Abandoned Carts

Hi, for the past 6-8 weeks I have noticed lots of abandoned carts for gift certificates, there tends to be 20 - 30+ per day the funny thing is there is no IP Address for these, how do I stop this from happening because since this has been going on I have also noticed a drop in orders???



I have just counted 71 of these for so far today!!!



Kind regards,

Tony

I've been noticing this too, and would like to know why it's happening.

[quote name='kingsleypress' timestamp='1402854915' post='185766']

I've been noticing this too, and would like to know why it's happening.

[/quote]



At least I'm not the only one, just a little concerned as to why it is happening??



Does anyone have an answer as to why and if there is a way to stop it?

The cs-cart version is?

[quote name='cscartrocks' timestamp='1402856100' post='185769']

The cs-cart version is?

[/quote]



Sorry mine is 3.0.6

And mine is 4.1.5

Does anyone know what is happening here or can anyone offer any advice?

Are the gift certificates properly associated with the customer making the order. I.e. are they specific or general? I know some people use GC's for things like groupon marketing. I guess the first thing I would do is find out how they got the GC.



And this is probably something you should get the helpdesk to respond to and then publish their findings here.

I have noticed that there seem to be 1 or 2 amounts per day.

I will see 20-20 for say £93.79 then it would be another 20-30 for £103.36

Same here…gift certificate are being added to the cart and left there every single day…this started back in May and is continuing as of now…I think CS-Cart support should look into this and let us know why is this happening…I am using CS-CART: version 2.2.5 PRO

mine are just regular gift certificate for the online store…no groupon or anything like that…they can add them to the cart as a regular product…

Are you saying these are just being generated and then used and you have not created the gift certificates or they were not produced as the result of a GC purchase? More detail is needed about the order environment and the use of the GC.

[quote name='tbirnseth' timestamp='1403202368' post='186104']

Are you saying these are just being generated and then used and you have not created the gift certificates or they were not produced as the result of a GC purchase? More detail is needed about the order environment and the use of the GC.

[/quote]



They are in the abandoned carts, they have not been used, they have NO IP address associated with them, I have had lots with £85.39 & lots with £120.85 on them. it is like a random attack, where someone is just adding it to a cart & leaving it there then coming back again and doing the same again, the same amount is used for 20-50 time on the run them the amount is changed …

Tbirnesth, I will email you over a screen shot to try and give you a better understanding.

I've stopped getting these now. Seems to be a bit random.

[quote name='kingsleypress' timestamp='1403204971' post='186112']

I've stopped getting these now. Seems to be a bit random.

[/quote]



Lucky you!! I have just counted 55 today!!

[quote name='tbirnseth' timestamp='1403202368' post='186104']

Are you saying these are just being generated and then used and you have not created the gift certificates or they were not produced as the result of a GC purchase? More detail is needed about the order environment and the use of the GC.

[/quote]

In my case I have GC setup normally…customers can purchase them on the web site, but if I go under abandoned carts I see a bunch of them every day that have been placed in the cart as someone about to purchase the GC and then left it there…

It seems to me as someone is scanning the system for vulnerability or something…everyday there are GC orders abandoned in my abandoned carts list…

what other type of info do you need exactly?

I missunderstood the problem. It wasn't using a GC for a purchase, but purchasing a GC.

My guess it's a bot trying to find some site that will give out free GC's or there's some other hole that they are searching for.

My guess is that they know the domain names from the breach of the admin url's. So they can target just cs-cart installations.



But not clear at all what the point would be unless something would allow them to purchase a GC without having to pay for it.

This problem was the subject of posts to the forum back in the summer of 2012.

At that time, I finally disabled the Gift Cert feature to stop getting the many abandoned carts with Gift certs each day. I never saw an explanation of what might be causing the problem even though the help desk ask one poster for server access.

The following is a post from the past



Posted 12 August 2012 - 01:31 AM #1

It could very well be bot activity, but I thought I would bring it up because it seems strange to me, because I started seeing it from the day I put my site up. Every day when I check my [color=“#ff0000”]abandoned[/color] [color=“#ff0000”]cart[/color]s, they are littered with [color=“#ff0000”]cart[/color]s full of minimum value [color=“#ff0000”]gift[/color] [color=“#ff0000”]certificates[/color]. Initially my min. value was $50 and they were all $50, now it’s $10 and they are $10…







I get about 100 [color=“#ff0000”]abandoned[/color] [color=“#ff0000”]cart[/color]s full of [color=“#ff0000”]gift[/color] [color=“#ff0000”]certificates[/color] per day.



Is anyone else seeing this?

I think you guys at CS-Cart support should look into this…I understand that they are not going anywhere because we would not let them purchase the GC for free however, all this activity on multiple stores is obviously a sign of intents to spoof software vulnerabilities…

I am not a hacker so I dont know what they will get out if this but I just think shouldn't be ignored…could be a testing ground for other actions…

Once we get our fraud_detector addon developed, you will be able to deny order placement by suspected bot activity. Will be end of summer, hopefully beta tested in time for the holiday shopping season. Discussion about that addon's requirements and features should go on here: Planning A Fraud Detection Service - Security - CS-Cart Community Forums