Malicious shopping cart creation

[[email protected]]

Hi, since a short time hundreds of shopping carts are created by unregistered customers. Every few seconds a new cart is created so I think there is an automatic process behind. 

 

I can block the suspected ip address and the creation stops, but often it starts again from other ip addresses.

 

Is there a possibility to on allow cart creation for registered customer? Or does anyone know of another solution for this problem?

 

Thanks

Werner

 

[Scully]

These are crawlers. Some are just badly programmed, some others try to find weaknesses in the systems.

 

You can retrieve the IP address from your logfiles and block them using entries in the .htaccess file in the root of your shopsystem.

 

Example:

<Limit GET HEAD POST>
order deny,allow
Deny from env=spam_ref
Deny from .ro
Deny from .ru
Deny from .cn
Deny from .gn
Deny from .hu
Deny from .lv
Deny from .pe
Deny from .kp
Deny from .pl
Deny from 163data.com.cn
Deny from serverprofi24.de
Deny from 136.243.0.0/16
Deny from 144.76.0.0/16
Deny from 46.4.100.
Deny from 46.4.68.
Deny from 5.9.6.
Deny from 5.9.85.24
Deny from 88.198.
</Limit>

Tipps:

Whenever an IP address is not complete with its four pairs of digits, it will result in blocking the whol ip range.

Deny from 88.198. will block vom 88.198.0.0. to 88.198.255.255.

 

Blocking an entire country can be done like this:

Deny from .ru

 

However, bots or crawlers not using a hostname ending on .ru wouln't be blocked. Blocking countries by IP address range is not an option.

Edited July 8, 2017 by Scully (see edit history)