khoking Posted September 13, 2010 Share Posted September 13, 2010 Hi, I have experienced several times where an order was recorded in my OSC admin and paid via PayPal. However, in my Paypal account that hacker has managed to tweak to pay only USD0.01 and somehow managed to trick my store to record the order as PAID. Anybody knows what's the problem / loophole that I need to close? Best regards, Koh Kho King Link to comment Share on other sites More sharing options...
khoking Posted September 13, 2010 Author Share Posted September 13, 2010 Anybody experienced the same? Best regards, Koh Kho King Link to comment Share on other sites More sharing options...
Guest Posted September 13, 2010 Share Posted September 13, 2010 To date, I have never had a hacker compromise a site by hacking into it. So, no I have never experienced this issue. Chris Link to comment Share on other sites More sharing options...
FIMBLE Posted September 13, 2010 Share Posted September 13, 2010 could it not be an error on your site and you have named an innocent customer? Nic Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
Guest Posted September 13, 2010 Share Posted September 13, 2010 Hi, I have experienced several times where an order was recorded in my OSC admin and paid via PayPal. However, in my Paypal account that hacker has managed to tweak to pay only USD0.01 and somehow managed to trick my store to record the order as PAID. Anybody knows what's the problem / loophole that I need to close? This was a problem with the very old paypal module that used to come with osC but I have not heard of this with the newer Paypal IPN module. Link to comment Share on other sites More sharing options...
khoking Posted September 14, 2010 Author Share Posted September 14, 2010 This was a problem with the very old paypal module that used to come with osC but I have not heard of this with the newer Paypal IPN module. Hi Java Roasters, Do you have any suggestion how I fix this? I am using the by default PayPal module, $Id: paypal.php,v 1.39 2003/01/29 19:57:15 hpdl Exp $. Best regards, Koh Kho King Link to comment Share on other sites More sharing options...
khoking Posted September 14, 2010 Author Share Posted September 14, 2010 could it not be an error on your site and you have named an innocent customer? Nic Hi Nic, No mistake and that hacker actually did 3 orders at my store with each paid USD0.01. Guess what...PayPal took all as the commission for each transaction is more than that amount already. Best regards, Koh Kho King Link to comment Share on other sites More sharing options...
Guest Posted September 14, 2010 Share Posted September 14, 2010 Upgrade to the much newer Paypal IPN module. Link to comment Share on other sites More sharing options...
web-project Posted September 16, 2010 Share Posted September 16, 2010 Hi Nic, No mistake and that hacker actually did 3 orders at my store with each paid USD0.01. Guess what...PayPal took all as the commission for each transaction is more than that amount already. simply refund the order and you get the charges back, unless you are willing to fulfil the order at your cost. P.S. Don't forget to update the PayPal module. Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here! 8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself. Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues. Any issues with oscommerce, I am here to help you. Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.