Posted - 09/30/2017 : 06:08:30
Hi, in the past few weeks there have been two or three unusual, Unauthorized order attempts in our cart.
It looks like someone with a lot of patience (or perhaps a bot) adds an unexpectedly large number of items to the cart - say, 15 expensive items - along with garbage data for the address and other fields.
There are no Private Order Status error messages from PayPal to suggest that anyone tried to enter bogus payment card information - though we don't always see error messages for every failed transaction. The IP address for the latest attempt seems to be in Miami, FL.
My best guess is that someone may be probing the Cart to see if they can make it crash.
Has anyone seen this sort of activity before? Can anyone suggest a possible motive?
And, can you suggest any measures that we should take, other than keep our cart software up-to-date?
Since it's not clear whether these few attempts were made by humans or bots, we hesitate to implement captcha code and lengthen the checkout process for everyone based on these few attempts.
We'll continue to record the IP addresses in case there's enough activity from any one address to warrant IP blocking in the cart.
Thanks in advance for any suggestions or comments.
- Paul D.