VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-Cart StoreFront Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Problems and bugs
 D.O.S. Attempt
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Starting Member

8 Posts

Posted - August 24 2012 :  11:45:45  Show Profile  Visit surplus's Homepage  Reply with Quote
Last night some character wrote a script to repeatidly submit the same order
to our shopping cart over 400 times. Seems like a low-tech form of a D.O.S. attack.
Can't imagine anyone doing this manually.
Has anyone else experienced this?
My first thought is that we need a method to block an IP if it creates an order more
than 10 times per hour.
Does anyone (ie. Cam or Simon) have any better ideas or suggestions to prevent this?

Payment Details ---
Payment Type = Order Canceled ***
IP address =
Selected Currency = CAD

Probably would be a worthwhile investment for us to design some protection for this type of crazy stuff.

Thanks for any feedback!


Edited by - surplus on August 24 2012 12:43:25

Starting Member

8 Posts

Posted - August 24 2012 :  12:05:27  Show Profile  Visit surplus's Homepage  Reply with Quote
At little more info on this.
It was actually around 1200 identical orders received on our VPASP cart in 2 minutes.

Some kind of script loaded up our orders database with cancelled orders until finally our cart just locked up!

Seems that a throttle on shopcreateorder.asp might be an idea.

If the same customerid was restriced to say 10 orders per hour (or per day) then the SQL database would be protected.

I see we have a limit on the number of downloads (xdownloadlimitcount) allowed.

Something similar might protect shopcreateorder from being reloaded a zillion times by a script?


Edited by - surplus on August 25 2012 12:12:48
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000