OK, I am selling game card codes. So there's no download involved. E-junkie sends out emails after each transaction is completed. My website hosting server is running fine and the checkout process is working. The only sign that makes it look like attack is, I sell a code every 30 minutes, no matter it is 11 am in the morning, or 4 am at night, until there's nothing to sell. And typically after a day or 2, PayPal will email me regarding a few new disputes of unauthorized charges.
So tonight I turned my entire website down and if you visit it now, you will get a big "Maintenance" image. The product pages won't show unless you enter the password. Guess what? I am still selling things!
So my explanation is, someone is using a programmed thing to buy directly via the e-junkie's shopping cart code. Through previous visit, he or she found out my product ID and my client ID at e-junkie, which are used to identify my products, and this person is now using it to take me down. Because for ordinary customers now, they can't even see what my products are!
Any suggestions? Please help!
Update: I now request buyers to enter their addresses and phone numbers (shipping is set to be 0). Hope this will offer a little security. Still, any suggestion is welcome. Thank you!