Magento 1.9.3.8 bug: Random address in order

Question

In my Magento 1.9.3.8 installation. The following happens: 1. Customer signs in 2. Places item in cart, go to checkout, and chooses an address from the address book. Place order. 3. In the confirmation e-mail, and in the Magento back-end, the name and address of another random customer is used. (only the e-mail address is right)

How is this possible? And how can we solve this?

We have very minimal customizations and extensions. We had recently a lot of spam customer account registrations which we have removed manually. (Now we have enabled the captcha so the spam customer account registration is solved. )

Did you installed any module which is related to checkout or customer? — Sukumar Gorai, Jun 18 '18 at 14:15

score 0 · Answer 1 · answered Jun 18 '18 at 15:43

'We had recently a lot of spam customer account registrations which we have removed manually'.

It sounds like you've deleted the customer accounts from the customer_entity table in the database, but not removed the matching addresses from the customer_address_entity tables as well.

Now, when a new customer registers, they are assigned a new auto-increment ID in the database. This ID (in the customer_entity table) is also used as a foreign key to the customer_address_entity tables.

I am willing to bet there is still old data in the customer_address_entity tables leftover from when you cleared out the customer data for the spam customers, which means the IDs of newly registered customers are now matching to the old address records of the spam customers.

Unfortunately, there is no easy fix. Magento uses event/observers and plugins at a code level to validate data before it is created/modified and foreign keys and triggers (at a database level) in order to preserve the integrity of the data in the database. By manually editing the database, you've compromised the integrity of the data.

Using Magento's DB repair tool helped to fix this. However the problem was caused by malware.... — Joris, Sep 18 '18 at 11:51

score 0 · Accepted Answer · answered Sep 18 '18 at 11:50

I've solved the issue. The cause was Malware on the Magento shop. I used https://github.com/gwillem/magento-malware-scanner , also I found some infected files manually. Afterwards, I've deleted the fake accounts from the magento back-end panel.

Additionally, there were admin accounts created. You've to remove these. (and of course change all passwords, admin URL, etc.) -> Magereport.com

Also you need to apply a database fix, since new accounts are linked the wrong address entity ID's. You can use Magento's DB repair tool for this.

Now the shop is up and running again for a while, looks like it's clean now!

Magento 1.9.3.8 bug: Random address in order

2 Answers2