Gladiator kits

Genghis

Western Thunderer
Our website was put under pressure last week by nearly 6000 failed orders in a very short space of time. They originated from the same IP address and would appear to have been fraudsters checking the validity of credit cards. A few of the attempts did result in PayPal - the payments processing system that we use - clearing the sale and crediting us with money that we have since refunded. It has taken me some time to clear the rubbish from the system and it is possible - though unlikely - that legitimate orders may have been cancelled and refunded. If so, I apologize and ask that you retry. A follow on from this is that I am getting 300 email notifications from the website that an order has failed. 300 seems to be the limit that either the website will send or my inbox will accept at a time. So I have another week or so before things are back to normal.

David
 

djparkins

Western Thunderer
Fully Sympathise - we had a Denial of Service Attack on our previous web site. Between ourselves and our then hosting company, we traced it down to the internet cafe in the Shanghai Hilton Hotel! Aren't these people just wonderful?

I'd like to see their legs removed at the armpits.

Mind you if we'd have had that many genuine orders in one night, I'd have been retired years ago!

DJP
 

simond

Western Thunderer
We have had a bunch of phishing attacks lately, they purport to come from Quickbooks - unfortunately genuine invoices come from them too, so a blanket block on the domain name is not an option. Anyway, the warning may help someone, I hope.
 

oldravendale

Western Thunderer
That is really too bad, David. And I guess there's nothing can be done about it.

I rather agree with DJP - if you could catch the bu$$ers.
 

Genghis

Western Thunderer
The IP address of the sender is changed after about 10 attempts but this time are consistently located in Dusseldorf. The address of the attempted orders is in Maine, USA. The perpetrators are choosing low value items- yes we do have some! - making attempted sales of £10-20 a time.
This time 7 of the attempts resulted in a payment being made. I notified PayPal that these appeared to be part of fraudulent activity but PayPal has cleared them as OK. I have refunded the small amounts, but PayPal seems not to want to refund their commission, so I have another battle coming up. I don't see why I should be out of pocket for not taking money that isn't due to me.

I can - if I can work out how to - set the website to block particular IP addresses, but as these are changing quickly then I'll just be chasing my tail.

It took me hours this morning to clear the website order pages and my email account. I get a notification sent to my email address when there is activity on the website. Useful for dealing with real orders quickly, but a pain when there are failed orders, which are also notified.

David
 

Heather Kay

Western Thunderer
At this point, David, I would be thinking of temporarily suspending your site, or at least suspending the shop side of things.
 

Genghis

Western Thunderer
At this point, David, I would be thinking of temporarily suspending your site, or at least suspending the shop side of things.
Actually, I think it is possible to put a geographic block on sales by region. If so, I’ll try limiting sales to UK only. This is 99% of custom.

I did try to find a way to suspend the whole site temporarily but the only option found so far is to delete it.
 

simond

Western Thunderer
Good luck, David.

I will tell our IT manager of your travails, if he can suggest anything, I’ll be in touch.

atb
Simon
 

Chris Veitch

Western Thunderer
Actually, I think it is possible to put a geographic block on sales by region. If so, I’ll try limiting sales to UK only. This is 99% of custom.

I did try to find a way to suspend the whole site temporarily but the only option found so far is to delete it.
I can't add much in the way of positive comments regarding a means to combat the attack, but I'd guess that long-term the solution is to enable some sort of check in the payment process which depends on how and where your PayPal payments are being processed. I would guess that there are backend payment processors which will provide an intelligent service which will pick up and kill off such activity as it seems to rely on a fairly crude and predictable attack process (e.g. they've not tried to randomise or spoof IP addresses). I don't know how you're doing your payments but if there is a third party processor it might be worth enquiring whether they have such a facility - and if you're not using one now it might be a way forward although it would inevitably add to your costs. If you're simply creating Paypal requests directly from your site it's a lot more difficult.

I hope that doesn't come across as negative, I'm just trying to suggest what options might be available. Good luck with sorting out/evading the bu$$ers.
 
Last edited:

Eastsidepilot

Western Thunderer
Actually, I think it is possible to put a geographic block on sales by region. If so, I’ll try limiting sales to UK only. This is 99% of custom.

I did try to find a way to suspend the whole site temporarily but the only option found so far is to delete it.
What happened to good old cheque with a letter in the post ? :D ...no I know it's not funny mate but as people say that word technological progress ain't exactly what it says on the tin. Hope you get it sorted.
Col.
 

Genghis

Western Thunderer
PayPal has now waded in to warn me that our site has been used to test for fraudulent payments and if we don't do something about it they will withdraw the processing facility. I have - very politely - told them that I had already reported my concerns but they had responded - presumably using some form of Artificial Stupidity - that the payments were legitimate. Meanwhile limiting the site to UK users only has worked so far.

I am very grateful to one individual - webmaster for a similar site - who has come up with very practical advice on measures that can be taken.

David
 

simond

Western Thunderer
Thank you.
David,

I didn't want to disturb him over the weekend, but fully intended to talk to Andy this morning about your issue.

Unfortunately, he's rather preoccupied with a very concerted attack on our firewalls which has been going on since Saturday. Looks like he spent most of yesterday dealing with it.

I do wish there was some way of deterring these parasites.

(Amongst other things we make 40 kilovolt power supplies. I know where I would attach the electrodes!)

will be in touch when things calm down - hoping the help referred to in your post 96 above has fixed it for you anyway.

atb
Simon
 

Genghis

Western Thunderer
We hope to release the O4/8, Q7 and Limousine cab Fowler at the Guild's next Kettering show and I need to order in parts now. It would help me a lot if I can get some indication of likely demand, so am inviting non-binding expressions of interest. Estimated prices are as follows:

O4/8 £475
Q7 £550
Fowler £425

Please let me know either here or email to railwaycitytrains@btinternet.com
Thank you.
David
 

Tim Humphreys ex Mudhen

Western Thunderer
We hope to release the O4/8, Q7 and Limousine cab Fowler at the Guild's next Kettering show and I need to order in parts now. It would help me a lot if I can get some indication of likely demand, so am inviting non-binding expressions of interest. Estimated prices are as follows:

O4/8 £475
Q7 £550
Fowler £425

Please let me know either here or email to railwaycitytrains@btinternet.com
Thank you.
David
 
Top