PM me the site and i will try to go through the checkout (without paying) and see if anything fishy is going on.

First thing to do, forget the stats - go on your site and BUY SOMETHING, not just go through the motions. Pay with your personal PayPal account and just refund it later.

After you've done that, do it again in another web browser. Didn't IE release a new browser about 3 weeks ago...?

My initial thought is that if you were only making one sale a day, it's possible that one sale was coming from one place - maybe a blog that mentioned your product, but didn't link to it, so people would go and Google it to find you. And now that post is buried, or was kicked out of the search engines with Google's most recent content update. Could be a lot of reasons there... According to your analytics, where were your SALES coming from? Forget about your traffic, look at the people who actually bought something and figure out where THEY came from. Then see if traffic from THAT source has tapered off.

HI Wheels - I cant really send you the URL at this time as things are a bit delicate at the moment.

On the source of sales front digitalv - I only get traffic from the SE's - no-one has ever linked to the site - noone ever does but I guess thats another story....

All my traffic - as I say - is from the engines - around 80% from google searches for the product - and the remaining 20% from the other 2. I am 3 on google, 1 on msn and 1 on yahoo for the main term which is around 90% of the total unique IP hits. No source of traffic has tailed - there were none to tail off.

Its not IEs new browser - my loss is far too dramatic and sudden for it to be attributed to a new browser. That would mean the planet installed the new version all on the same day!

I am suspecting some kind of DNS poison attack - can anyone chuck in a few ideas on that front?

My site looks the same on my ISP as it does on another large ISP. My paypal buttons are all coded correctly and showing up correctly. When I click them - they take me to my paypal account with my company name at the top.

It totally strange - and STILL no sales - this - whilst only a small amount - could be the end of me online.

Im going out on a limb here, but I strongly doubt that your site doing 1 sale per day has caused some hacker to take the time to setup a dns poison attack. Unless perhaps you ticked off a technically advanced competitor. dns poison attacks at any type of global level would be very, very difficult. Try doing a tracert to your site, does it land on YOUR ip? If so it is not a global dns poison attack. Also, if it was a dns poison attack wouldnt your traffic have died to zero when in fact your traffic remained the same but conversions dropped.

One sale a day isn't a big enough number to accurately suggest that something's going on if there's a lull in sales. Three weeks is a large time frame, but it happens.

Have you used a proxy server to see what the search results look like from another area? Google changes ranking based on area.

Have you bought something yourself? If you think the purchasing system is "hacked", buy your own product on your website to confirm.

If you're worried your server is still messed up, ask the host to clean it off and re upload your files/databases.

ssgumby - Yes - I may have ticked off a competitor. My site has been hacked numerous times - too many to count this last 12 months. I am constantly (24/7) running my own in-house systems to check and re-upload corrupt files. So the hate is there for sure.
Tracert is interesting. The host is a shared host account - and a tracert thedomain.com lands me on anotherdomain.com on the same account which I thought a bit strange.
Yes aswell - I was certain already that my traffic would have stopped in AWstats - unless they were doing something REALLY REALLY FANCY. So the fact it is still showing the traffic - is a positive sign its not a DNS problem or attack.

Stout - I agree that 1 sale a day is not a good measure. Theres always a "but" - I run 10 different sites targetting the same product but different ways of naming it. These sites between them get

1 - sale a day on the main site (the one I have problems with)
6 sales a month between the other 9

Those 6 would appear to be still coming in - so the lull - if this is the answer - seems to only affect the main site and not the other 9.

I will have to buy something myself - but I want to do it on another ISP to be sure.

"Ask the host to clean it off....." - this host doesnt know how to pick their nose - never mind clean up a server :(

this host doesnt know how to pick their nose - never mind clean up a server :(

Hacked too many times to count in the last 12 months!?!

Get off this host, review all your software, and tell me you are not storing credit card numbers.

If your security systems are up to snuff, there's no way you should be experiencing this frequency of hacking. When I see that I immediately think 'back door'.

Unless you have the CIA after you, someone having the resources and drive to stage a directed, sophisticated, continual attack on a competitor who does a single sale a day...?

I would suspect your host IS your competitor ;)

ssgumby - good point - so ive done a few checks in my paranoid state and I would say not! :)

rachel - I would move - but some of my sites which also target this product are on another host - and YUP youve guessed it - they get hacked aswell. So in terms of host - its tricky for me. The revenue - even when its coming in doesnt warrant a mega expensive host so its a bit of a chicken and egg situation.

The hacks are dirty - really dirty. Heres a few of their tricks.

They place iframes in my source code which redirect to malicious urls.

