SamyT Posted February 19, 2009 Share Posted February 19, 2009 I've logged in to oscommerce today to change a order status from Pending Payment to process and found all of our pending payments GONE. I then noticed that over 1000 orders that were under shipped have now moved to Refunded. Just to confirm, none of these orders are actually refunded. Basically a bunch of orders in various statuses moved from their status to refunded. Has anyone seen this before and does anyone know how to fix? Link to comment Share on other sites More sharing options...
spooks Posted February 19, 2009 Share Posted February 19, 2009 I suspect you've been hacked. This seems to be one latest: http://www.oscommerce.com/forums/index.php?sho...c=328935&hl= Do you have security fixes done: http://www.oscommerce.com/forums/index.php?showtopic=313323 Do you have backups in place? http://addons.oscommerce.com/info/2314 and http://addons.oscommerce.com/info/5769 Its better to do these b4 you get hacked, but do them now so it don't happen again Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
SamyT Posted February 19, 2009 Author Share Posted February 19, 2009 I'm sorry, but how would this be a result from hacking? They sat there for hours changing my order statuses? The only problem with that is, the order status doesnt actually reflect the real status that's in place on the page itself. Like the little tick box history shows the true status and the refunded one doesn't even come into it. Link to comment Share on other sites More sharing options...
SamyT Posted February 19, 2009 Author Share Posted February 19, 2009 I don't have testimonials installed, nor has any of what's happened to those people happened to us. Link to comment Share on other sites More sharing options...
SamyT Posted February 19, 2009 Author Share Posted February 19, 2009 Can anyone PM me a Oscommerce forum or paid help service that can definitely help with this please? Link to comment Share on other sites More sharing options...
spooks Posted February 19, 2009 Share Posted February 19, 2009 If you have any flaws in your installed code that allow sql injection, then simply one line of code could change 100's of entries. Or possibly you have bad code that has erroniously made the changes. Check user inputs are sanitised (quotes, brackets etc removed) This page may help you identify if you have an issue http://www.owasp.org/index.php/Testing_for_SQL_Injection Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
SamyT Posted February 20, 2009 Author Share Posted February 20, 2009 I haven't the slightest idea how to do any of that so I've asked my webhost for a quote on doing it all. I am damn sure I saw a forum post where someone had every single order go from whatever status to shipped or cancelled - something like that. But this was years ago and I can't find it anywhere. I thought this exact thing must have been seen by someone but no luck. I'd love to know if there is any way to bulk update the orders back to their own status? Link to comment Share on other sites More sharing options...
SamyT Posted February 20, 2009 Author Share Posted February 20, 2009 I think I found out another thing. The only orders that did not change were the ones paid for using Pay Pal that had the IPNs and werent refunded. I noticed that whenever one of the ones that moved had Pay Pal, it was always one with a partial refund. The sheer number of other methods appearing in the ones that moved made me look at the ones that didn't move and they appear to be all Pay Pal payments. Does this shed any light? Link to comment Share on other sites More sharing options...
SamyT Posted February 26, 2009 Author Share Posted February 26, 2009 This means if I didn't use pay pal, every single order would likely have moved to refunded - since I hadnt made changes to oscommerce is some large period of time, surely this is worth someone looking into it? Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted February 26, 2009 Share Posted February 26, 2009 I would recommend that you install the contributions mentioned by Spooks, hopefully you are running on a linux server. I don't even try to start to understand why people hack but one sql injection command can change every status or selected status to anything they want. They could even download all your customer details/email addresses or just delete them. If you can work out a rule then it is possible to reset all the statuses back to where you want them. Oh, BTW, did I say I would recommend that you install the contributions mentioned by Spooks. Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
SamyT Posted February 26, 2009 Author Share Posted February 26, 2009 My host has investigated and confirmed that it wasn't an sql injection - they followed the info given by Spooks. The reason I keep trying to find help is because it wasn't that, there's some sort of bug that caused every order to go to refunded except for the ones with Pay Pal IPNs in place - this could be terribly inconvenient for larger stores with higher volume, ours was bad enough. Link to comment Share on other sites More sharing options...
spooks Posted February 26, 2009 Share Posted February 26, 2009 It would appear currently that this is a bug 'paculiar' to your store, so unless someone just happpens to get the same your not going to get anything unless you provide a lot more info. osC version, php, sql, linux/windows server? what contribs and do you have a template, where from..... Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
SamyT Posted March 8, 2009 Author Share Posted March 8, 2009 Over 1000 orders changed again today to refunded. There's even a new status I created called refunded and it went to this new location. Whatever it is, it seems to be affected by Pay Pal because the orders move to the status Pay Pal has for refunded orders and nowhere else. Can anyone contact me with a reputable firm to look into and fix this please? Link to comment Share on other sites More sharing options...
SamyT Posted March 9, 2009 Author Share Posted March 9, 2009 I have discovered the action that causes this.. This morning we received an order and two accompanying Pay Pal payments for the one order. As it was a duplicate, one of the payments was refunded. At the exact second the payment was refunded, all of our non pay pal payments changed status to REFUNDED. Note: This was TWO PAYMENTS but only one order process. Does anyone know what to fix to stop this from happening in future? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.