String of odd "not a valid cart action" errors

We had a whole string of weird errors show up over a 10-minute time span a few days ago (all from one IP address), then about three more of them every day since (same IP). Is this anything we need to be worried about? I have no experience with this, but I'm wondering if it could be some sort of attack. I can whisper more details if helpful.

Comments
  • It looks like others have reported the same IP on abuse websites in the past few days. I don't see anything else that looks suspicious about our store or transactions, but it would be great to know if there's anything we should check on, or if we can block this IP somehow!
  • I also remembered that yesterday, our XML data feed (Mailchimp integration) started failing on all transactions. Not sure if this is related, but now I'm starting to worry about everything!
  • fc_adamfc_adam FoxyCart Team
    @dustystrings,

    Sorry to hear you've had an influx of errors! I can see the errors you're referring to - and based on the types of URL's they're attempting, this does look like someone is testing for weaknesses. It also looks like it's automated attempts based on the timing of the errors. The good news is that those attempts wouldn't have gotten them anywhere - so you should be fine there.

    We're working towards some improvements to our infrastructure that would allow us to automatically block users like this who make obvious intrusion attempts - to stop them in their tracks. We're rolling that out in stages, but we have put a block on that IP to try to hinder them from coming back to your store.

    Looking more broadly at your store, our new Google reCAPTCHA functionality is enabled for your store - so that will also help to minimise automated fraud attempts on your checkout. You could also enable minFraud for your store to minimise in-person fraud attempts as well - and you can see details on that here: https://wiki.foxycart.com/v/2.0/fighting-fraud

    In terms of the datafeed error you're seeing - did you by chance recently update your site to redirect automatically to HTTPS? The error message coming back for the datafeed is showing a HTTP response code of 301, which relates to "Moved permanently". If I load up your current datafeed URL it's redirecting from http:// to https:// - so if you update the datafeed endpoint URL in your store's advanced settings to match - that should get that corrected.
  • @fc_adam,

    Thanks for the info! I'm glad we don't have to worry about this particular incident. We'll keep minFraud in mind if we start to encounter any fraud attempts.

    And thanks for noticing the http vs https thing! That was exactly the problem.
Sign In or Register to comment.