Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Paypal Module Hacked?

edschaum

By edschaum
in Other

 Share

Recommended Posts

edschaum

edschaum

Posted
Posted

I received a large order a couple of days ago and the payment method was paypal. When I checked paypal, there was no payment, yet the order completed as if the payment was made.

 

The email address of the person ordering was suspicious, so I checked the site: www.spam.la

 

The email address of the person ordering was [email protected] .

 

If you filter the listing of emails on spam.la to show only mail that is going to [email protected], you will see that they've placed orders in dozens of osc stores for large ticket items using paypal as the payment method. You can also see that some store owners have replied saying "we have your order but something is wrong with the payment". Other store owners seem to be oblivious to the fraud and are going to ship the orders?!?!?!?!?!?

 

Here are links to a couple of pages of emails coming in to that site which show osc order emails:

http://spam.la/?start=2127218&f=sdf

Load the above page and then keep clicking on "20 older emails" to see more fraud activity.

 

On this page: http://spam.la/?start=2154612&f=sdf

a couple of dealers are responding telling the fraudster that they didn't receive his payment.

 

All of the orders I've seen go to Andrew Weevilo in Richmond Virginia.

 

Has anyone else experienced this?

 

Ed

satish

satish

Posted
Posted

If its a std paypal module tat comes with oscommerce yes its easy to hack thru.

 

So recommended that You do install paypal IPN contrib developed by oscommerce team.

 

 

Regards,

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Guest

Guest

Posted
Posted
I received a large order a couple of days ago and the payment method was paypal. When I checked paypal, there was no payment, yet the order completed as if the payment was made.

 

The email address of the person ordering was suspicious, so I checked the site: www.spam.la

 

The email address of the person ordering was [email protected] .

 

If you filter the listing of emails on spam.la to show only mail that is going to [email protected], you will see that they've placed orders in dozens of osc stores for large ticket items using paypal as the payment method. You can also see that some store owners have replied saying "we have your order but something is wrong with the payment". Other store owners seem to be oblivious to the fraud and are going to ship the orders?!?!?!?!?!?

 

Here are links to a couple of pages of emails coming in to that site which show osc order emails:

http://spam.la/?start=2127218&f=sdf

Load the above page and then keep clicking on "20 older emails" to see more fraud activity.

 

On this page: http://spam.la/?start=2154612&f=sdf

a couple of dealers are responding telling the fraudster that they didn't receive his payment.

 

All of the orders I've seen go to Andrew Weevilo in Richmond Virginia.

 

Has anyone else experienced this?

 

Ed

Personally, I haven't, but I am grateful for the info. How did you find out about how to display these emails?

 

Doesn't the FBI handle internet fraud in the US? In Australia, it is the Federal Police that I report this stuff to.

edschaum

edschaum

Posted
  • Author
Posted
If its a std paypal module tat comes with oscommerce yes its easy to hack thru.

 

So recommended that You do install paypal IPN contrib developed by oscommerce team.

Regards,

Satish

 

Thanks for the reply. I'll try to install ipn, but my version of osc became obsolete right after I went live with it and ipn supposedly only works with MS2. Once osc changed the core code, most updates/mods became useless to me.

 

Ed

edschaum

edschaum

Posted
  • Author
Posted
Personally, I haven't, but I am grateful for the info. How did you find out about how to display these emails?

 

Doesn't the FBI handle internet fraud in the US? In Australia, it is the Federal Police that I report this stuff to.

 

I found out just by going to the site. The whole site is there just for throwaway email addresses. Once I scrolled back through some of the messages, I realized that they were hitting a lot of sites.

Guest

Guest

Posted
Posted
I found out just by going to the site. The whole site is there just for throwaway email addresses. Once I scrolled back through some of the messages, I realized that they were hitting a lot of sites.

OK, thanks Ed for bringing this to everyones notice.

 

With the name of the site, it does not sound like it is legit.

 

I use a Paypal IPN module, but I don't see how that stops me from being hacked. Maybe Satish can explain?

bobg7

bobg7

Posted
Posted

I could also be there using a cloned PayPal Payment email where they create an html email to look exactly like a real PayPal email.

Installed Contributions: CCGV, Close Popup, Dynamic Meta Tags, Easy Populate, Froogle Data Feeder, Google Position, Infobox Header Entire Row, Live Support for OSC, PayPal Seal with CC images, Report_m Sales, Shop by Price Revised, SQL Updater, Who's Online Enhancement, Footer, GNA EP Assistant and still going.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...