Facebook  Twitter 

SMFHacks.com

+-

SMFHacks.com

+- User Information

Welcome, Guest.
Please login or register.
 
 
 
Forgot your password?

+- Forum Stats

Members
Total Members: 4255
Latest: andreios
New This Month: 3
New This Week: 1
New Today: 0
Stats
Total Posts: 43259
Total Topics: 7518
Most Online Today: 201
Most Online Ever: 2482
(April 09, 2011, 07:02:45 pm)
Users Online
Members: 0
Guests: 177
Total: 177

Author Topic: store being compromised?  (Read 7288 times)

0 Members and 1 Guest are viewing this topic.

Offline Bar Nuthin

  • Full Member
  • ***
  • Posts: 102
    • View Profile
    • The Freedom Riders Chapter 2
store being compromised?
« on: March 29, 2010, 03:46:13 pm »
i recently had a transaction where a user purchased multiple digital items - using paypal -  for $0.01

i confirmed that there were no coupons added or used. It looks like paypal returned a valid IPN

any idea how this user accomplished this?

the total for this order should have been around $50

Offline lakestclair

  • Full Member
  • ***
  • Posts: 120
    • View Profile
    • Lake St. Clair Run
Re: store being compromised?
« Reply #1 on: March 30, 2010, 07:56:23 am »
I just received this notification from Paypal...

Please check your server that handles PayPal Instant Payment Notifications (IPN). IPNs sent to the following URL(s) are failing:
 
http://www.lakestclairrun.com/storeipn.php
 
If you do not recognize this URL, you may be using a service provider that is using IPN on your behalf. Please contact your service provider with the above information. If this problem continues, IPNs may be disabled for your account.
 
Thank you for your prompt attention to this issue.
 
 
Thanks,
 
PayPal

Offline SMFHacks

  • Administrator
  • Hero Member
  • *****
  • Posts: 16436
    • View Profile
Re: store being compromised?
« Reply #2 on: March 30, 2010, 12:49:59 pm »
Bar Nuthin - I have seen that occur involves altering the url/item price of the transaction sent to paypal. I can give you some code to prevent low value purchases depending on what is the cheapest item you have with coupons.

lakestclair
That is safe to ignore. If you have it pointed to that file in your IPN profile on paypal that error may occur since that page does not exist.
The store automaticlly sets the correct path.
Get your Forum Ranked! at https://www.forumrankings.net - find out how your forum compares with others!

Like What I do? Support me at https://www.patreon.com/vbgamer45/

Offline Bar Nuthin

  • Full Member
  • ***
  • Posts: 102
    • View Profile
    • The Freedom Riders Chapter 2
Re: store being compromised?
« Reply #3 on: March 31, 2010, 12:01:01 am »
i'd be interested in that code though it sounds like somebody could still purchase $100 worth of products and edit it to the lowest priced item in the store - if I understand you correctly


I'd be even more interested in how this is pulled off, if you could send me a PM

and are there any other methods to lock out this type of action?

Offline lakestclair

  • Full Member
  • ***
  • Posts: 120
    • View Profile
    • Lake St. Clair Run
Re: store being compromised?
« Reply #4 on: March 31, 2010, 12:15:07 am »


lakestclair
That is safe to ignore. If you have it pointed to that file in your IPN profile on paypal that error may occur since that page does not exist.
The store automaticlly sets the correct path.


This is the first time it's happened since I opened the store.  Happened again tonight..Same message.

 

Related Topics

  Subject / Started by Replies Last post
3 Replies
5683 Views
Last post February 12, 2008, 10:06:42 pm
by SMFHacks
13 Replies
18698 Views
Last post July 27, 2009, 09:15:39 am
by Sweetwater
7 Replies
6295 Views
Last post January 20, 2009, 05:38:49 am
by GKDantas
1 Replies
3106 Views
Last post February 13, 2009, 07:25:06 pm
by SMFHacks
4 Replies
5177 Views
Last post August 14, 2013, 09:44:56 pm
by Angie

+- Recent Topics

No thumbnails on new uploads by SMFHacks
March 27, 2024, 02:10:41 pm

Display the Contact Page for guests by SMFHacks
March 27, 2024, 10:55:43 am

is it possible to add support for odysee.com by fvlog19
March 21, 2024, 08:47:51 am

Request for admin notification by davejo
March 10, 2024, 01:31:59 am

I need help with torrent upload by Ineedsmfhelp
March 09, 2024, 10:01:13 pm

an idea for new mod (( content type with different display )) by SMFHacks
February 27, 2024, 01:36:27 pm

[Mod] RSS Feed Poster by SMFHacks
February 27, 2024, 11:57:18 am

find duplicate pictures by fvlog19
February 14, 2024, 02:22:40 pm

Error uploading video. by SMFHacks
February 08, 2024, 02:04:16 pm

Gallery icon as last added image by fvlog19
February 01, 2024, 01:04:56 pm

Powered by EzPortal