Site under attack - Please help

[Gauravk]

Since the last 3 days, we have had tons of guest checkout resulting in 700+ abandoned carts. 

Anyway to stop that, please help.

[Marc Stridgen]

Only really to force an account to purchase, unfortunately. It may be better trying to locate the IPs of  these guests and blocking at a server level though

[Gauravk]

Thanks Marc, any help on how to identify the guest IP making checkout, so we can block at server level?

Also I hope it's not IPS but that making 1 checkout re occur few times, as when I make a guest checkout with incognito mode, it made same subrictiption checkout few times after few minutes. Can you please confirm on this as well?

Thanks in advance. 

[Jim M]

7 hours ago, Gauravk said:

Thanks Marc, any help on how to identify the guest IP making checkout, so we can block at server level?

Invoices would not log the IP address of the user, I'm afraid. You would need to check if there were any error logs or check your server's access log.

7 hours ago, Gauravk said:

Also I hope it's not IPS but that making 1 checkout re occur few times, as when I make a guest checkout with incognito mode, it made same subrictiption checkout few times after few minutes. Can you please confirm on this as well?

There is no known bug which would create multiple invoices/purchases through guests checking out and registering.

[elonegenio]

What you need to do is only permit registered users to make a purchase. Do not allow guests to make a purchase.

We got hit several yrs ago with a similar situation. We got attacked in our donation prompt as we permitted guests to make donations. Big mistake. Inivision did a fix in commerce where only registered users (not guests) could access the donation box. 

 

Edited December 14, 2023 by elonegenio