SPAM orders (from Russia ? )

Justin Smith · Jun 17, 2026

I have just had two SPAM orders in the last 5 hours from - I think - Russia (one had a .ru Email address).
Both payments failed (via STRIPE my website's online payments portal) but it is worrying if these orders are an advance guard of many more (possibly because I have a Ukraine flag on my site ? ).
Both delivery addresses have genuine postcodes but everything else is gobbledegook, the customer names, and road names are just random letters, and neither of the phone numbers on the orders exists (a phone number is a required field on the order).
My site is written in Wordpress.

Has anyone else had this ?
Should I be worried ?
What can I do if the problem escalates ?

Paul Kelly ICHYB · Jun 17, 2026

As it appears they have been caught before you sent anything, it seems your systems are working.

Where did the visitors come from? IP Address?

ukwebhosting · Jun 17, 2026

Hi,

You could try adding a plugin like this that would enable captcha protection

Advanced Google reCAPTCHA

Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.

wordpress.org

You could also make use of Cloduflare for your DNS and proxy your traffic through them as they will filter a lot of bot traffic.

Thanks

Paul

Justin Smith · Jun 17, 2026

Paul Kelly ICHYB said:
As it appears they have been caught before you sent anything, it seems your systems are working.

Where did the visitors come from? IP Address?

Customer IP: 91.246.51.45
Customer IP: 31.134.11.29

They don't mean anything to me however !

Apparently these orders may be (it's an AI generated answer) :

This situation strongly indicates fraudulent activity, likely a card-testing scam or a triangulation fraud attempt.
Why This Is Happening
• Card Testing: Fraudsters use your checkout to test stolen credit cards using automated bots.
• Fake Details: They use random UK addresses and temporary Russian (.ru) emails to bypass basic geographical filters.
• Target Validation: If the transaction goes through, they know the stolen card is active and valid for larger purchases elsewhere.

Justin Smith · Jun 17, 2026

ukwebhosting said:
Hi,

You could try adding a plugin like this that would enable captcha protection

Advanced Google reCAPTCHA

Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.

wordpress.org

You could also make use of Cloduflare for your DNS and proxy your traffic through them as they will filter a lot of bot traffic.

Thanks

Paul

Does that put off customers though ? And would it affect Google ranking / crawling ?

Paul Kelly ICHYB · Jun 17, 2026

They are USA IP addresses, so, as per your AI info, it is probably just some card fishing.

Stripe should pick these issues up, however, additional protection like Cloudflare, as suggested, will also help.

wayzgoose · Jun 17, 2026

We also had to set up cloudfare. Was receiving multiple order attempts every day through Paypal. Believable post code but the rest of the address just junk. Set up cloudfare when one spam order actually got through.

Paul Kelly ICHYB · Jun 17, 2026

wayzgoose said:
Believable post code but the rest of the address just junk

That's because the postcode is used in card verification, but not the rest of the address.

ukwebhosting · Jun 17, 2026

Justin Smith said:
Does that put off customers though ? And would it affect Google ranking / crawling ?

Hi

It's is all done in the background now no more select all bridges or whatever.

It will not affect Google Ranking.

Thanks

Paul

Justin Smith · Jun 17, 2026

ukwebhosting said:
Hi

It's is all done in the background now no more select all bridges or whatever.

It will not affect Google Ranking.

Thanks

Paul

Thanks for that, but don't viewers have to click "I am a human" (or whatever) ?
Just to clarify the system does not stop the Google search crawler ?

ukwebhosting · Jun 17, 2026

Hi

"It's is all done in the background now no more select all bridges or whatever."

All seamless, it doesn't stop the google crawler, the captcha is a google product.

Thanks

Paul

DontAsk · Jun 17, 2026

I get loads of fake registration attempts but I have code to block the dodgy names and also block all .ru so very few of them succeed.

Search

Search

SPAM orders (from Russia ? )

Justin Smith

More options

Paul Kelly ICHYB

More options

ukwebhosting

Advanced Google reCAPTCHA

More options

Justin Smith

More options

Justin Smith

Advanced Google reCAPTCHA

More options

Paul Kelly ICHYB

More options

wayzgoose

More options

Paul Kelly ICHYB

More options

ukwebhosting

More options

Justin Smith

More options

ukwebhosting

More options

DontAsk

More options

Latest Articles

Cookie Consent

Essential

Analytics

Marketing

SPAM orders (from Russia ? )