Support

Admin Tools

#40439 VPN

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
3
PHP version
8.1
Admin Tools version
latest

Latest post by nicholas on Thursday, 14 March 2024 15:46 CDT

Thursday, 14 March 2024 05:25 CDT

marvays

Hello.
We encounter strange behavior of people in our e-shop. some have a hobby of creating fake orders for goods. we will pay the shipping and they will not take delivery of the goods. is there any way to defend against scammers using Admintools?

I am thinking of finding out the IP address from the statistics and then blocking it for accessing the website. Which can be risky because that way I can block innocent people as well.

For example, is there a way to block visitors using a VPN? Because such a person who wants to do harm and is not completely stupid will use a VPN.

I also think of checking the cart and applying a blacklist of e-mail addresses to which it will not be possible to order goods... but surely admintools can't do that, right?

 

Because, such a person has a lot of time... writes threatening emails, is rude, sends negative reviews everywhere and we have a lot of work to fix it.

Thursday, 14 March 2024 06:33 CDT

nicholas

No. This is not something any site protection software will help you with.

This is something you have to deal at your business management side.

Typically, orders are prepaid and the shipping expenses are non-refundable in case of non-delivery for any reason. This dissuades such attacks, and if there are any you can report them to your payments service provider as malicious.

If you offer cash on delivery then this kind of malicious practice is something you have to factor into your pricing.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 14 March 2024 10:01 CDT

marvays

Good. So using admintools I can't even block based on the known IP address of the scammer? There is no option to block a visitor with a VPN either. I mean complete entry to the page. Not the order.

Thursday, 14 March 2024 15:46 CDT

nicholas

You can definitely block individual IPs. I seriously doubt that would help you any. IPs are assigned dynamically.

You cannot block VPNs unless you maintain a manual list of their egress IP addresses. Firstly, good luck with that. Secondly, you make the assumption that a. scammers use a VPN and b. legitimate users don't. These assumptions are unsubstantiated at best.

I will say this again, before closing this ticket as out of scope. Your problem is one of transaction risk assessment. It is not a security issue. You cannot and should not try to use a security tool to solve it. It's the wrong tool.

What you need to do is talk to your PSP (payment service provider) and inquire about their fraud assessment tools and fraudulent transaction feedback. They should be able to give you more information about that. Again, the best approach is to enact business rules which will incur losses to the fraudster, and factor in a percentage of fraudulent transactions in your pricing model. Managing transaction risk is a big part of the reason most small shops sell through an aggregating digital storefront such as Amazon, or (here in Greece and Cyprus) Skroutz. These storefronts have their own fraud controls which work really well because they have the behavioural visibility which comes from operating at a large scale.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!