btconline
Forum Replies Created
-
Forum: Plugins
In reply to: [WooCommerce] Legacy order data blank since 9.7.0 or 9.7.1 upgradeFurther testing update – after looking into similar complaints, it appears this was possibly some sort of bot attack. Although I have wordfence and cloudflare bot protection enabled, these were appearing at such a slow pace it did not appear to be triggering their protection mechanisms.
I’ve implemented a simple human verification check into the woocommerce checkout page and the exposed new user registration form, using the “No-Bot registration” plugin, which appears to have stopped the flow of fake orders & customers
Have re-upgraded to 9.7.1 and things seem fine again
Forum: Plugins
In reply to: [WooCommerce] Legacy order data blank since 9.7.0 or 9.7.1 upgradeUnfortunately new blank Payment Pending orders are still appearing despite the downgrade. I’ve attempted upgrading back to 9.6.2 since before the issue started happening, but besides running a database upgrade when prompted, these are slowly still trickling in.
I’ve enabled the additional debug logging under the Square section in Woocommerce settings and you can see an example of a junk orders/customer being created.
Is this a plugin issue, or some sort of website attack?
2025-03-05T11:16:16+00:00 Notice Response
code: 200
message:
headers: Array
(
[0] => HTTP/2 200
[date] => Wed, 05 Mar 2025 11:16:16 GMT
[content-type] => application/json
[content-length] => 241
[cf-ray] => 91b933440eeb101f-LAX
[cf-cache-status] => DYNAMIC
[content-encoding] => gzip
[strict-transport-security] => max-age=631152000; includeSubDomains; preload
[vary] => Accept-Encoding
[frame-options] => DENY
[square-version] => 2024-03-20
[squareup--connect--v2--common--versionmetadata-bin] => CgoyMDI0LTAzLTIw
[x-content-type-options] => nosniff
[x-envoy-decorator-operation] => /v2/customers/**
[x-frame-options] => DENY
[x-sq-dc] => aws
[x-sq-istio-migration-ingress-proxy] => sq-envoy
[x-sq-region] => us-west-2
[x-xss-protection] => 1; mode=block
[set-cookie] => __cf_bm=DhsMe5z.p2IiXjZVYWOO5sqUKcAYhXCqx9xTBn.BNeo-1741173376-1.0.1.1-aaW_yGxKwuShHGZUflFJIzmIUFfUzZVzSJh1FcXj_rOOwb2agafEM.fog.2JPmOef3rCieFFBRWJD7wdCFfoTQSkaKTvpllaXtU_fqD.YDk; path=/; expires=Wed, 05-Mar-25 11:46:16 GMT; domain=.connect.squareup.com; HttpOnly; Secure; SameSite=None
[server] => cloudflare
)
body: {
"customer": {
"id": "SQ0K0Q5EWD1A6KK92VSZ4SKWVM",
"created_at": "2025-03-05T11:16:16.755Z",
"updated_at": "2025-03-05T11:16:16Z",
"email_address": "[email protected]",
"address": {
"postal_code": "64236"
},
"reference_id": "197",
"preferences": {
"email_unsubscribed": false
},
"creation_source": "THIRD_PARTY",
"version": 0
}
}
CONTEXT: {"_legacy":true}Forum: Plugins
In reply to: [WooCommerce] Legacy order data blank since 9.7.0 or 9.7.1 upgradeLooking further into it, it appears that ever since upgrading from 9.6.2 to 9.7.0, the system has been generating 10-20 new orders per day with junk credentials that are getting stuck as “Pending payment”.
I had just happened to open up the order page and it had landed close to my last recalled order number, making me think I had lost all of my order history.
I have reverted back to 9.6.0 for now, the order placed under 9.7.1 seems to be okay and no new dummy orders are appearing for now
Forum: Plugins
In reply to: [WooCommerce] Legacy order data blank since 9.7.0 or 9.7.1 upgradeI have also checked my customers page, and all entries are registered today’s date, with email as a random string at gmail.com?
- This reply was modified 1 year, 2 months ago by btconline.
Forum: Plugins
In reply to: [BulletProof Security] BPS 403 error with Woocommerce Product Feed ProThank you!! That looks like it’s done it!