There’s a Hacker Placing Fake Orders on WooCommerce Stores as Part of an Attack
An unidentified hacker has spent the past week wreaking havoc on WooCommerce ecommerce websites all over the world creating fake accounts, placing fake orders, and in some cases successfully hacking the website. The hack appears to be related to an exploit found in the plugin TI WooCommerce Wishlist which has yet to be patched.
The fake orders are all typically placed by a UK based user with a fake name that is all B’s using a random email address at the website abbuzz.com
Here’s what the fake order info looks like:
bbbbb bbbbb
bbbbb
74 Eastbourne Rd
ROBOROUGH
EX14 5HN
United Kingdom (UK)
078 1369 7987
wuclcqqglsdg@abbuzz.com
The fake orders themselves are not likely to cause any issues, but are probably part of the attacker probing the site to attempt the hack. If you see these fake orders you should take a few steps to make sure your site is not being hacked.
- Immediately disable and remove the plugin “TI WooCommerce Wishlist” and make sure the folder on your server is deleted. This may cause interruptions with your users, so make an announcement letting them know you are temporarily disabling the wishlist feature.
- Check your website for usernames that match the known fake names used in this attack and delete them.
- Place all of the fake orders in to the Trash.
- Make sure your WordPress core is up to date.
- Make sure all of your plugins are up to date.
- Make sure your theme is up to date.
If you haven’t seen any fake orders similar to those shown above yet and you have the plugin “TI WooCommerce Wishlist” installed then you may want to be proactive and delete that plugin before your site is hacked. We also recommend taking other security measures for general website security including; Install a Web Application Firewall, Require a reCaptcha on purchase, use a Fraudulent Purchase Prevention plugin, and always keep your WordPress core / WordPress theme / and WordPress plugins up to date.
Here is what the fake order failure alert emails look like:
Read about the issues other WooCommerce stores are having on the WordPress Support Forums “Failed Orders – Fake Information”
I have the same person doing this to mu site. same experience.
nothing was done but so annoying!
This is the fake account info
Billing
bbbbb bbbbb
bbbbb
74 Eastbourne Rd
ROBOROUGH
EX14 5HN
United Kingdom (UK)
Email address:
jmpdmyqhohlt@abbuzz.com
Phone:
078 1369 7987
I am so grateful for your blog post. This was bothering me.