They place spam links (thousands) in my source code.

They create directories and fill them with fake company (banks) html pages.

They change my .htaccess to redirect SE traffic to other malicious sites.

They create files which are scripts which do nasty things to my source code with EVALs to hide the actualy code.

They get the SEs to index the php scripts they place on my server which inserts malicious code into my HTML - of course - my sever executes the evil php every time an SE BOT visits randomly.

When they change a file in my server - they fiddle the date and time setting - so that it doesnt change to reflect that the file changes (this makes it almost impossible to locate changed files because I cannot sort them)

They use the server to send thousands of emails and the bounce rate is awful - this fills my space with returned to sender mails.

Its been hard - but ive cracked all of these - this lost sales one though is totally baffling me.

[edited by: MrFewkes at 8:45 pm (utc) on Feb 28, 2011]

I think this post does not belong in this ecommerce forum. It's a site(s) security issue.

_{- unless you're talking about a "5 digit - 1 sale per day".}

JohnRoy - I looked over the forums for ages thinking where to start this thread and didnt notice a security one so could only post to the nearest thing as the sites are ecommerce based.

Yes its a five digit sale per day - as follows -
28.99
Five digits :)

Sorry.

Your host is awful. Get a new host now. If your host can't even clean off your computer then they aren't a host worth having.

Change your password to something long you've never used before, a bunch of letters uppercase and lowercase, numbers, and symbols. The longer, the better. Use a trusted FTP. Make sure all input fields on your site have been properly cleaned for any sort of injection attack. Clean off YOUR personal computer, you may have a keylogger on it.

But mainly, just get a new host.

They run an antivirus - but of course nothing shows up because these are pretty much taylored attacks and dont have common checksums or whatever.

Im worried if I change host - then I will only be back to square one learning all about how to clean up on a new host with new ways of working etc. Mind you - having said that I suppose theres not much to lose at this point in time.

Im a bit concerned about ranking aswell if I change hosts.
Ive never changed hosts where a site I care about is involved.

A tough one for sure. I would also suspect somehow there is a back door or they have one of your passwords. That many "hacks" in a short period of time seems very unusual.

taylored attacks

They sound like standard bot attacks. Thousands of malicious links aren't planted by a person, they are planted by a bot.

Im a bit concerned about ranking aswell if I change hosts.

I'd be much more concerned about losing ranking based on a compromised site. Google will blacklist you for Malware if they find it, and with what you are describing, they have probably found it.

Done correctly, a server change will not damage your rankings at all.

PS, if you are using any sort of software (php) on this server, make sure it is thoroughly patched and up to date.

Short of having a password that is "password", or a back door, or a host with no firewall or security to speak of, you may be running a version of some software that has a known vulnerability.

If you are running a website with security holes a new host won't change a thing. You will set up the website on a new server and two days later you will have the status quo. If you suspect you have a security issue and don't know how to check for yourself get a professional involved to check your site and webserver for you.

I guess you already got the answer here. RUN to another hosting now.

However, I think the appropriate place to discuss would be:
website_technology [webmasterworld.com]
From webservers to text editors, dealing with the alphabet soup of programs and protocols.

