SPAM orders (from Russia ? )

Justin Smith

Free Member
Jun 6, 2012
2,748
398
Sheffield
I have just had two SPAM orders in the last 5 hours from - I think - Russia (one had a .ru Email address).
Both payments failed (via STRIPE my website's online payments portal) but it is worrying if these orders are an advance guard of many more (possibly because I have a Ukraine flag on my site ? ).
Both delivery addresses have genuine postcodes but everything else is gobbledegook, the customer names, and road names are just random letters, and neither of the phone numbers on the orders exists (a phone number is a required field on the order).
My site is written in Wordpress.

Has anyone else had this ?
Should I be worried ?
What can I do if the problem escalates ?
 
As it appears they have been caught before you sent anything, it seems your systems are working.

Where did the visitors come from? IP Address?
 
Upvote 0

ukwebhosting

Free Member
  • Business Listing
    Jun 9, 2011
    249
    67
    UK
    Hi,

    You could try adding a plugin like this that would enable captcha protection


    You could also make use of Cloduflare for your DNS and proxy your traffic through them as they will filter a lot of bot traffic.

    Thanks

    Paul
     
    Upvote 0

    Justin Smith

    Free Member
    Jun 6, 2012
    2,748
    398
    Sheffield
    As it appears they have been caught before you sent anything, it seems your systems are working.

    Where did the visitors come from? IP Address?
    Customer IP: 91.246.51.45
    Customer IP: 31.134.11.29

    They don't mean anything to me however !

    Apparently these orders may be (it's an AI generated answer) :

    This situation strongly indicates fraudulent activity, likely a card-testing scam or a triangulation fraud attempt.
    Why This Is Happening
    • Card Testing: Fraudsters use your checkout to test stolen credit cards using automated bots.
    • Fake Details: They use random UK addresses and temporary Russian (.ru) emails to bypass basic geographical filters.
    • Target Validation: If the transaction goes through, they know the stolen card is active and valid for larger purchases elsewhere.
     
    Upvote 0

    Justin Smith

    Free Member
    Jun 6, 2012
    2,748
    398
    Sheffield
    Hi,

    You could try adding a plugin like this that would enable captcha protection


    You could also make use of Cloduflare for your DNS and proxy your traffic through them as they will filter a lot of bot traffic.

    Thanks

    Paul
    Does that put off customers though ? And would it affect Google ranking / crawling ?
     
    Upvote 0
    They are USA IP addresses, so, as per your AI info, it is probably just some card fishing.

    Stripe should pick these issues up, however, additional protection like Cloudflare, as suggested, will also help.
     
    • Like
    Reactions: Justin Smith
    Upvote 0
    Believable post code but the rest of the address just junk
    That's because the postcode is used in card verification, but not the rest of the address.
     
    • Like
    Reactions: ctrlbrk
    Upvote 0

    Latest Articles