We have a bot placing abandoned orders in batches of 5 every 9 hours, for over a week. They are adding hidden/locked products they should not have access to with out an approved account/login. They create a customer profile that uses a fake name, email, address and phone number, and it is the same each time even if I delete the customer, they make a new one.
We have tried three different blocker apps and they did not work. We also tried changing product urls, ReCaptcha is enabled–none of this has worked. Shopify support told us there was nothing they could do. We are really worried about whether our store is vulnerable, or our customers information is somehow compromised if this bot has access to the backend of our store.
Tried to block them via IP address (Blockify) but they do not check out so we don’t have their IP address.
Tried to block them from creating a customer profile and that did not work (Fraud filter)
We tried to block them from visiting the store but that did not work (they are not “visiting the store”) (EasyBan)
We tried blocking them from the backend and that worked only to prevent them from creating a customer profile but not from placing items in their cart. (Easyban)
We tried changing the urls for the products they are putting in their cart (Shopify support suggestion) because they said they’re running some kind of program that is scanning product URLs and putting them in the cart (?) this did not work.
We’re having almost the exact same issue, except we have a $0 item hidden in our store for which they are successfully “placing orders”. IP blockers aren’t working (for us anyway) because the IP is different for every single order. Here’s a screenshot, in case you’re seeing similar patterns or anything else that might help us identify what the heck is going on:
Thank you for responding! Our situation is similar, except it’s the same name over and over. Our store does require account logins, and it does not stop the bot from adding items only available to logged in customers to their cart.
We also have 5 items that are $0 and these are the only items they’re placing in the cart. The difference in our situation is that our bot is not actually reaching checkout, they just put the orders in the cart and abandon them. They do this every 9 hours, 5 abandoned orders. We now have hundreds of them because it’s been going on for weeks and Shopify just said “sorry nothing we can do.”
I also have no idea what the end game is, but it’s really annoying.
Currently we created a flow that automatically cancels order if it’s “$0”; however, we do want to stop these orders going through as it will mess up our analytics.
We appreciate if Shopify can step up on this issue as it seems it has become an issue of many shop owners!
Same issue for my store. First name repeated for the order and targeting a hidden section of our shop where the product costs are $0. Same “@rtremail.com” email addresses as you mentioned.
I also am concerned about analytics being messed up.
Many, many stores having this same issue, yet Shopify has done nothing. Please add your voice by opening a ticket with them. See “James James” issue with bots in Community
I am also having many issues like this over the past week. A few hundred customer profiles have been made by abandoning checkout. And it is causing my auto email campaigns to bounce and get shut off by Shopify. I can’t find any pattern unfortunately. Shopify - please help.
We are having the same issue with James James from San Antonio and have tried many of the same tactics you have to no avail. Though no damage appears to be done by these bots apart from screwing up analytics and junking up our abandoned carts folder, it is very worrying that they are able to access our carts through a back door. What is the end game here?
Same problem. Started in January. all .00 items in abandoned check out. All the same email and name James James. Delete the customer, it pops right back the next day.
Now we have a new problem, don’t know if it is related. Our entire product file has shown up on a bogus website. We know it is ours because images our designer created are there. it’s the ENTIRE store. Our store has the costs hidden unless you log in but on this bogus site, there they are and they are slashed and there is a banner that says ‘up to 80% off’. How did they get the file? is the problem related?
Hi, If you are still looking for a soltuion to this, you can try using the Checkout Guardian App, where in you can block all the orders based on the cart value. For Example we can set a rule to block checkout if the cart value is USD 0, which means a person wont be able to checkout if his cart value is 0. Apart from it it offer various conditions to block checkout from these fake orders.
Any chance you’d be willing to share (or directly message me) the bogus site in case it can offer an6 clues on what we’re dealing with? I wish we weren’t all going through this headache.
They stole 5,200 items in our database PLUS they are impersonating us with our name in their tagline. The pricing is hidden on our site, you have to login to see it. I don’t know how they could possible have gotten the pricing. It’s not retail pricing. We are running into walls trying to get this bogus site taken down.
Holy crap! That’s wild, and terrible. I have tried to access huabo114.com to see if our products are listed there but the site won’t load for me. I hope that means you were successful in having it taken down. May I ask how you discovered your products were listed there, and if that site listed only your products or those belonging to other brands as well?
I have a similar issue. Several new abandoned checkouts each day for the last week or two. All for the exact same product. It is NOT a $0 item as most people seem to have. It is just one of the low cost items that I offer. Different names and email addresses. Most gmail. Physical address all say “street 10 apt 2”, but have different cities and zip codes. Seems like they are testing credit cards.
