Page 1 of 1
Database attack of some sort right now
Posted: Thu Jul 25, 2019 5:30 pm
by foodsleuth
Hi,
If anyone can help, someone is "injecting" orders (attempted orders) into our system right now. I don't know their IP to block because we use cloudflare. They've loaded up almost 1100 baskets, I'm concerned the site will fail. Any help?
Thanks,
Barb
Re: Database attack of some sort right now
Posted: Thu Jul 25, 2019 5:45 pm
by foodsleuth
Short of shutting down SQL server I don't know what to do, it's not stopping. Is there a way to purge these bogus carts or otherwise stop this?
Thanks
Re: Database attack of some sort right now
Posted: Fri Jul 26, 2019 8:37 am
by jguengerich
You could try turning off guest checkout and enabling Captcha.
Re: Database attack of some sort right now
Posted: Fri Jul 26, 2019 9:02 am
by foodsleuth
It's still going on, the basket has 30,000 items now, I can't stop this. How is this even possible?
Re: Database attack of some sort right now
Posted: Fri Jul 26, 2019 9:09 am
by jguengerich
Did you try deleting the user?
Re: Database attack of some sort right now
Posted: Fri Jul 26, 2019 9:25 am
by foodsleuth
It's creating hundreds of users on hundreds of ip addresses and hundreds of carts (thousands)
Re: Database attack of some sort right now
Posted: Fri Jul 26, 2019 1:19 pm
by foodsleuth
In case anyone else has this problem, here is what I ended up doing:
1. Called my hosting company (managed hosting service) they said they could do nothing. They did say talk to Cloudflare.
2. Put in a support ticket to Cloudflare and I also set the site to "attack" mode. Cloudflare was able to see the real IP and I was able to setup firewall rules to block that IP and challenge any others from the same ASN, in case they just change their IP.
3. That traffic is still banging away at the server but Cloudflare is keeping it out so far.
That all said: I would like to purge those abandoned baskets out of the system because they've added a ton of bogus records to the database. Any thoughts how to do this? Do I recall from long ago some setting that says how long to store the carts?
Thanks
Re: Database attack of some sort right now
Posted: Fri Jul 26, 2019 1:36 pm
by jguengerich
There are settings for how long to keep Anonymous users on Configure > Store > Maintenance. There are default settings and a tool to show how many there are and immediately delete them (based on number of days old). Not sure what the database performance will be if it has that many to delete.
If they are "real" users, it doesn't look like there is a setting.
Re: Database attack of some sort right now
Posted: Fri Jul 26, 2019 1:52 pm
by foodsleuth
Thanks Jay, these are not real users and I just found those settings. I knew where was something in somewhere! I'm going to run maintenance on the anonymous user (and their baskets) and the lord willing it should clean them all out. It says to do it off hours because it will probably bog down the site given my current anonymous user count is a whopping: 456319.
Thanks again for the assistance.
Barb