Jump to content
Sign in to follow this  
edschaum

Paypal Module Hacked?

Recommended Posts

I received a large order a couple of days ago and the payment method was paypal. When I checked paypal, there was no payment, yet the order completed as if the payment was made.

 

The email address of the person ordering was suspicious, so I checked the site: www.spam.la

 

The email address of the person ordering was sdf@spam.la .

 

If you filter the listing of emails on spam.la to show only mail that is going to sdf@spam.la, you will see that they've placed orders in dozens of osc stores for large ticket items using paypal as the payment method. You can also see that some store owners have replied saying "we have your order but something is wrong with the payment". Other store owners seem to be oblivious to the fraud and are going to ship the orders?!?!?!?!?!?

 

Here are links to a couple of pages of emails coming in to that site which show osc order emails:

http://spam.la/?start=2127218&f=sdf

Load the above page and then keep clicking on "20 older emails" to see more fraud activity.

 

On this page: http://spam.la/?start=2154612&f=sdf

a couple of dealers are responding telling the fraudster that they didn't receive his payment.

 

All of the orders I've seen go to Andrew Weevilo in Richmond Virginia.

 

Has anyone else experienced this?

 

Ed

Share this post


Link to post
Share on other sites

If its a std paypal module tat comes with oscommerce yes its easy to hack thru.

 

So recommended that You do install paypal IPN contrib developed by oscommerce team.

 

 

Regards,

Satish


Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Share this post


Link to post
Share on other sites
I received a large order a couple of days ago and the payment method was paypal. When I checked paypal, there was no payment, yet the order completed as if the payment was made.

 

The email address of the person ordering was suspicious, so I checked the site: www.spam.la

 

The email address of the person ordering was sdf@spam.la .

 

If you filter the listing of emails on spam.la to show only mail that is going to sdf@spam.la, you will see that they've placed orders in dozens of osc stores for large ticket items using paypal as the payment method. You can also see that some store owners have replied saying "we have your order but something is wrong with the payment". Other store owners seem to be oblivious to the fraud and are going to ship the orders?!?!?!?!?!?

 

Here are links to a couple of pages of emails coming in to that site which show osc order emails:

http://spam.la/?start=2127218&f=sdf

Load the above page and then keep clicking on "20 older emails" to see more fraud activity.

 

On this page: http://spam.la/?start=2154612&f=sdf

a couple of dealers are responding telling the fraudster that they didn't receive his payment.

 

All of the orders I've seen go to Andrew Weevilo in Richmond Virginia.

 

Has anyone else experienced this?

 

Ed

Personally, I haven't, but I am grateful for the info. How did you find out about how to display these emails?

 

Doesn't the FBI handle internet fraud in the US? In Australia, it is the Federal Police that I report this stuff to.


The Coopco Underwear Shop

 

If you live to be 100 years of age, that means you have lived for 36,525 days. Don't waste another, there aren't many left.

Share this post


Link to post
Share on other sites
If its a std paypal module tat comes with oscommerce yes its easy to hack thru.

 

So recommended that You do install paypal IPN contrib developed by oscommerce team.

Regards,

Satish

 

Thanks for the reply. I'll try to install ipn, but my version of osc became obsolete right after I went live with it and ipn supposedly only works with MS2. Once osc changed the core code, most updates/mods became useless to me.

 

Ed

Share this post


Link to post
Share on other sites
Personally, I haven't, but I am grateful for the info. How did you find out about how to display these emails?

 

Doesn't the FBI handle internet fraud in the US? In Australia, it is the Federal Police that I report this stuff to.

 

I found out just by going to the site. The whole site is there just for throwaway email addresses. Once I scrolled back through some of the messages, I realized that they were hitting a lot of sites.

Share this post


Link to post
Share on other sites
I found out just by going to the site. The whole site is there just for throwaway email addresses. Once I scrolled back through some of the messages, I realized that they were hitting a lot of sites.

OK, thanks Ed for bringing this to everyones notice.

 

With the name of the site, it does not sound like it is legit.

 

I use a Paypal IPN module, but I don't see how that stops me from being hacked. Maybe Satish can explain?


The Coopco Underwear Shop

 

If you live to be 100 years of age, that means you have lived for 36,525 days. Don't waste another, there aren't many left.

Share this post


Link to post
Share on other sites

Use the EWP feature came with PayPal IPN module. It's the least protection for the store.


Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

 

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

Share this post


Link to post
Share on other sites

I could also be there using a cloned PayPal Payment email where they create an html email to look exactly like a real PayPal email.


Installed Contributions: CCGV, Close Popup, Dynamic Meta Tags, Easy Populate, Froogle Data Feeder, Google Position, Infobox Header Entire Row, Live Support for OSC, PayPal Seal with CC images, Report_m Sales, Shop by Price Revised, SQL Updater, Who's Online Enhancement, Footer, GNA EP Assistant and still going.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×