Shopping Cart Software Click Here to sign up for our newsletter Click Here for the latest updater
ekrzycki Advanced Member USA 351 Posts Pre-sales questions only (More Details...)	Posted - 03/27/2021 : 09:51:46 One order - appears to be 498 attempts at checkout for same order.
sparksm2 Starting Member USA 38 Posts Pre-sales questions only (More Details...)	Posted - 03/28/2021 : 09:13:47 I also have seen similar activity recently. I have mine set to 20 on the multipurchase but have seen 100's come through before it triggers anything. Then they swap IP and run a few more hundred before they get blocked.
ekrzycki Advanced Member USA 351 Posts Pre-sales questions only (More Details...)	Posted - 03/28/2021 : 10:55:56 More details - The interesting thing that I forgot to mention - I have checkout disabled when this occurred: I had 'minpurchaseamount=9999999' within includes.asp along with a minpurchasemessage note stating that I was temporarily closed. Appears to have been same IP, order was for $0.50 which was the 50cent handling fee that is added to every order's shipping. Only a few items were in the order including items that are out of stock. All quantities were for qty of zero. And no Modification warning. 498 attempts at checkout. Running ver 7.2.5, have not had time to update to current.
ekrzycki Advanced Member USA 351 Posts Pre-sales questions only (More Details...)	Posted - 03/28/2021 : 17:58:45 And did some more digging. It is very similar to this one: https://www.ecommercetemplates.com/support/topic.asp?TOPIC_ID=109230 All information - address, phone, etc is the same except for the name. But IP says VietNam (for what that's worth). Address is a Chinese food restaurant in San Francisco - that is the only real thing in the order. 498 checkout attempts reported. Hard to say if any actually got to Paypal, certainly none finished checkout. A web search says this address & phone number is the default used by a hacked version of Acunetix Pen (penetration test) software. Original poster referenced the use of CAPTCHA. I thought I did... but noticed it was turned off for checkout. Turned CAPTCHA back on and hope to never see it again.
	« Topic »