Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[Contribution] Credit Card Fraud Detection Service


Recommended Posts

  • 1 month later...
  • Replies 244
  • Created
  • Last Reply

Top Posters In This Topic

i'm trying to install the contribution but i get the following error when trying to add the sql.

 

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 23

 

line 23 is referring to `risk` float(7);

 

UPDATE:

*i figured instead of a ; it is suppose to be a ,*

 

you should fix the instructions if i am correct.

Edited by jasyn
Link to comment
Share on other sites

  • 2 weeks later...
i'm trying to install the contribution but i get the following error when trying to add the sql.

 

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 23

 

line 23 is referring to `risk` float(7);

 

UPDATE:

*i figured instead of a ; it is suppose to be a ,*

 

you should fix the instructions if i am correct.

 

 

Thanks! I updated the instructions and I'll upload the new ones here in a minute.!

 

 

for those who use the maxmind service .. is the premium service worth getting over the standard service?

 

I no longer have an online store, but I would like to hear the opinion of others on this question. I like the lat and long, but the IP origination city is nice to know.

9 times out of 10 its a PEBCAK Error (Problem exists between chair and keyboard)

 

Replace that and you're fine...

Link to comment
Share on other sites

  • 2 weeks later...
  • 1 month later...

Hi, I'm trying to add this to 2.2RC2 (which the install.html says it is for)

 

Step 6 says to look for this in catalog/checkout_process.php:

if (tep_not_null($sql_data_array['customers_id'])) {

 

But that line is not in the file.

 

Where should the require line from step 6 be added?

 

Thanks!

Link to comment
Share on other sites

  • 2 weeks later...
Hi, I'm trying to add this to 2.2RC2 (which the install.html says it is for)

 

Step 6 says to look for this in catalog/checkout_process.php:

if (tep_not_null($sql_data_array['customers_id'])) {

 

But that line is not in the file.

 

Where should the require line from step 6 be added?

 

Thanks!

From the looks of things, it may go better after this:

 

tep_db_perform(TABLE_ORDERS, $sql_data_array);
 $insert_id = tep_db_insert_id();

 

so it looks like this:

  tep_db_perform(TABLE_ORDERS, $sql_data_array);
 $insert_id = tep_db_insert_id();

require(DIR_WS_MODULES . 'maxmind/maxmind.php');

 

That did work for me, thanks!!

Link to comment
Share on other sites

Blocking orders??

 

Now that I've got this installed, I don't find anywhere to set a maximum allowed score. There is nothing under "Modules" in the admin panel.

 

Can orders with a score above a certain value be blocked for manual review or cancellation?

 

Thanks!

Link to comment
Share on other sites

  • 4 weeks later...

I have workt with this contribute without any problems untill 4 may. On 5 may i have moved my site to a new server with apache 2 and php.5

Everything works on the site except maxmind is no longer getting information and as result of that i don't get any fraud check information. I have contact Maxmind and they have let me know that they don't receive any information for me after 4 may. So the problem seems to be the new server Debian Etch with apache 2.2.3 and php 5.02.08

 

Is there any one who knows what can be wrong?

 

Thanks Marcel

Link to comment
Share on other sites

  • 3 weeks later...
Does anyone know if this contribution works with PayPal?

 

I saw on maxmind.com that minFraud could be implemented to work with PayPal and would like to know.

 

Thanks!

 

 

Was also wondering if there was a way to implement phone verification after a FIRST order has been complete. After that, I'd like to have it not call them because they've already been verified.

Link to comment
Share on other sites

  • 2 months later...
  • 7 months later...

Hi,

 

I'm trying to install this MaxMind contribution, and I'm currently on step 6, but I can't seem to find the following line code in my "checkout_process.php" file. I even tried downloading a new copy of osCommerce and doing a search in a new "checkout_process.php" file but it still doesn't come up.

 

if (tep_not_null($sql_data_array['customers_id'])) { 

 

Can someone help please point out where I can add the following code the install is asking me to add on the "checkout_process.php" page?

 

require(DIR_WS_MODULES . 'maxmind/maxmind.php');

 

Thank you,

 

olimits7

Link to comment
Share on other sites

  • 1 month later...

Hi,

 

I'm trying to install this MaxMind contribution, and I'm currently on step 6, but I can't seem to find the following line code in my "checkout_process.php" file. I even tried downloading a new copy of osCommerce and doing a search in a new "checkout_process.php" file but it still doesn't come up.

 

if (tep_not_null($sql_data_array['customers_id'])) { 

 

Can someone help please point out where I can add the following code the install is asking me to add on the "checkout_process.php" page?

