We are a small family restaurant and are being targeted by a nutter making false bookings. We know who he is but the police won’t track him down, as they say it’s not a crime? All bookings are traced back to cloud fare via IP address. It is costing us a fortune, during already difficult times. Any suggestions would be appreciated.
Is your website on Cloudflare?
This is important. Whether using CF or not, you will have to restore their IP address as they might be using WARP.
Simultaneously, since you are a local restaurant, the best bet is locking down your site access to your country and nothing else; this should slow down the troll. Add captcha on the reservation page and a rate limit.
No. We have only just got around to checking in addresses of the false bookings. Nearly 40 in the lead up to Christmas. They all came through Cloudflare.
Unfortunately, there is not much we can do if a malicious actor uses WARP (Cloudflare VPN). It would be even worse if they were using another VPN since you wouldn’t be able to recover their original IP Address.
You can use Cloudflare to mitigate a good part of this attack; however, it might be a bit too technical if you are not familiar with the terms I mentioned earlier.
My advice is to either get a technical person to set it up for you or study how to implement Cloudflare to do it. You can also lawyer up and find a lawyer that would prosecute the troll for the damages this might have caused you (potential business opportunities lost, the cost to set up the new security standards, the time it took to deal with the fake bookings, etc, etc).
Unfortunately it’s not just a troll. We know the guy, he lives locally, was a former neighbour, who we had to report to the police on a number of occasions, for many things, including child abuse. The police say that making false bookings is not a crime. God knows why.
Oh…Squarespace. I don’t think they have many firewall options. If they can block all of Cloudflare, that should take care of it.
I insist that you need a lawyer to file a complaint; they will know the optimal way to approach the case. The police might not find it illegal because it’s not a penal case but civil.
Oh well… That’s going to be problematic.
@user17885 You need to add a Captcha on the booking page, ReCaptcha V3 if possible.
It sounds like they are manually making the bookings, so CAPTCHA is only going to slow them down a little bit.
Fair enough… I can only think that an SMS code to verify bookings with an option to block numbers would work, but who knows if something this specific exists.
Thank you all very much for the advice. Possibly the best bet is to approach a lawyer. Not easy given the cost and the fact that covid has had us closed for a lot of the past two years. All a bit of a nightmare.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.