qwertyjjj Posted September 8, 2012 Share Posted September 8, 2012 I had 2 orders submitted from PayPal lastnight, which came through as Preparing [PayPal Standard] but witout payment. How could these have been entered with that status without payment? Is there anyway for me to check the history of what happened because this seems like a hack but I am not sure whether it is on OSC or on the PayPal site. A normal PayPal payment comes through as: PayPal IPN Verified [Completed (Unverified; £x.xx)] These payments do not have that entry in their history but they would not have Preparing [PayPal Standard] without going to PayPal and would not come back with Pending unless PayPal had processed a payment also, it would not have been entered in the history unless the PayPal IPN sent something back. Screenshots: http://www.oscommerce.com/forums/topic/388757-orders-submitted-from-paypal-without-payment/ How can I stop it? It is almost like the checkoutsuccess script has been hacked or something but I have nothing in my AV and OSC should prevent any hacks. All these look normal don't they? File could be a potentional threat: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/cookie_usage.php (Known filename threat) Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/includes/osc_sec.php (Traversal Exploit <=> wget%20 ) on line: 198 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/includes/osc_sec.php (Traversal Exploit <=> union%20 ) on line: 193 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/includes/osc_sec.php (Traversal Exploit <=> %20union ) on line: 193 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/includes/osc_sec.php (Known automated hack <=> edoced_46esab ) on line: 132 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/includes/osc_sec.php (Known automated hack <=> eval( ) on line: 133 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/includes/osc_sec.php (Known automated hack <=> passthru ) on line: 139 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/includes/functions/general.php (Known automated hack <=> eval( ) on line: 482 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/includes/functions/recaptchalib.php (Known automated hack <=> iframe) on line: 125 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/includes/functions/compatibility.php (Known automated hack <=> eval( ) on line: 84 File could be a potentional threat: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/includes/languages/english/cookie_usage.php (Known filename threat) Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/configuration.php (Known automated hack <=> eval( ) on line: 125 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/sitemonitor_configure_0.php (Known Hacker <=> Assel ) on line: 21 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/sitemonitor_configure_0.php (Known automated hack <=> eval( ) on line: 21 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/sitemonitor_configure_0.php (Known automated hack <=> gzdecode ) on line: 21 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/sitemonitor_configure_0.php (Known automated hack <=> iframe) on line: 21 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/sitemonitor_configure_0.php (Known automated hack <=> error_reporting(0) ) on line: 21 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/sitemonitor_configure_0.php (Known automated hack <=> shell_exec ) on line: 21 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/modules.php (Known automated hack <=> eval( ) on line: 218 File could be a potentional threat: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/mail.php (Known filename threat) Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/AV/grep.php (Known automated hack <=> error_reporting(0) ) on line: 44 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/AV/index.php (Known automated hack <=> error_reporting(0) ) on line: 11 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/includes/osc_sec.php (Traversal Exploit <=> wget%20 ) on line: 198 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/includes/osc_sec.php (Traversal Exploit <=> union%20 ) on line: 193 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/includes/osc_sec.php (Traversal Exploit <=> %20union ) on line: 193 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/includes/osc_sec.php (Known automated hack <=> edoced_46esab ) on line: 132 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/includes/osc_sec.php (Known automated hack <=> eval( ) on line: 133 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/includes/osc_sec.php (Known automated hack <=> passthru ) on line: 139 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/includes/functions/general.php (Known automated hack <=> eval( ) on line: 405 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/includes/functions/sitemonitor_functions.php (Known Hacker <=> Assel ) on line: 381 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/includes/functions/sitemonitor_functions.php (Known automated hack <=> eval( ) on line: 381 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/includes/functions/sitemonitor_functions.php (Known automated hack <=> gzdecode ) on line: 381 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/includes/functions/sitemonitor_functions.php (Known automated hack <=> iframe) on line: 381 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/includes/functions/sitemonitor_functions.php (Known automated hack <=> error_reporting(0) ) on line: 381 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/includes/functions/sitemonitor_functions.php (Known automated hack <=> shell_exec ) on line: 381 Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/includes/functions/header_tags.php (Known automated hack <=> eval( ) on line: 876 File could be a potentional threat: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/includes/languages/english/mail.php (Known filename threat) Possible Infection: /home153/sub002/sc11883-LGVN/mysite.co.uk/cart/j_8285_admin/includes/modules/newsletters/product_notification.php (Known automated hack <=> eval( ) on line: 61 [/code] Link to comment Share on other sites More sharing options...
Mort-lemur Posted September 8, 2012 Share Posted September 8, 2012 That is normal behaviour - pending and preparing Paypal means that the payment process has not been completed successfully. Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
qwertyjjj Posted September 10, 2012 Author Share Posted September 10, 2012 That is normal behaviour - pending and preparing Paypal means that the payment process has not been completed successfully. Not on my site... if someone orders, goes to Paypal but doesn#t pay it stays as: Preparing [PayPal Standard} If they pay successfully it comes back as Pending with Comments PayPal IPN Verified [Completed (Unverified; £xx.xx)] These hacked orders are coming back as: Preparing [PayPal Standard] with empty comments, which is not possible for PayPal. And then swithcing to Pending. There is no payment. Link to comment Share on other sites More sharing options...
