Unusual Behaviour Detected When User Goes To Checkout-Need Advice


I have chat software which tracks users on my site.

I noticed recently that when a customer is on my site and I track them as they go from page to page, when they go to the cart to check out, another “User” with another IP picks up from the check out page and if the original customer completes the purchase, the Order confirmation page is associated with the second user/IP. The tracking of the initial customer stops just before the checkout pages tracking is continued with the second IP. The second IP is on the site about 15 seconds after the customer is on the site…

This has occurred several times and the IP address of the second “User” is a cloudflare IP out of San Francisco or New York. I don’ use Cloud Flare.

Is this some kind of hijacking?

I am on a shared server and my host has looked into this and can’t see any vulnerability.

Thank you for any assistance.


Hi Bob. Are you using PayPal Standard as a payment method ?

If so then the second customer can purchase and pay for the same item if the first

customer doesn't select 'return to merchant' after payment.

This is just the way it is and can only be fixed if you use a PayPal method

that 'automatically' returns to CS-Cart after payment has processed.


Thanks for looking. I found out the issue and resolved it. It was the chat/tracking software that I used on my website. About the time that I saw the strange behavior, the Chat software started to use Cloudflare CDN. I first contacted Cloudflare, because it was their IP addresses. I then contacted the chat software company and that is when they told me they just started to use Cloudflare. Evidently, they were caching to much and caused the behavior I saw. They immediately stopped using the service and reverted to their own servers.

I just got scared due to all the other things going on and did not know what was happening. I was about one day away from shutting down my website.


We're seeing this more and more across other apps as well … the common thread is they are a.l using Dynamic DNS-based CDNs…