Re: I'm concerned about the safety of my Shopify store from bot-placed abandoned orders.

Yes, three different ones. 

 

• Recaptcha is enabled (doesn’t prevent it)
• Tried to block them via IP address (Blockify) but they do not check out so we don't have their IP address.
• Tried to block them from creating a customer profile and that did not work (Fraud filter)
• We tried to block them from visiting the store but that did not work (they are not "visiting the store") (EasyBan)
• We tried blocking them from the backend and that worked only to prevent them from creating a customer profile but not from placing items in their cart. (Easyban)
• We tried changing the urls for the products they are putting in their cart (Shopify support suggestion) because they said they’re running some kind of program that is scanning product URLs and putting them in the cart (?) this did not work.

Hello Eliza,

It is possible to stop a bot from placing an order by using the Cart Lock app very easily. Since it is the same bot every time, tag this bot account with a customer tag like Bot. Then follow these steps:

 

1. Open the app and click on the "Add a new rule" button.
2. Click "Add a new condition" and select the "Customer tags" option.
3. Add "Bot" in the "Customer tags" field.
4. Save the rule.

 

Now the bot can’t place an order anymore.

Those apps won't work. 1) because it's hard to match the IP addresses with the customer because Shopify doesn't show IP addresses. 2) they change their IP

Those don't work. Shopify doesn't show IP address of abandoned cart customers so you can't Match up the IP. 2nd they change IP addresses. If you are a Shopify site owner you are a sitting duck! 

Thank you for responding! Our situation is similar, except it’s the same name over and over. Our store does require account logins, and it does not stop the bot from adding items only available to logged in customers to their cart.

 

We also have 5 items that are $0 and these are the only items they’re placing in the cart. The difference in our situation is that our bot is not actually reaching checkout, they just put the orders in the cart and abandon them. They do this every 9 hours, 5 abandoned orders. We now have hundreds of them because it’s been going on for weeks and Shopify just said “sorry nothing we can do.” 

I also have no idea what the end game is, but it’s really annoying. 

 

Our situation is similar, except its all from BELLEVUE, WASHINGTON, with different names and emails that dont match up. Sometimes 20+ a day.

I finally resolved this issue by updating the "Customer Accounts" to "NEW" in settings. Its been a month now and I have not had a single bot  subscribe to my mailing list or create an abandoned cart.

I still see a "bot" ping on the live map, but no abandoned cart are created and no fake mailing list subscriptions. Win!

 

I don't see a "NEW" option in the customer account. Do you mean switch to "Legacy" option?

Ours is also from Bellevue Washington, ugh! We receive over 25 a day

 

Do you have an accounts subdomain? accounts.yourname.com?

 

I got mine under control. Nothing for 10 days (knock wood).

I disconnected the accounts subdomain, spent a day playing whack-a-mole, deleting customers as soon as they registered, and set up a couple of flows. But disconnecting the subdomain is what really slowed it down.

I resolved this issue by updating the "Customer Accounts" to "NEW" in settings. Its been 2 months now and I have not had a single bot  subscribe to my mailing list or create an abandoned cart.

Yeah, mine was set to NEW and the bots were unhinged. I think they've figured out how to get around it.

Yep, our were under control for a few months. Now, its crazy! BELLEVUE BELLEVUE BELLEVUE BELLEVUE BELLEVUE BELLEVUE BELLEVUE

Anyone find a solution? Same Bellevue issue here. Its messing up our emails as we send out email blasts and these get flagged.

 I found a solution app and has been working for a week now. The app is aware of these issues and has fixed it. Send me a direct message and I can share the app. I dont want the bot scammers to know whats working or not working by posting it here. 

Hi Jwu703. I have the same bot issue in our Shopify store. Thus is the bot from "Bellevue, WA". I see that you found an app the resolved this. Would you please share it with me?

 

Thanks,

 

Tim DePuy

CEO

SmarterLifeProducts

www.SmarterLifeProducts.com

 

Do you have an accounts subdomain? accounts.yourname.com?

Kill it.

These are the flows I run:

 

My spammer only put a first name when creating a customer account (because I allowed that)

You can replace that with any order from BELLVUE, WASHINGTON

 

 Then I noted any similarities all the fake customers had and made sure they were deleted.

 

 

Then I ran this one:

 

Then, honestly, I spent five hours deleting them en masse as they'd come in, so someone got frustrated and stopped hitting me.

One of these things worked, because I've been spamless for months (knock wood).

How did you run the flow?

 

I would like to know the app, thanks.

Can you give the app name to me too please. .I have the same problem.

 

Hello Jwu703,

Can you share the solution app name?

Thanks!

Hi - Oh my, this has been causing us issues for months now. from a handful in a day to 30-40 in aday. all abandoned carts. Random items, certainly not lowest cost, 95% just have the bogus email address - I cant find an ip address. Could see where to DM you, but would love to hear of any app. I'm getting more and more angry at Shopify as I read all these comments and cases. I've written to them (pointless) about 2 months ago - I'll go in stronger this time.  

We are using the app called CartBlock - CheckOut Validator

Thank you so much - will take a look now.

Did this stop the abandoned carts too or just the card farming?

Hey Jwu703, is this solution still working? I emailed you yesterday. Please let me know.

What was your solution as we have tried everything?

Have you found a fix?

I don't see a NEW option.

 

We have the same, also from Bellevue Washington - always the same address, but one of about 10 or so different name / emails the bot uses.  It is clearly doing a data scraping of our store.
We have a Shopify Plus account, I asked ChatGPT and Grok what to do - they both suggested I ask Shopify to turn on "Bot Prevention" that is only available on the Plus accounts.  It is a feature that the store admin can turn on for a couple of hours, when they see a bot attack.  I thought this would be great - I asked support and received a shocking response - they refused to, because they didn't think our store justified it!!!!!  Not sure what to do now.
I have looked at Cloudflare that has a solution, but the estimate is another $1,000+ every month.  

Do you know a solution? I get a robot order from Washington state every few minutes.

Did you find a solution as we have tried everything and not getting this matter resolved?

I'm living this exact thing right now from BELLEVUE, WASHINGTON - can you explain how you stopped it?

We have dug into this extensivly.  on our site it is almost always Amazon bots, they are checking pricing and shipping.

 

We are using Negate Bot Protection add in app.  going to see if it makes any difference.

 

Thanks for the info! Would love to know if you started using the app and if you've seen any difference. 

Same issue for my store. First name repeated for the order and targeting a hidden section of our shop where the product costs are $0. Same "@rtremail.com" email addresses as you mentioned.

 

I also am concerned about analytics being messed up.

 

Hopefully Shopify can resolve this soon!

This just started happening to me last night - same name James James. And variations all from Texas or New Mexico, every 6 hrs. 

I also have similar issue up to 20 attacks a day- I have created a ticket as you have suggested

Any chance you'd be willing to share (or directly message me) the bogus site in case it can offer an6 clues on what we're dealing with? I wish we weren't all going through this headache. 

Yeah, the spoof website is huabo114.com

They stole 5,200 items in our database PLUS they are impersonating us with our name in their tagline. The pricing is hidden on our site, you have to login to see it. I don’t know how they could possible have gotten the pricing. It’s not retail pricing. We are running into walls trying to get this bogus site taken down.

Holy crap! That's wild, and terrible. I have tried to access huabo114.com to see if our products are listed there but the site won't load for me. I hope that means you were successful in having it taken down. May I ask how you discovered your products were listed there, and if that site listed only your products or those belonging to other brands as well?