Guest Posted September 10, 2012 Share Posted September 10, 2012 @@qwertyjjj Payments confirmed received by PayPal should have a default status as 'processing'. Orders where the payment was not confirmed by PayPal should NOT appear in your order history at all. The are failed and there is NO record kept of failed orders in osCommerce. Chris Link to comment Share on other sites More sharing options...
qwertyjjj Posted September 10, 2012 Author Share Posted September 10, 2012 @@qwertyjjj Payments confirmed received by PayPal should have a default status as 'processing'. Orders where the payment was not confirmed by PayPal should NOT appear in your order history at all. The are failed and there is NO record kept of failed orders in osCommerce. Chris a failed order has no order history but it still has an order created and that has status Preparing [Paypal |Standard] exactly so how did these orders get here? where is the hack? Link to comment Share on other sites More sharing options...
Guest Posted September 10, 2012 Share Posted September 10, 2012 @@qwertyjjj A failed order should NOT have an order created in osCommerce. Are you using PayPal Standard ? If so, are you using a PEM Certificate to control two way communication between the PayPal server and your website ? Have you considered using PayPal express, which is more secure and does allow for full two way communication ? Chris Link to comment Share on other sites More sharing options...
qwertyjjj Posted September 10, 2012 Author Share Posted September 10, 2012 @@qwertyjjj A failed order should NOT have an order created in osCommerce. Are you using PayPal Standard ? If so, are you using a PEM Certificate to control two way communication between the PayPal server and your website ? Have you considered using PayPal express, which is more secure and does allow for full two way communication ? Chris It does have an order created because the item is added to the cart and on checkout the order is created before everything gets sent to PayPal, that's how PayPal knows the orderID, InvoiceID, etc. Yes, PayPal standard but it shouldn't be possible to hack that. I would have thought the PayPal code was more secure than the OSC code. Link to comment Share on other sites More sharing options...
Guest Posted September 10, 2012 Share Posted September 10, 2012 @@qwertyjjj Ok, that means you have altered the original PayPal payment module to prevent lost orders, which means you are using PayPal Standard. I suggest that you update to the PayPal Express and utilize the API. This will prevent lost orders and orders without payment. Chris Link to comment Share on other sites More sharing options...
qwertyjjj Posted September 10, 2012 Author Share Posted September 10, 2012 @@qwertyjjj Ok, that means you have altered the original PayPal payment module to prevent lost orders, which means you are using PayPal Standard. I suggest that you update to the PayPal Express and utilize the API. This will prevent lost orders and orders without payment. Chris I can try that, thanks. Even so, somehow someone is still hacking the order process to get it into the status of Pending without getting Payment from PayPal. I don't know how... Link to comment Share on other sites More sharing options...
Guest Posted September 10, 2012 Share Posted September 10, 2012 @@qwertyjjj There are some known exploits with PayPal standard if not set up correctly. Chris Link to comment Share on other sites More sharing options...
qwertyjjj Posted September 10, 2012 Author Share Posted September 10, 2012 @@qwertyjjj There are some known exploits with PayPal standard if not set up correctly. Chris such as? pm me if you don't want them on a public forum but if there was a known exploit, shouldn't it be plugged? Link to comment Share on other sites More sharing options...
♥14steve14 Posted September 11, 2012 Share Posted September 11, 2012 Have a read of this threas on how to secure paypal standard payments http://www.oscommerce.com/forums/topic/387748-closing-the-paypal-checkout-confirmation-exploit/ REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
♥Biancoblu Posted September 11, 2012 Share Posted September 11, 2012 a failed order has no order history but it still has an order created and that has status Preparing [Paypal |Standard] exactly so how did these orders get here? where is the hack? This is not necessarily a hack, it can happen when someone reaches the paypal payment page but doesn't complete payment and browses away. On the paypal page there is a link at the bottom that says "cancel and return to merchant", if you click that link the order will get deleted and you will see no traces of it, but if you just browse away you will see an order has been created but not paid. Always a good idea to check if you really received payment in your paypal account before shipping an order, otherwise try Paypal Express. For extra info on Paypal have a look at this thread, especially the last few posts by Harald: http://www.oscommerce.com/forums/topic/388544-security-issue-possible-to-purchase-without-payment/ ~ Don't mistake my kindness for weakness ~ Link to comment Share on other sites More sharing options...
qwertyjjj Posted September 11, 2012 Author Share Posted September 11, 2012 This is not necessarily a hack, it can happen when someone reaches the paypal payment page but doesn't complete payment and browses away. On the paypal page there is a link at the bottom that says "cancel and return to merchant", if you click that link the order will get deleted and you will see no traces of it, but if you just browse away you will see an order has been created but not paid. Yes, but then it stays with a different status in my site, it stays as Preparing [PayPal Standard] which is not happening with these orders. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.