Page 1 of 1

Huge Gaps in Order Numbers

Posted: Fri Aug 09, 2019 5:36 pm
by gdelorey@mitcs.com
Hey all -

In my experience, a failed payment causes a gap in order numbers which is usually 1 or 2 at most. We're seeing some gaps now of 50+ numbers, which I assume is a bot trying to gain access to the site or repeatedly hitting the checkout page. We implemented Cloudflare which seemed to help slow this, however it's still occurring a few times a day.

On the /ConLib/Checkout/PaymentWidget.ascx.cs file, we see code that appears to be in place to allow 3 failures before the purchase button is disabled. In testing this, it never increments the failed payment count and therefore never deactivates the payment button. We are on Gold R10 but moving to 9 here in the next few weeks.

Has anyone else experienced this issue? I'm almost certain it is malicious traffic causing this, however the IP's change and they use VPN's from Russia (users accounts end in .ru) to connect to US states to mask their IPs.

Thanks!
Greg

Re: Huge Gaps in Order Numbers

Posted: Tue Aug 20, 2019 1:36 pm
by gdelorey@mitcs.com
Can anyone from AC weigh in on this?

Thanks,
Greg

Re: Huge Gaps in Order Numbers

Posted: Thu Aug 29, 2019 11:39 am
by Katie
The failed payment code should be kicking in. But you are on a version that's older...

One thing you can do yourself to test is by configuring the AbleCommerce Test gateway. Once it is on, make sure the setting to reject transaction is enabled. Then create a test payment method and assign it so only the admin group can use it. Also assign it to the AC payment gateway.

Test your payment page by entering a visa like 4111111111111111 and it should fail on submit. Try a few more times until it locks you out. If it doesn't work, then let me know and I can try and track down the issue reports and see what I can find.

Thanks
Katie