store being compromised?

   Community Suite
   SMF Gallery Pro
   SMF Store
   SMF Classifieds
   Newsletter Pro
   Downloads System Pro
   Ad Seller Pro
  
   Hacks and Mods
   Latest SMF Hacks
   TopTen Hacks
   Styles and Themes
   Add a Hack
   Manage Hacks
  
   Earn Money from Your Forum with these tips
   SMF Theme Generator
   SMF Package Parser
   Free SMF Hosting
   HostRocket Webhosting for SMF
  
   Site Showcase

Advanced search

[Bar Nuthin]

i recently had a transaction where a user purchased multiple digital items - using paypal -  for $0.01

i confirmed that there were no coupons added or used. It looks like paypal returned a valid IPN

any idea how this user accomplished this?

the total for this order should have been around $50

[lakestclair]

I just received this notification from Paypal...

Please check your server that handles PayPal Instant Payment Notifications (IPN). IPNs sent to the following URL(s) are failing:
 
http://www.lakestclairrun.com/storeipn.php
 
If you do not recognize this URL, you may be using a service provider that is using IPN on your behalf. Please contact your service provider with the above information. If this problem continues, IPNs may be disabled for your account.
 
Thank you for your prompt attention to this issue.
 
 
Thanks,
 
PayPal

[SMFHacks]

Bar Nuthin - I have seen that occur involves altering the url/item price of the transaction sent to paypal. I can give you some code to prevent low value purchases depending on what is the cheapest item you have with coupons.

lakestclair
That is safe to ignore. If you have it pointed to that file in your IPN profile on paypal that error may occur since that page does not exist.
The store automaticlly sets the correct path.

[Bar Nuthin]

i'd be interested in that code though it sounds like somebody could still purchase $100 worth of products and edit it to the lowest priced item in the store - if I understand you correctly


I'd be even more interested in how this is pulled off, if you could send me a PM

and are there any other methods to lock out this type of action?

[lakestclair]

lakestclair
That is safe to ignore. If you have it pointed to that file in your IPN profile on paypal that error may occur since that page does not exist.
The store automaticlly sets the correct path.

This is the first time it's happened since I opened the store.  Happened again tonight..Same message.

Help Support the SMFHacks.com mod making.