Hi @openedge1,
That is not what SQL injection is 🙂
Yes, our system will create invoices even if the payment is not complete, this can also give the user the opertunity to complete is later via the email the recive.
You can turn off the new user email and you can also set checkout to require login in Settings > Misc > Checkout Settings.
We have never really had any report of checkout spamming like you mention, if you can give more details, such as: was it multiple email addresses or the same email, hoe many were created, how fast were they created? If we need to add a captcha we will but it has not been an issue to this point.
If i can help further please let me know.
Thanks,
Stiofan
Hello,
It was an SQL Injection attempt. We have the invoices showing the code for the inject…so, yes, it was an SQL injection attempt. They slammed the payment page over and over with code to attempt to break the site, DDoS style. This of course generated emails for each attempt.
The attempt was done in the wee hours of the morning for us. We were notified of the issue via a mass mailing alert. The website was sending tons of emails due to the attempt. All invoices show SQL code in the payment amount field.
We debated about the “sign up to checkout”, but with the type of websites, this is not feasible. The website owner needs to allow their customers to make quick payments.
Thus, yes, a Captcha, which GiveWP has, would be very helpful in this respect.
I can open a support ticket on your site if you need more info.
Ah ok, i understand now. This sounds like a bot of some sort. We have internally tested all our checkout fields for SQL injection and also had a 3rd party audit done, so there should not be an issue there. It just looks like a bot was trying its luck with any input fields. Once they realise nothing works they will probably move on.
I have set a task for addng a recaptcha. If you want to open a ticket please title it “FAO Stiofan” and someone will assign it to me, i can then add any further details to the task.
Thanks,
Stiofan