Your store's SECURITY AND TRAFFIC, is it real or a dream?

6 0 1

I'd love to know how many of you in the last year had an increase in traffic and had their sales drop to zero or never get off the ground?


I own two stores the first is called Spirit Wanderer and the other was called Hello Fashion Forever. Hello is now closed probably forever and it isn't a bad pun. Me and my partner have owned Spirit since Nov 2018 and between December trough to July 2019 we were getting a couple of sales. Of course we were advetising on Facebook, Pinterest, Instagram ect. 


From the end of June to the beginning of July the sales flat lined. We figured that with the summer holiday's people weren't really shopping. At the beginning of July the sessions online, impressions on social media ect just went up like a rocket out of Cape Canaveral going to the moon, GREAT WE THOUGHT,  people are shopping for fall season, back to school or back to work. Of course we spent more in advertising and yet it was all for nothing NO SALES AT ALL.


We started looking at the traffic and our native traffic had been entirely replaced by bots. We have had a load of problems the worst bot invasion are from amazon in one day this month it was  2000+ visits on an empty store with only one page left (home page) and a re direct on the home page to google search. That meant that all the traffic i have been logging has been BOTS OR HACKERS OR SCRAPER BOTS AND I'M SURE THE NEW KIND WORM BOTS. both of the stores suffered major spam and DDOS attacks. I have reported all this to Shopify and apparently for them this isn't a security concern. Well what I also reported to them after proving it is that the "friendly" bot from Google from my records are ALL FAKES !!!! Google bots operate on specific Ip adresses and none of the ones that I have logged, traced and investigated were n the right addresses.


Another thing our stores experienced was code defacement, we knew it from the external audits and report we were getting and we actually watched while Spirit was being destroyed. I saved a lot of theme files and after the first attack the sizes of the ZIP files had grown by 2 megs and change. I reported that and it still wasn't a security issue with Shopify. I'll tell you one thing the so called security package they supply us with has vulnerabilities in both BOOTSTRAP, JQUERY and JAVA. These fails are serious enough that a hacker managed to get in the stores back in July after by-passing my cable modem Firewall, Karine's Macbook Air firewall, going trough Cloudflare and finally trough the Firewall application we have on the site itself. From there he installed a backdoor somewhere where he now enters the store via the head.


People CHECK your customer accounts!! Remember I said earlier that I had an empty store with no human access to it? in that time period there were 5 accounts created by bots. One of the thing Alex (the developer from Shopify who cannot seem to be able to understand what i'm writing) offered me was to set up CAPTCHA well I was ahead of him and there was a captcha on the store. Of the five accounts the worst one was created with the email tlantrip@tkmidwest that has attacked 32 websites as of January 2nd 2020. After some research I came upon an article from the Sucuri site monitoring knowledge lab dated July 2019 that warns of bots being able to inject code to defeat CAPTCHA's. Humm July 2019 coincidance I think not.


If this ring a bell with anyone in the community, not necessarily the specifics but the symptoms get back to me The bot problem isn't new, here is a link to a post from 1983 on the subject. One of person that answered actually sent a solutin to Shopify to alleviate the problem, I have suggested a way to create a code to do the same and nothing has happened on the subject since 1983 to Jan 2020.  


Is seems to me that Shopify isn't in business as a marketing platform, they are more server rental and theme and app sales shop. I do believe there are more than a couple of misrepresentations in their sales packages.    


Ève Brassard for private messages