|
Evan Westerlund
|
October 23, 2016 at 10:18 am
Greetings,
Just some moments ago, I received what appears to be a complete “spoof” transaction, as it comes from the U.S., is a Yahoo email address, and has a fake home address. I use invoice upon enrolment, not a payment system.
How are these things normally approached, from an EE perspective?
Thanks in advance,
Evan / EE User
|
|
Tony
|
October 24, 2016 at 5:02 am
Hi Evan,
I’m sorry but I’m not sure I understand the question.
You have a registration that has used spoof data and has been finalized using the Invoice payment option, correct?
If so the registration will be saved as normal however by default the registration status will be ‘Pending Payment’ which means it does not apply to any of the registration limits for the event, it is just a registration waiting for payment. Only registrations with a status of ‘Approved’ are applied to event, by default this will only be registrations that have paid or have been manually set to approved by the admin.
If the above registration has been ‘Approved’ have you changed the ‘Default Registration Status’ within the Event?
|
|
Evan Westerlund
|
October 25, 2016 at 3:22 pm
Hi Tony,
Sorry for the delay. Traveling on business.
It is “Pending”. So…sure registration waiting for payment. Yet it is total spoof information. Someone in St. Louis (or so they say) registering for a negotiation program in Sweden? Not making any sense at all, especially when it is purely false information “My Street” for example as an address. An email that is not a replica of the name in any way etc.
From a security perspective, really what are they after here by doing a false registration? I fear that this is something that will cause me to remove the plugin, unless EE can share with me steps some basic steps to ward off such things & preventive measures. I suppose the only real way is to add a payment system add-on like Stripe or something?? This could be one avenue, but our clients prefer an invoice.
Thanks again,
Evan
|
|
Josh
|
October 25, 2016 at 3:32 pm
You can use these plugins to ward off such things:
https://wordpress.org/plugins/block-bad-queries/
https://wordpress.org/plugins/blackhole-bad-bots/
Adding a payment add-on like Stripe would not prevent unwanted registration form submissions, because the payment step happens after the registration form step.
|
|
Evan Westerlund
|
October 26, 2016 at 6:33 am
Thanks for this—-
|
