This is a new one for me. I'm not quite sure how to handle the situation.

Since yesterday evening, my online store has been getting orders every few seconds. edit: The current batch of 150 orders I'm looking at were all placed within a 6 minute interval.

The orders are created but then abandoned before payment. Each order is for a single item from my store. Stock in that item is now at zero, but these fake orders are still coming in for the item.

IP addresses for these fake orders vary all over the world, so I can't just block an IP or a reasonable range of IPs. Anything I can do other than delete the orders and wait for the attack to be over?

Many thanks for your time and any advice you can offer. --DeeAnna

Classic Bells, Postville, Iowa, USA, https://classicbells.com/

I am betting they all have the same email address, please confirm.
If so, you can block them by adding a line to your includes.
Let us know if they all have the same email address.
David

Checked a random selection of the 150+ orders I mentioned earlier.

Good thought, DBDave, but nope, the orders don't all have the same email address.

The email is set up as buyerName @ gmail.com

Examples:
Order from buyer Judy Hunt has the email judyhunt@gmail.com
Order from Tracy Finklea has tracyfinklea@gmail.com

I was able to stop the orders from being created by altering the product ID of the product that's common to all these orders. I realize that doesn't necessarily mean the attack itself has stopped. Just that the orders aren't being added to the database.


Classic Bells, Postville, Iowa, USA, https://classicbells.com/