 

require(DIR_WS_MODULES . 'maxmind/maxmind.php');

 

Thank you,

 

olimits7

 

 

As posted earlier, it looks like it's supposed to go after this:

 

tep_db_perform(TABLE_ORDERS, $sql_data_array);
$insert_id = tep_db_insert_id();

 

I got confused in the same spot when trying to install this. It appears that whoever uploaded version 1.54 changed the install instructions, and they haven't been fixed yet. I have no idea where "if (tep_not_null($sql_data_array['customers_id'])) {" came from, but it doesn't exist anywhere in my store, on a fresh download of 2.2 RC2a, or any other previous version of osCommerce I have seen. From the release notes, I'm guessing that change was supposed to be related to the PayPal IPN module, but that code doesn't show up anywhere in the PayPal module at all or in it's install instructions. Sounds like whoever made that change had some other contribution installed.

 

[rant]

People, if you're gonna create a new extension or update an existing one, PLEASE base your instructions on a CLEAN install of osCommerce. If another contribution is required, then note that in the instructions, and base your instructions on a CLEAN install of osCommerce plus the required contribution ONLY. Sorry to rant, but I am tired of people polluting what are otherwise good contributions and making it difficult for everyone to use them. And while I'm on my soapbox here, I absolutely hate it when someone updates a contribution and only includes the file they changed or just a little txt file with instructions to make changes. No one wants to track down the last complete package and then have to apply a bunch of different patches. If you are going to make a change, upload the ENTIRE contribution, or don't bother. Quit wasting everyone's time.

[/rant]

Link to comment
Share on other sites

  • 10 months later...

I have updated to the last upload (2.0) of this contrib and all of a sudden we have rec'd a ton of calls on compromised Credit Cards. I have since lifted the Credit Card module. We have never, never had a complaint up till now and we take 20-50 orders a day one of my sites.

 

Has anybody else experienced anything like this after 2.0 Maxmind was installed?? I hope it's something else but you know how easy it would be to upload an altered (a so called updated) version only to have the credit card numbers go to the frauders instead of Maxmind? (or sent to both!) An easy edit of the checkout_process.php or orders.php where the CC call is made. I haven't checked coding yet (and the new so called SQL update) as I have been fielding calls ;( PLUS I'm sure if this has been compromised they have hidden it pretty good within the code.

 

Also why is Maxminds address Waltham MA. but their listed fax is out way out west?

 

Very worried here as I take my customer frustration as my own.

define('PROJECTS', 'Something that goes on forever!');

Link to comment
Share on other sites

My MaxMind is NOT to blame (thankfully as I like it alot!)

 

The dang images/banner dir got hacked (php shell file that can see all site pages :(

 

I got an htaccess now that will only accept what file types I want in there. I'm sure as I write this some idiot somewhere is figuring another backdoor in. They suck, get a real job and make your money honestly!

define('PROJECTS', 'Something that goes on forever!');

Link to comment
Share on other sites

If your site has the admin bypass exploit security hole in it, then its best you upgrade to the latest stable release of oscommerce which is version 2.3.1 by actually creating a new site then importing your database into it. Currently attackers are able to get access to your admin files with full admin privaleges which have allowed them to upload rogue code into your images directory for starters.

 

If you choose not to upgrade in this manner which is the safest possible way of dealing with this type of exploit, then you run the risk of playing cat and mouse with the attacks which have many options as to where they will try next. In that situation, at the very least protect your admin directory by adding folder protection (htaccess protection that your webhost should provide you in your control panel) and add osc_sec.php.

 

Also read this and run the test example in there (the slightly more improved version of the proof of concept found further down in that discussion thread) on your site

http://www.oscommerce.com/forums/topic/373047-a-chat-about-file-permissions/

 

If the report states that the file example is writeprotected then it is highly possible that the attacks are restricted to writable files and directories in which case in addition to the other suggested changes, change the banner and images directory and any other directories that have permissions of 777, to 755. Only make them writable during the period you are adding or editing product images then change them back.

 

If the report states that it is able to open, add and change file permissions, then there is no doubt in my mind that many other files will have been infected on your site due to the potential of an attack to overwrite any file which they so choose to. At which point your only real option is to build a new site with the new oscommerce site code set of 2.3.1

Edited by Taipo

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

  • 9 months later...

New thread started for new version!

 

 

MaxMind Fraud Detection v3.0

 

 

http://www.oscommerce.com/forums/topic/383054-contribution-maxmind-fraud-detection-service-v30/

9 times out of 10 its a PEBCAK Error (Problem exists between chair and keyboard)

 

Replace that and you're fine...

Link to comment
Share on other sites

  • 1 year later...

Is there anyone still following this thread?

9 times out of 10 its a PEBCAK Error (Problem exists between chair and keyboard)

 

Replace that and you're fine...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...