Hey everyone, I need some advice about a weird issue on my sports gear online store. For the past month, something fishy has been going on. A customer signs up with fake info, logs in, and manages to buy expensive stuff for way less than it should cost. They’re getting items worth over 1000 bucks for just 90 or 200!
Here’s what typically happens:
- This person makes an account
- They find a pricey item (like an 11,000 Rs cricket bat)
- Add it to their cart
- Choose cash on delivery
- Complete the order
But when I check the order details later, it shows the ridiculously low price. I’m using ASP.NET 3.0 and sessions for transaction info.
I figured out they were messing with hidden fields in the cart. Now I need a safer way to handle this. Any ideas for a more secure method in ASP.NET 3.0?
Thanks for your help! This is driving me crazy.
Wow, that’s a wild situation you’ve got there, Sophie26! 
It sounds like you’ve got some sneaky hackers trying to game your system. Have you considered using server-side validation for your prices? That might help catch these shenanigans before they become a problem.
I’m curious, have you noticed any patterns in when these suspicious orders come in? Like, is it always at a certain time of day or from a particular IP address? Might give you some clues to work with.
Also, have you thought about implementing a captcha or some other form of human verification during checkout? Could help weed out any automated attempts to exploit your system.
This stuff can be so frustrating to deal with, but don’t lose hope! There’s always a solution out there. Keep us posted on how it goes, yeah? I’m sure others here would love to hear how you end up solving this mystery!
I’d recommend implementing server-side price validation as your top priority. Store the correct prices in your database and verify them against the submitted order before processing. This prevents client-side manipulation.
Consider adding logging for all price discrepancies and suspicious activity. This can help identify patterns and potential vulnerabilities in your system.
You might also want to implement rate limiting on account creation and purchases to slow down potential attackers. Utilizing a payment gateway for all transactions, even cash on delivery, can add an extra layer of security.
Lastly, regularly audit your codebase for any unintended exposures of sensitive information. Security is an ongoing process, so stay vigilant and keep your systems updated.
Oof, thats rough sophie26! maybe try a token system so each transaction gets a uniq token validated server-side. that way, hidden field editting won’t matter. random timeouts during checkout might slow bots too. best of luck dealin with these sneaky types!