Developer forum

Forum » Ecommerce - Standard features » Antispam on Carts

Antispam on Carts

E-mail notifications
Nuno Aguiar Dynamicweb Employee
Nuno Aguiar
Reply
Posted on 06/11/2023 10:38:06

Hi,

 

Is there any sort of antispam validation performed on orders? The reason I ask is because we have a customer who is constantly getting some dummy carts created. Over time we've seen:

  • Carts without orderlines
  • Carts with OrderComplete=True (but still with a CartId)
  • They are clearly a copy of a real order
    • Same IP, same user, ...
  • This happens with multiple users

 

This has been going on for quite a while. We noticed after a user reported seeing multiple "Orders" (CART*) in their Order History.

 

They Usually they come from the same IP, with the same data (order total, orderlines [when applicable], billing and shipping addresses, ...). Sometimes the user changes, but it's still obvious to the naked eye.

 

Could there be any reason other reason anybody can think this could be happening and having started a few months ago? The site is now in 9.14.10, but this was initially implemented in DW8 and there has been no template changes in years as far as we can tell, so it's been a while.

 

Best Regards,

Nuno Aguiar


Replies

 
Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen
Posted on 06/11/2023 10:51:41
Reply

It smells like custom code.

Orde.Complete cannot be set from outside to the best of my knowledge and looking at the code. Only completing the order or a callback from gateway can do that. Cart with 0 lines is a setting that can be switched on or off - check that. If it is off and you still have them it looks like it is not from the frontend.

Got any custom order manipulating code?

What does the log entries for the weird carts contain?

 

 
Nuno Aguiar Dynamicweb Employee
Nuno Aguiar
Posted on 06/11/2023 15:50:50
Reply

Hi Nicolai,

 

I am leaning towards some data integration mapping issues. It's odd that it's taking the exact same IP and created dates, as if it's being copied. I'll take it up with the Integration team to look into that.

 

These are the log entries for a random cart, but I believe they are a consequence of being a "completed order" at this point, in other words a consequece of these dummy orders, not the cause

 

Thanks

 
Nuno Aguiar Dynamicweb Employee
Nuno Aguiar
Posted on 24/11/2023 18:06:33
Reply

Hi Nicolai,

 

This was a tricky one, but we figured it out and wanted to provide an update.

 

It was an old bug from Live Integration (sounds like a custom version of our at DWNA but it's hard to know based on what we have). It was solved by enabling a checkbox.

  • The order but not synced to the ERP
  • A Scheduled task picked up the orders, but if the ERP was down it looked for a realy old setting (not meant to be looked at by scheduled tasks), and if it was off downgraded the cart.
  • The next time it picked up the Completed order, and if the ERP was down, downgraded it to a cart
  • And round and round we go until the ERP was up

 

Our theory is that at some point in time, the Scheduled Task add-in was upgraded and started to use the same OrderHandler methods as everything else (good development practice), but the logic, being a bit convoluted, was hard to realize it required that checkbox to be enabled).

 

Since the project is old and we can't easily upgrade, we simply enabled this odd checkbox and problem is now expected to have gone away for good.

 

Thanks

 

You must be logged in to post in the forum