Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Paypal Web Payments Pro & Instant Downloads


PGelsman

Recommended Posts

Hi, Folks, first time post here. I'm using OSC and Website Payments pro from Paypal as my processor. The other day a hacker came to my site, input phony information and a phony credit card, and was able to hack my site and download my products without paying. My site is at http://www.justmanuals.com When I get a notification of an 'order failure' I take the site down. This only gets the hacker off my site temporarily as I put it back up.

I know who the hacker is and I've even emailed him. He runs a site somewhere in the Russian federation and his site is http://www.resetters.com

He wants to get 20-40 more files before he tells me how he does it.

 

So my site is setup now so that when an order comes in, I get an email of an order in process, then I go to Paypal and capture the payment, and the customer gets his link to download his purchase. a REAL PITA and not the way I want my site to work.

 

So I have a few questions.

1- Can I ban an IP from my site?

 

2- How can I prevent this guy from stealing from me?

 

3- Is there any way I can verify an email address before someone buys from my site?

 

Please, I NEED HELP

 

Thank you,

Paul

Link to comment
Share on other sites

Hi, Folks, first time post here. I'm using OSC and Website Payments pro from Paypal as my processor. The other day a hacker came to my site, input phony information and a phony credit card, and was able to hack my site and download my products without paying. My site is at http://www.justmanuals.com When I get a notification of an 'order failure' I take the site down. This only gets the hacker off my site temporarily as I put it back up.

I know who the hacker is and I've even emailed him. He runs a site somewhere in the Russian federation and his site is http://www.resetters.com

He wants to get 20-40 more files before he tells me how he does it.

 

So my site is setup now so that when an order comes in, I get an email of an order in process, then I go to Paypal and capture the payment, and the customer gets his link to download his purchase. a REAL PITA and not the way I want my site to work.

 

So I have a few questions.

1- Can I ban an IP from my site?

 

2- How can I prevent this guy from stealing from me?

 

3- Is there any way I can verify an email address before someone buys from my site?

 

Please, I NEED HELP

 

 

Thank you,

Paul

 

 

1. Yes - you can try - http://www.oscommerce.com/community/contributions,3352

2. You were a little vague in your description. You said he uses a bogus card? So you actually see the credit card numbers, or is he sidestepping the process all together?

3.You can try this - http://www.oscommerce.com/community/contributions,2151

 

The next thing I would do would be to get ssl up and working on your site as well. A lot of people will not put their cc on a site that is not encrypted, just a suggestion.

Link to comment
Share on other sites

1. Yes - you can try - http://www.oscommerce.com/community/contributions,3352

2. You were a little vague in your description. You said he uses a bogus card? So you actually see the credit card numbers, or is he sidestepping the process all together?

3.You can try this - http://www.oscommerce.com/community/contributions,2151

 

The next thing I would do would be to get ssl up and working on your site as well. A lot of people will not put their cc on a site that is not encrypted, just a suggestion.

 

Sorry Paul, I just stole a manual from you. I went on a hunch, and Googled "test credit card numbers". This was the first hit:

 

http://www.verisign.com/support/payflow/ma...estCardNum.html

 

I went though your checkout process and voila. I have a manual for a FinePix S5000. I deleted the file from my PC :), but you have a serious problem there. I would bring the site down while you can work it out. I will do some checking, I can't believe that no one else has had this problem. At least you know how the little SOB is operating.

Link to comment
Share on other sites

Sorry Paul, I just stole a manual from you. I went on a hunch, and Googled "test credit card numbers". This was the first hit:

 

http://www.verisign.com/support/payflow/ma...estCardNum.html

 

I went though your checkout process and voila. I have a manual for a FinePix S5000. I deleted the file from my PC :), but you have a serious problem there. I would bring the site down while you can work it out. I will do some checking, I can't believe that no one else has had this problem. At least you know how the little SOB is operating.

 

(Jason) Vector, OY! I'm gonna be sick! Thank you for the quick reply. You are correct, he is using one of those test numbers. Now what can I do about it? Can you help me here?

 

Is it possible to block out these test numbers

Link to comment
Share on other sites

(Jason) Vector, OY! I'm gonna be sick! Thank you for the quick reply. You are correct, he is using one of those test numbers. Now what can I do about it? Can you help me here?

 

Is it possible to block out these test numbers

 

I would like to know which contrib you are using to allow the download of products, because there needs to be a patch applied to cc_validation.php.

Link to comment
Share on other sites

I would like to know which contrib you are using to allow the download of products, because there needs to be a patch applied to cc_validation.php.

 

I dunno what my programmer used. And he is now MIA

Link to comment
Share on other sites

You need to install a contribution called Downloads Controller, which will allow you to 'control' downloads. I think it's similar to the queueing system used with Gift Vouchers - it doesn't happen until you release it.

 

If he has a static ip address you can ban it via .htaccess.

 

Vger

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...