Phillyman Posted August 21, 2022 Posted August 21, 2022 How can I delete in mass, pending invoices. Someone was hitting my site creating invoices, made about 1500 pages worth of them, each page has like 20 of them. They used the same name on all of them, I just want to purge those pending invoices from my database records. Senior2323 1
JohnDar Posted August 21, 2022 Posted August 21, 2022 Similar issue here. 2000 pages of failed (blocked) card transactions. Senior2323 1
Phillyman Posted August 21, 2022 Author Posted August 21, 2022 yeah we need a pending cleanup, like a task to delete pending invoices after X days, or captcha on the invoice generation page. AlexJ and Senior2323 2
JohnDar Posted August 24, 2022 Posted August 24, 2022 (edited) My issue is a little more sinister. The site was being used for 'card testing' by fraudsters. They were firing thousands of £1 payments from different credit card numbers through the Stripe integration (about 10 per second) using the Donation Goals system. This killed the site completely and I had to mitigate via the host's CP, blocking the offending IPs being used by the bots. They were doing this in order to discover which of the cards weren't blocked. Of the 48,000 odd transactions, only 31 were accepted but I still have 48,000 blocked transactions in my log. I have been advised by Stripe to refund the 31 good transactions to prevent any disputes, but that means I'm still out-of-pocket for the fees. Thank goodness most of them didn't get through. IMHO we desperately need something adding in as friction to prevent this. Either captcha or the means to exclude Guests from accessing the Donation Goals block and subsequent form fields. Even the ability to exclude Cards as a payment option for Donation Goals and any other public facing products/services would be a step forward. Edited August 24, 2022 by JohnDar Senior2323 1
Phillyman Posted August 24, 2022 Author Posted August 24, 2022 Oh my god, that may have been what was happening to me!!!!! The same day, I had like 41 guests that did $1 charges. I just figured I got mentioned somewhere, never put them together! Senior2323 and JohnDar 2
JohnDar Posted August 24, 2022 Posted August 24, 2022 Good news. This issue is being addressed in the next update (4.7.2). It will no longer be possible for non-members to Donate. Senior2323 1
Phillyman Posted August 24, 2022 Author Posted August 24, 2022 1 hour ago, JohnDar said: Good news. This issue is being addressed in the next update (4.7.2). It will no longer be possible for non-members to Donate. Should be donate or buy, what if you have a cheap $5 product, and they just hammer that all day long Senior2323 1
SeNioR- Posted August 25, 2022 Posted August 25, 2022 Hi. You can use the following query: DELETE FROM `nexus_invoices` WHERE `nexus_invoices`.`i_status` = 'expd' or 'canc'; ref: delete expired or canceled Invoices | Invision Community Senior2323 1
JohnDar Posted August 26, 2022 Posted August 26, 2022 On 8/24/2022 at 11:58 PM, Phillyman said: Should be donate or buy, what if you have a cheap $5 product, and they just hammer that all day long You could probably prevent this for purchases using Payments > Settings > Anti Fraud Rules. Maybe set the value for the lower priced items and then a rule that rejects after one blocked payment. Another option would be to block payments from Guests altogether. Daniel F and Senior2323 2
Daniel F Posted August 26, 2022 Posted August 26, 2022 On 8/25/2022 at 12:58 AM, Phillyman said: Should be donate or buy, what if you have a cheap $5 product, and they just hammer that all day long Donations work different to purchases in IPS, which was the reason why it was so easy to abuse the system as guest, hence our change to allow it only for members SeNioR- and Senior2323 2
SeNioR- Posted August 26, 2022 Posted August 26, 2022 (edited) It seems to me that the biggest problem is that donations cannot be set only for logged in users and do not have any CAPTCHA security. Through site.com/clients/donations/ you can create thousands of pending invoices as guest. Edit: 17 minutes ago, Daniel F said: hence our change to allow it only for members very good decision 👍 Edited August 26, 2022 by SeNioR- Senior2323 1
AlexJ Posted August 26, 2022 Posted August 26, 2022 (edited) On 8/24/2022 at 5:52 PM, JohnDar said: Good news. This issue is being addressed in the next update (4.7.2). It will no longer be possible for non-members to Donate. That's bad actually - why would you want to force donors to register. Then deal with forum account deletion request... Just don't save any pending invoice/transaction for guest. If transaction is not completed, it's not completed. Edited August 26, 2022 by AlexJ SeNioR- and Senior2323 2
Phillyman Posted August 26, 2022 Author Posted August 26, 2022 23 minutes ago, AlexJ said: That's bad actually - why would you want to force donors to register. Then deal with forum account deletion request... Just don't save any pending invoice/transaction for guest. If transaction is not completed, it's not completed. I am just going to have another button for Paypal for guest donations. Senior2323 1
AlexJ Posted August 26, 2022 Posted August 26, 2022 Just now, Phillyman said: I am just going to have another button for Paypal for guest donations. That's a problem right? To fix one problem, now you need to add another guest donation button.... Senior2323 1
opentype Posted August 26, 2022 Posted August 26, 2022 It’s a quick “fix”, but a proper guest checkout should come anyway to comply with EU regulations. https://invisioncommunity.com/forums/topic/467795-commerce-app-requirement-for-guest-checkout/ SeNioR-, TDBF, Senior2323 and 1 other 2 1 1
Phillyman Posted August 26, 2022 Author Posted August 26, 2022 24 minutes ago, AlexJ said: That's a problem right? To fix one problem, now you need to add another guest donation button.... Somewhat, I mean if I want people to be able to donate crypto, I have to have something for that anyhow. So might as well give an option for account-less donations. Senior2323 1
AlexJ Posted September 9, 2022 Posted September 9, 2022 On 8/25/2022 at 10:13 PM, Daniel F said: Donations work different to purchases in IPS, which was the reason why it was so easy to abuse the system as guest, hence our change to allow it only for members I saw a note in release notes. Can you please re-evaluate this fix? I don't want to FORCE users, just to donate on our site. I also host my site in Europe but I am from US and not fully aware of EU regulations .. but what opentype is saying is true, I will have another issue to deal with. Please review your changes. - Thanks On 8/26/2022 at 2:20 PM, opentype said: It’s a quick “fix”, but a proper guest checkout should come anyway to comply with EU regulations. https://invisioncommunity.com/forums/topic/467795-commerce-app-requirement-for-guest-checkout/ Senior2323 1
SeNioR- Posted September 9, 2022 Posted September 9, 2022 (edited) 5 hours ago, AlexJ said: Can you please re-evaluate this fix? I don't want to FORCE users, just to donate on our site. The best option would be to select a group that would have access to the page Edited September 9, 2022 by SeNioR- teraßyte and Senior2323 1 1
AlexJ Posted September 10, 2022 Posted September 10, 2022 On 9/9/2022 at 4:22 AM, SeNioR- said: The best option would be to select a group that would have access to the page Means? Can you please elaborate.
Recommended Posts