OR hosting [webmasterworld.com]
Discussions around webhosting issues, options, and current events.

~~~
- 5 digits... LOL :)

So - today I get a phone call from a customer wanting to order from the site. I asked him if he would be so kind as to order online (sure - here is the ideal opportunity for a test I thought).

LOL - he told me I was being cheeky!

I laughed (but was a bit dissapointed) and took his order over the phone with paypal virtual terminal.

Later on - and totally unrelated - I got an online order!
My first in 3 weeks or so.

I hope it was a lull - and I also hope that this lull stops and there isnt another.

Bit of an obvious one, but have you been to an internet cafe and made a test sale that way?

I just wanted to say - ive done quite a lot on the security front in terms of the actual php files which constitute the shopping cart. Ive removed the big security holes. Anything else would be beyond me - including some of the server side op sys and networking.

Creative - Im trying to organise friends to do it - but they are all reluctant to use their credit cards online? Odd bunch.

Having said that - im a bit reluctant to go to a public PC and stick my bank or cc details in aswell.

Get a gift card at a grocery store and use that to test it.

This whole thread is bordering on ridiculous... Do you even have a site? You have the skill to "remove the holes" in a PHP shopping cart (I'm dying to know which one, and what holes), in spite of the fact that you said you're just using a PayPal buy it now button in your original post, but you haven't even tested it with a real credit card (or PayPal account... which is it?). You can't find one friend to test your site for you, nor will you yourself out of security fears - but again, we're talking about PayPal so the transaction doesn't happen on your site and no credit card is ever typed in. And out of all of the reasons you could be suffering from missing sales, you're convinced that ninjas infiltrated your system to steal your one sale a day?

I call B.S... anyone who continues to post in this thread is wasting their time.

Digitalv - the detail of my site is as follows.

It is a html front page linking off to 6 or 7 subpages - each of these is hand written and about different aspects of the product.

The html front page - index.html in the root - has 6 products and 6 buy now buttons on it from paypal - for users who wish to buy a single item and want to get on with their purchase fast.

On the index.html page - there is also a large link which says (in a jpg) click here to see our full range. This links to a sub-directory in which sits the OScommerce index.php file - the start of my shopping cart. There are 10 products to choose from and purchase through this section of the website.

The shopping cart is powered by oscommerce with plugins from Cardinal Centinal which interface with my website payments pro account at paypal. For which I pay paypal a monthly fee. (Actually I think the buttons also require that I have a paypal pro account - not sure).

Anyway.

Historically the site started out as a front page html index file (which I wrote with no buy now buttons on it - but purely for the SEO which I could do instead of modifying the shopping cart). Off that index I had a similar link "click here to see our range" etc which linked into the shopping cart - OScommerce.

I added the index buttons as I learned more about the features of paypal which I had available to me.

Filemanager.php is the main security hole in oscommerce and I wouldnt have known this if I had not researched - this is gone - also I have done my best with permissions on files and also cleaned up install files. At one point I read that there were other holes in the Admin side - I deleted almost all admin functions - but at some point re-instated it for the stock and product update modules.

I have done nothing on the DB security beyond the standard minimum which could be a problem but I am not experienced enough. I use phpMyAdmin to poke around and thats all.

I work alone from home and I have no friends who are computer orientated to help me with the site - and certainly no friends who would be prepared to use their card on my site now that I have told them Im having problems with it.

When I go to the site - and follow the buttons - I am taken to the paypal secure website - and I can see my company name - so from that perspective I fail to see how on earth something can be wrong. What I have had done for me is the same by two mates on different ISPs than me - and they too can see my company name on the paypal pay screen.

My reasoning for suspicion behind all this started with the constant hacking I have described above. Then I read about DNS poison - and knowing nothing about that I am poking round in the dark and thought I would ask here.

One of the hacks was an insert of code into my .htaccess file - which basically said that if the referrer string contained "google" "yahoo" etc etc (a list of about 20 search engines) then the user was redirected to a malicious site.

This lead me to believe that "something somewhere" could or must be redirecting my users.

Let me explain - I visit my site from my browser favorites - I very rarely click it from google - no need.
So you can imagine - I was losing sales whilst my .htaccess was holding redirection code in it - and I was looking at one thing - and my users coming in from an SE were seeing a malicious site. My sales had stopped dead - so - I looked into it and found the redirects - this was a solution - I had caught the hackers.

I now find myself in a very very similar situation - my sales have stopped - but my site looks fine, traffic is fine. Dont belittle 1 sale a day - it means a lot to me.

I think you will find your B.S statement the only B.S in this thread.

Im now wondering whether its the adwords advertisers from china selling the same thing as I do but at half the price.

They sit above (of course) me in the serps and state their scummy low prices and free US/UK shipping.

Well - of course its free - they dont do US or UK internal shipping they ship from china where they are based - and so they charge for it - but that makes their title in adwords correct in a scummy way.

I cannot compete with that. Thats ecommerce.

So - chinese export their goods to me - I pay import duty and taxes.

They also sell their goods along side me in google direct to end customers - at the same price they sell them to me!

Oh dear - time to get a day job at macdonalds I think.

If you're supplier sells openly to the public at the same price, or less, than you do, then yeah... I would say that's definitely a problem. I would contact them and ask them what's up with that. How do they expect any of their retailers to survive under those circumstances. But you know what their response will be.

I have a supplier that does this. What I offer is what they don't--information about the product plus a bunch more things they don't sell. I actually charge more for their product than they do, but it still sells. So I don't think it's necessarily a problem if your supplier has an online presence. I wouldn't be competing with them on AdWords, though. Aim for a different group of people, folks they are missing. You can reach them by writing different content from what your supplier writes.

That's actually true... One range of products I sell comes from a company in the US, and is the typical cheap overseas stuff. They're easy to do business with, so it's a brand that you see a lot of the ebay crowd selling. I sell mine for way more than most people do, but I customize them a little and also have a higher grade site than the low ball people. So far I haven't had a complaint.