Stop WooCommerce Spam Orders

Recently there seems to have been a surge in spam WooCommerce orders. They all seem to follow a similar pattern of:

bbbbb bbbbb
bbbbb
74 Eastbourne Rd
ROBOROUGH
EX14 5HN

They seem to use a random fake email address from the domain abbuzz.com

This seems to be a widespread issue, with a huge (now locked) thread on .org: https://wordpress.org/support/topic/failed-orders-fake-information/

In this thread, users have identified that it appears to be a bot looking for some specific vulnerabilities in the following plugins:

  • Loginizer
  • Drag and Drop multiple file upload for Contact Form 7
  • Super Store Finder
  • Super Interactive Maps
  • Super Logo Showcase
  • WP File Manager

It also attempts to upgrade the WordPress database. If you have any of the above plugins, we’d suggest updating or removing them immediately. It’s also a good opportunity to make sure all other plugins, themes and core WordPress is up to date as well as having a good backup routine in place.

The bot also creates a series of usernames, it’s probably best to delete these as well as the spam orders.

How can we fight this?

A huge amount isn’t yet known about this attack, but a simple plugin has been made to stop these orders:

The plugin is quite basic in that it’s using a simple filter to block the known used name and email address domain from registration. Whilst this seems like a good short-term solution, we hope that the WooCommerce team will step up to provide a better long-term solution for this.

Have you been effected by this? Let us know in the comments.