Hmmm so I wonder if he IS testing credit card numbers. I know that free items don’t need payment info entered for a customer but maybe the connection this bot has does allow him to test. And the $0 items is a way to avoid detection while testing. If a card number does end up being valid and it shows, well…he got what he wanted.
Just a theory I have.
I think he is hacking all the way around. Imagine if he was able to hack Shopify’s cc system - the sales dollars from just one day via cc’s. I do know that the item he ordered at 2:41 today DID have a price and now does not. I had to go in and fix it.
Are you saying that the price of the item itself -not just within the sale, but in the individual product profile- was edited to ZERO after a James James & Co. checkout?
That sounds like a HIGH ALERT issue that needs to be on Shopify’s radar asap.
Yes. It appears so on this last one. I’m literally going through every item on our site right now to ensure there are no more 0.00 items. (We have nothing on there that should have a price of 0.00.) Once I have checked them all, I will have a better handle on it and can alert Shopify. I wish there was a report I could run that showed pricing.
Ugh. That is all terrifying. On the day when I got targeted, the abandoned carts came in 3 waves.
Round 1: 12:43pm - 1:10pm
Round 2: 6:52pm - 7:24pm
Round 3: 10:40pm - 11:14pm
I caught Round 3 WHILE it was happening, and I immediately started putting all my $0 items into draft mode, and the abandoned carts stopped immediately, and I haven’t had anymore since.
I have been in touch with Shopify customer service, and they have told me they are taking this seriously and are working with their developers on the issue. They recommended some of the issues we have seen others post (reCaptcha, third party apps, etc), but I told them that this thread (and the reviews for the apps they recommended) clearly show that people are not having success with those.
I am currently in the process of changing all of my $0 listings so that they now have a price of some kind. This is a huge and frustrating task, but I’m not sure what else to do.
However, now I am concerned that even if I remove all the $0 items, I could get targeted in the way AppMerc describes above. But, my formerly $0 items do NOT have a shipping cost attached, so I’m not sure if that makes a difference or not.
I’m checking my abandoned carts multiple times a day now, and nothing since 2/24, so I’m hoping I am past the attack. And I hope Shopify can figure out a way to end this once and for all so that no one else has to deal with this.
I went through EVERYTHING in our online store. There is nothing with a $0.00 price on it now. (If I were you I would put $0.01 on them.) So far…I have ran him off. He was hitting about once every 4 hours. If he hits again, I will be 100% sure that he was, in fact, able to change the price.
I have the same issue, it found 2 active products for 0$ (which weren’t supposed to be free, probably human error there). I added the price back to these and checked all the products on the website, hundreds of them, every single one lol, everything had a price. Couple hours later it found a Bundle item in the catalogue for 0$ which wasn’t even on the website, only active through a Bundle app where it was accidentally created hence the 0$, so i would guess it really is going through the backend, because it is finding stuff you cannot find on the storefront. This is just horrendous, and hasn’t been solved by Shopify for over 1 month.
I just noticed this in shopify help center. https://help.shopify.com/en/manual/checkout-settings/bot-protection
So it seems shopify DOES have an innate bot protection, but they only allow Shopify Plus have it??? That’s pretty messed up. This is something that they will benefit from if we all have it.
This is only a temporary protection tool. It lasts 60 minutes. My guess is that it is something that takes extra setup on their end (and has costs associated - like a cloudflare captcha). In any case, I have Plus and I probably wouldn’t use it for this particular issue.
Hi! Our store also got James Jamesed in January and we spent weeks trying to block it/him (?) and tried all of the things Shopify support told us to do (zero help) and also tried three different fraud blocker apps (also didn’t work). We finally had our web designer tackle it and she successfully blocked him by creating a block tag on his account through our wholesale lock app. We had been deleting his account every day and he would just make a new one. So we left it and added the block tag so he can’t access any of our products and it has stopped. So sorry to everyone dealing with this and it’s so frustrating that Shopify just keeps saying there’s nothing they can do.
Your app does not work to block this bot.
I don’t use that app.
Klavio is not the commonality between shops who are being targeted by this particular bot. What each of us have experienced is that it finds shops with $0 items, hidden and visible, and goes from there.
If you’re serious about trying to figure this out, THAT is where you need to start.
This thread has almost 3,000 views in less than 4 weeks and Shopify still has not been helpful. @Shopify_77 please do something about this JAMES JAMES bot.
We have this same problem and have spoken to Shopify Support several times over the past few weeks. We updated our $.00 products to $.01 and waiting to see if this temporarily took care of this bot, however we REQUIRE some of our prPify told us to download an app but we are on the Starter plan and it tells us the app is not compatiable with our version. So they are expecting us to buy a more expensive plan AND then buy a 3rd party app!!! In the meanwhile they are doing nothing and my customers are not happy having to call us directly. They said they’d put our “Vote” in for Shopify Developer Team to fix this in “The Future”!!! Seriously??? Maybe time to drop Shopify?
I got rid of the bot by simply making all items .01 instead of .00 It looks for free items. No additional app or upgrading plan…
@Shopify_77 same issue in our shop. Please step up and give all shop owners a solution (not only Plus members for 60 minutes).
Bots have become indispensable these days, a solution must be found for this!
I changed my $.0 products to $.01 and it appears to block James James currently, however I absolutely need these $0.00 products. Has anyone found that after James James goes away and stays away it I change back products to $0.00?
In my experience, deleting the customer does not stop them from leaving more abandoned carts. All it does is remove the customer name/address/email from the abandoned carts list… but the row with the abandoned cart still stays on the list and the bot continues to leave new abandoned carts.
We have the samething happening from Mr. James James. The thing I don’t understand is my website is wholesale and only allowed to access if you have an account and sign in. A customer cannot create an account, I must do so. But somehow James James is able to bypass the password/account log in hurdle, create an account on his own, and then place an order. I have a default shipping at .01 so it stops there. I did update my $0 item to have a cost so hopefully that is all i will hear from him, but I sure don’t like this access.
Shereen