X-Cart forums

[amy2203]

it also depends how they are 'buy all stuff for 0$' perhaps they have a coupon code that hasn't been deleted?

If the cart is saying $0 is due, then will it even send themto a pyament processor?(I'm not sure, don't really do free stuff!)

[martadella]

Ok. Then x cart is secure only the users have to set up correctly...About blocking email - the person who fraud the stuff is so stupid that she or he use the same mail all the time but the IP change and his other data like name. SO I was hoping blocking email will help. This person is using some back door to buy stuff for free. I was using free software to make my own shop and wanted to change to more professional like x cart and wanted to know if there are any mods which I could use to make my shop secure. As my friend who already use x cart told me about the hacker I start to doubt ....

[cflsystems]

Hacked xcart doesnt necessarily mean xcart is not secure. The server itself could be hacked leaving all applications running on that server at the mercy of the hacker. So it is not only xcart security, if your server is not secure, not patched with the lates security patches, not configured correctly... there is so much to it. Also fraudulent order doesn't mean security breach. It could be some setup like amy2203 mentioned.

[martadella]

This hacker is not buying using coupon. He just buy all stuff for free and when notification comes is say: order: name of the item
subtotal:0
total:0

Yes, server could be the problem....

[cflsystems]

If this is constant and happens only to this one account you should close that store and investigate asap. There could be code placed in some of the files to let the hacker in so no matter what security you have they will always be able to buy for 0 until this code is removed. You have to get your host involved as well

[martadella]

Quote:

Originally Posted by cflsystems

If this is constant and happens only to this one account you should close that store and investigate asap. There could be code placed in some of the files to let the hacker in so no matter what security you have they will always be able to buy for 0 until this code is removed. You have to get your host involved as well

Thank you for reply. I will advice my friend to do so.

[felixrajesh006]

Quote:

Originally Posted by martadella

Is it possible to block unwanted customer in the shop? When I was using other shop application it was not really possible. I would like to try xcart but have to be sure if it is possible to block a person by an email not by Ip as the IP can change dynamically and blocking IP do not work...So is it possible to block a email address from which a person ( hacker e.g ) buy some product and did not pay?

Reply,

Hi we use simply give right click production on mouse the pay ment page it will use to solve your problem,

[savage]

Do not be afraid to block unwanted hackers by ip#s.. I block the entire server he's using all the time

For instance I have a 12 year old book site and we've gotten hackers or fraudsters over the years. One was from Bxxxx.. in 12 years I've never ever sold a product to a Bxxxx customer.

I removed the nation Bxxxx from being able to purchase from the site and I've blocked the entire IP range that person was using.

It has not damaged sales in any way, but now my paid help doesn't have to deal with BS from that kind of criminal.

Then I customize my 404,403, and 500 error pages so if some real person from Bxxxx want to access the store, the error page gives them an email address in a image they can contact us.

We block about 14 countries entirely.