• Resolved rafaelzrt

    (@rafaelzrt)


    Hello!

    I had an incident where spam users got registered on my ecommerce and tried to place orders with fake credit cards, they tried several orders that got refused by credit card. They all have failed but they didn’t got blocked in any time.

    I’ve had configured in WMFO to block after 3 fraud attempts but it didn’t worked. User didn’t got automaticly blocked even after 40 orders. And log didn’t registered anything.

    I don’t know if I got it how the plugin works. It should have blocked the user after 3 failed payments, right? What could I check to see what went wrong to the plugin doesn’t work?

    Thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author prasidhda

    (@prasidhda)

    Hi @rafaelzrt ,

    Thanks for trying out the plugin.

    This plugin blocks the users after predefined failed attempts exceeded with the assumption that humans attempted it. It’s pretty normal scenario how customer tries to create fraud attempts manually from the browser.

    However when it is BOT attempting the fraud orders, they will try to create the fraud order by changing all params like IP address, name, phone, email, phone etc in every fraud attempt. So, It will be very hard to recognize such fraud patterns.

    I am still trying to trying to find out the pattern for BOT fraud orders. I am doing research on that. If you have any idea, please feel free to suggest.

    Many Thanks

    Plugin Author prasidhda

    (@prasidhda)

    Hi again @rafaelzrt ,

    As I mentioned in the previous comment, the spam orders can be of any combination of user data generated by BOT. So I think there is no 100% guaranty that we can block every spam orders. However, what we can do is MINIMIZE the probability of spam orders.

    Suggestion:
    This plugin have the ability to block the orders by email domains. You can add any number of suspicious email domains in the plugin setting. Some domains are listed here https://github.com/tsirolnik/spam-domains-list/blob/master/spamdomains.txt.
    Additionally, you can find such domains from the spam orders you are getting in your store and add them too.

    You can find the setting at WP ADMIN > WooCommerce > Setting > WMFO TAB > Blacklisted Email Domains.
    You should each domain in new line in the setting.

    I hope this helps you.

    Thread Starter rafaelzrt

    (@rafaelzrt)

    Hello @prasidhda
    Thank you for the reply, with your explanation I understood the purpose of the plugin.

    I have another question. In the option ‘Number of allowed Fraud Attempts’ as I understood it blocks the user to make a new order only if this user has previous failed orders, right? But it doesn’t prevent the user to attempt several card payments in the same order. Couldn’t the plugin block the user to attempt more than X payments? For example if the user tries to make payment and fail 3 times, it blocks the user or change the order to failed.

    Would that be a good suggestion for feature? Or is that something out of reach of your plugin and only the gateway plugin could do?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Spam User Not Blocked’ is closed to new replies.