HI @Remitur
We are aware of reports of unusual orders being placed, potentially in an automated way and are tracking this internally.
There are some immediate steps which you can take to help minimise the impact of automated orders :
First of all, please make sure that "Allow Client Registration" is disabled at System Settings > General Settings > Other (tab) , as this provides an easy way for spammers to create accounts without needing to place an order.
Secondly, please make sure that you have enabled "Invisible reCAPTCHA" under "Captcha Type" at System Settings > General Settings > Security (tab) . This is the most secure captcha that is currently integrated with WHMCS.
Next, please make sure that you follow and implement all of the solutions provided in our documentation:
https://docs.whmcs.com/orders/spam-orders/
Importantly, please make sure that you have implemented a Web Application Firewall and gone through the full configuration process. Whilst we don't recommend any particular provider, the following are some of the most popular:
CloudFlare: https://www.cloudflare.com/
Amazon CloudFront: https://aws.amazon.com/cloudfront/
Incapulsa: https://www.incapsula.com/
KeyCDN: https://www.keycdn.com/
We are looking into whether these spam orders are being created by submitting a modified POST request to WHMCS. If that is the case, implementing a well-tuned WAF should mitigate much of the problem.
Hi @futuristicneeds Please enable the Display Error option under Setup > General Settings > Other tab. You can also follow this guide for instructions on how to do this: https://docs.whmcs.com/troubleshooting/enable-error-reporting/ Once you've done this please report back with error logs that can help us identify the issue. Thanks