doja Posted November 25, 2014 Share Posted November 25, 2014 (edited) Hi all, I am new to Prestashop, installed a few days ago and have been very impressed with how it looks and what it can do. All was going well until I logged in this evening to find that several hundred thosuand pounds worth of fake orders had been made by malicious users ... probably bots. I have not even got as far as setting up a payment gateway yet (still populating the site with products) but after seeing this 'attack' it has caused me to loose a lot of confidence. Interestingly, many of the products ordered were default products which I had actually disabled, which makes me wonder how they were able to add them to a cart and try to buy them. Could someone explain what is going on here and preferably give me some information to rectify it. Public URL is http://www.streetmotion.co.uk/shop/ Thanks! Edited November 26, 2014 by doja (see edit history) Link to comment Share on other sites More sharing options...
El Patron Posted November 25, 2014 Share Posted November 25, 2014 Hi, are they just in the shopping cart or true orders and if so what payment method does order use? I would look at http access log which for most hosting can be accessed from their hosting control account. Here you will see the actual activity and by whom. Also posting your front office url in original post (you can delete later or use scramble url). Link to comment Share on other sites More sharing options...
doja Posted November 26, 2014 Author Share Posted November 26, 2014 (edited) Ammended original post with URL. Please see attached screenshot of dashboard & orders. Edited November 26, 2014 by doja (see edit history) Link to comment Share on other sites More sharing options...
El Patron Posted November 26, 2014 Share Posted November 26, 2014 if not diff email address back office-->customers-->click delete customer ps will then ask you if you want to allow them to recreate account or not recreate account click not allow recreate account also, make sure to check http access to find out what 'bot' is doing this, then you can find more info and also possibly block bad bot. 1 Link to comment Share on other sites More sharing options...
doja Posted November 26, 2014 Author Share Posted November 26, 2014 (edited) Thanks, I'll do that, but deleting that one user will not stop other people/bots exploiting the same weakness again. What am I looking for in the log file? Also how can I delete all these fake orders so they don't spoil my metrics? I have cancelled them all but the graph in my admin dashboard is still showing all the fake orders and I cant see how to delete them totally from the order list. Edited November 26, 2014 by doja (see edit history) Link to comment Share on other sites More sharing options...
doja Posted November 26, 2014 Author Share Posted November 26, 2014 (edited) So it seems that either by default or by accident 'Demo Mode' was enabled. This amazing feature </sarcasm> puts in a bunch of fake orders so you you can see what the stats will look like once you have a few orders. This can be turned off in the bottom right column of the Admin Panel/Dashboard. The Fake orders can be removed using the PrestaShop Cleaner Module Edited November 29, 2014 by doja (see edit history) Link to comment Share on other sites More sharing options...
Recommended Posts