Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

PayPal Hack Detector - Support Thread


geoffreywalton

Recommended Posts

Welcome to osCommerce PayPal Hack Detector.

 

http://addons.oscommerce.com/info/8730

 

In the ever-decreasing world of Internet security, web servers are fast becoming a target for spammers and authors of malicious code to spread their nasties.

 

One thing they do on hacked shops is change the Paypal account in the database.

 

Then all the payments for your shop get paid into their account.

 

This add-on checks to see if this has happened and disables the payment method if it has.

 

Just to help you out, it then sends you an email telling you this has occured.

 

Just 1 file to edit, should take less than 10 minutes to install.

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

Hey Geoffrey,

I took a look on my old 2.2RC2 or whatever it is. Seems I have a different location of the file, it's not

 

admin/paypal_standard.php

its

catalog/includes/modules/payment/paypal_standard.php

 

Other than location, it sure is the same file.!?*!

Link to comment
Share on other sites

Thanks, sometimes it doesn't matter how many times you read something you see what you want to.

 

You are entirely correct the location of the payment module files are

 

/includes/modules/payment/

 

The same method will work in 2.2 shops too.

 

I'll go back and correct the documentation and add an extra bell to make it easier to applly for other payment methods.

 

Cheers

 

G

 

@@motorcity

 

 

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

Just uploaded a quick patch, the file structure for the payment module has been corrected and the file it contained has been updated to send the warning email to the shop owner.

 

Installation intructions had the correct code so if you copied the sample file you need to download this version and remember to update it as per the installation instructions.

 

Cheers

 

G

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

You need to find the code in that payment module and add in the extra code.

 

Of course it has to be adjusted for that payment module but all the names you need to change are in the script to just above where the new code is added in.

 

HTH

 

G

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

Hi Geoffrey

 

This may sound a daft question, but just wanted to double check. In the readme.txt, there are instructions for v2.3.1 and all others, is v2.3.3 included in all others ?

 

Regards

 

Ken

Os-commerce v2.3.3

Security Pro v11

Site Monitor

IP Trap

htaccess Protection

Bad Behaviour Block

Year Make Model

Document Manager

X Sell

Star Product

Modular Front Page

Modular Header Tags

Link to comment
Share on other sites

All other versions are included in "all other versions".

 

HTH

 

G

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

cheers

Os-commerce v2.3.3

Security Pro v11

Site Monitor

IP Trap

htaccess Protection

Bad Behaviour Block

Year Make Model

Document Manager

X Sell

Star Product

Modular Front Page

Modular Header Tags

Link to comment
Share on other sites

Don't forget the same technique can be used for any payment method.

 

To test it, once it is installed, change the email address on the paypal module record and the payment method will no longer be offered during the check out and you will get an email telling you there is a problem.

 

Just don't forget to change it back!!

 

HTH

 

G

 

@@Biancoblu

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

@@geoffreywalton

 

 

 

change the email address on the paypal module record and the payment method will no longer be offered during the check out and you will get an email telling you there is a problem.

 

Just don't forget to change it back!!

 

 

sorry, probably 2 dumb questions but I'll ask anyway.....

 

1. do you mean to change the paypal address directly in the DB or in shop admin? in the first post you say the hackers change it in the DB so I'm kind of confused.

 

2. what happens if the shop owner needs/wants to change his paypal address?

 

 

Thanks

~ Don't mistake my kindness for weakness ~

Link to comment
Share on other sites

If you have changed the email address in the code to match the one set up in the shop admin then the patment method will appear.

 

If you then go into the shop admin and change the emails address in the Paypal Standard module this schanges the value in the db, thus mimicing what the hackers do, and the method will no longer be offered.

 

So this test emulates a hacking attack.

 

If you ever need to change the PP address then the test will need to be changed.

 

HTH

 

G

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

In admin area/configuration/modules/payment/paypal web payment standard, I changed the PayPal seller e-mail address to accept payments for another email address, and after this I proceeded to buy a product. In payment phase I receive the following message:

 

"Please select a payment method for your order".

 

It seems that my payment method are no longer available.

Also I checked my email and I didn't receive any announcement about changing the email address.

When I put again my real paypal email address, everything works good.

Link to comment
Share on other sites

Alex

 

Looks like the disable if hacked is working but sending the email is not.

 

Do you get emails from the contact us page?

 

G

 

@@alexman

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

  • 3 months later...

Hi Geoffrey,

 

I just installed the PayPal Hack Detector - v.1.0.1 and tested it. It is an excellent security measure and I will do the same for the paypal IPN module. I read the forum on this contribution and had a couple of questions for you.

 

1) Is there a security script or way to prevent the actual hack of the paypal and paypal IPN account emails?

 

2) If the paypal account was compromised, how do you find the hacker's intrusion code and secure the site from this hack happening again?

 

3) The alert notification email is sent in 3's and says that it will continue to be sent. I was wondering if there is a code snippet that can control how many of such emails will be sent per hour or per day?

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce

Link to comment
Share on other sites

1) Is there a security script or way to prevent the actual hack of the paypal and paypal IPN account emails?

 

If you are running RC2A check the security thread for actions to secure your site if you are runing a 2.3.1 site or later, no actio is required.

 

2) If the paypal account was compromised, how do you find the hacker's intrusion code and secure the site from this hack happening again?

 

If this happens to you I do have a document to point you in the right direction but it is probably left to a skilled person to cleanse a site.

 

3) The alert notification email is sent in 3's and says that it will continue to be sent. I was wondering if there is a code snippet that can control how many of such emails will be sent per hour or per day?

 

If you get 3 emails it is brcause the script is run 3 times, if you want to write some code to sreduce the number feel free, personally I would want to have a sharp stick telling me there is a problem untill I corect it.

 

 

HTH

 

Cheers

 

G

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

Thanks Geoffrey, I have version 2.2-MS2 with a few security add-ons. I'll leave the email notifications alone. I just did not know if I would have to delete a hundred emails or not - 3 I can deal with. If you have a link for that doc, I'd really appreciate it.

 

Thanks,

 

Demitry

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...