Facebook  Twitter 

SMFHacks.com

+- +-

SMFHacks.com

+- User Information

Welcome, Guest.
Please login or register.
 
 
 
Forgot your password?

+- Forum Stats

Members
Total Members: 12382
Latest: ImportedPotato
New This Month: 1
New This Week: 0
New Today: 0
Stats
Total Posts: 40253
Total Topics: 7090
Most Online Today: 178
Most Online Ever: 2482
(April 09, 2011, 07:02:45 pm)
Users Online
Members: 1
Guests: 64
Total: 65

Author Topic: store being compromised?  (Read 5749 times)

0 Members and 1 Guest are viewing this topic.

Offline Bar Nuthin

  • Full Member
  • ***
  • Posts: 102
    • View Profile
    • The Freedom Riders Chapter 2
store being compromised?
« on: March 29, 2010, 03:46:13 pm »
i recently had a transaction where a user purchased multiple digital items - using paypal -  for $0.01

i confirmed that there were no coupons added or used. It looks like paypal returned a valid IPN

any idea how this user accomplished this?

the total for this order should have been around $50

Offline lakestclair

  • Full Member
  • ***
  • Posts: 120
    • View Profile
    • Lake St. Clair Run
Re: store being compromised?
« Reply #1 on: March 30, 2010, 07:56:23 am »
I just received this notification from Paypal...

Please check your server that handles PayPal Instant Payment Notifications (IPN). IPNs sent to the following URL(s) are failing:
 
http://www.lakestclairrun.com/storeipn.php
 
If you do not recognize this URL, you may be using a service provider that is using IPN on your behalf. Please contact your service provider with the above information. If this problem continues, IPNs may be disabled for your account.
 
Thank you for your prompt attention to this issue.
 
 
Thanks,
 
PayPal

Offline SMFHacks

  • Administrator
  • Hero Member
  • *****
  • Posts: 15123
    • View Profile
Re: store being compromised?
« Reply #2 on: March 30, 2010, 12:49:59 pm »
Bar Nuthin - I have seen that occur involves altering the url/item price of the transaction sent to paypal. I can give you some code to prevent low value purchases depending on what is the cheapest item you have with coupons.

lakestclair
That is safe to ignore. If you have it pointed to that file in your IPN profile on paypal that error may occur since that page does not exist.
The store automaticlly sets the correct path.
Get your Forum Ranked! at https://www.forumrankings.net - find out how your forum compares with others!

Like What I do? Support me at https://www.patreon.com/vbgamer45/

Offline Bar Nuthin

  • Full Member
  • ***
  • Posts: 102
    • View Profile
    • The Freedom Riders Chapter 2
Re: store being compromised?
« Reply #3 on: March 31, 2010, 12:01:01 am »
i'd be interested in that code though it sounds like somebody could still purchase $100 worth of products and edit it to the lowest priced item in the store - if I understand you correctly


I'd be even more interested in how this is pulled off, if you could send me a PM

and are there any other methods to lock out this type of action?

Offline lakestclair

  • Full Member
  • ***
  • Posts: 120
    • View Profile
    • Lake St. Clair Run
Re: store being compromised?
« Reply #4 on: March 31, 2010, 12:15:07 am »


lakestclair
That is safe to ignore. If you have it pointed to that file in your IPN profile on paypal that error may occur since that page does not exist.
The store automaticlly sets the correct path.


This is the first time it's happened since I opened the store.  Happened again tonight..Same message.

 

Related Topics

  Subject / Started by Replies Last post
13 Replies
14713 Views
Last post July 27, 2009, 09:15:39 am
by Sweetwater
7 Replies
5280 Views
Last post January 20, 2009, 05:38:49 am
by GKDantas
1 Replies
2322 Views
Last post February 13, 2009, 07:25:06 pm
by SMFHacks
1 Replies
4722 Views
Last post November 30, 2009, 07:16:04 am
by SMFHacks
4 Replies
3363 Views
Last post August 14, 2013, 09:44:56 pm
by Angie

+- Recent Topics

Moving pictures to another user personal gallery by SMFHacks
Today at 02:03:33 pm

Rebuild related images time too long by SMFHacks
August 09, 2020, 01:52:57 pm

Call to undefined function mysql_num_rows() by SMFHacks
July 30, 2020, 07:45:29 am

Problem with one videosite embedding by Hatshepsut
July 24, 2020, 01:25:08 am

Download System Lite by Rock Lee
June 03, 2020, 07:34:24 pm

Font question by SMFHacks
May 27, 2020, 08:15:26 am

Error message with latest SMF 2.1 Github build by Hatshepsut
May 25, 2020, 01:43:26 am

smfblog not working on 2.0.17 by tech9
May 20, 2020, 01:44:34 pm

Copyright removal by stbc
May 18, 2020, 01:27:57 am

Mod Verified User i can't square the image by Rock Lee
May 07, 2020, 07:56:10 pm

Powered by EzPortal