♥geoffreywalton Posted March 23, 2013 Share Posted March 23, 2013 Welcome to osCommerce PayPal Hack Detector. http://addons.oscommerce.com/info/8730 In the ever-decreasing world of Internet security, web servers are fast becoming a target for spammers and authors of malicious code to spread their nasties. One thing they do on hacked shops is change the Paypal account in the database. Then all the payments for your shop get paid into their account. This add-on checks to see if this has happened and disables the payment method if it has. Just to help you out, it then sends you an email telling you this has occured. Just 1 file to edit, should take less than 10 minutes to install. Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
motorcity Posted March 24, 2013 Share Posted March 24, 2013 Hey Geoffrey, I took a look on my old 2.2RC2 or whatever it is. Seems I have a different location of the file, it's not admin/paypal_standard.php its catalog/includes/modules/payment/paypal_standard.php Other than location, it sure is the same file.!?*! Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted March 24, 2013 Author Share Posted March 24, 2013 Thanks, sometimes it doesn't matter how many times you read something you see what you want to. You are entirely correct the location of the payment module files are /includes/modules/payment/ The same method will work in 2.2 shops too. I'll go back and correct the documentation and add an extra bell to make it easier to applly for other payment methods. Cheers G @@motorcity Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted March 25, 2013 Author Share Posted March 25, 2013 Just uploaded a quick patch, the file structure for the payment module has been corrected and the file it contained has been updated to send the warning email to the shop owner. Installation intructions had the correct code so if you copied the sample file you need to download this version and remember to update it as per the installation instructions. Cheers G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Guest Posted March 26, 2013 Share Posted March 26, 2013 IS REAL.. THE PAYPAL HACK... PAYPAL LOST MILLIONS... I DID IT know until now... thanks Link to comment Share on other sites More sharing options...
Guest Posted March 26, 2013 Share Posted March 26, 2013 Is this a concern for the PayPal Website Payments Pro - Direct Payments module as well? If so, how would the patch work? Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted March 26, 2013 Author Share Posted March 26, 2013 You need to find the code in that payment module and add in the extra code. Of course it has to be adjusted for that payment module but all the names you need to change are in the script to just above where the new code is added in. HTH G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
kenkja Posted March 30, 2013 Share Posted March 30, 2013 Hi Geoffrey This may sound a daft question, but just wanted to double check. In the readme.txt, there are instructions for v2.3.1 and all others, is v2.3.3 included in all others ? Regards Ken Os-commerce v2.3.3 Security Pro v11 Site Monitor IP Trap htaccess Protection Bad Behaviour Block Year Make Model Document Manager X Sell Star Product Modular Front Page Modular Header Tags Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted March 30, 2013 Author Share Posted March 30, 2013 All other versions are included in "all other versions". HTH G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
kenkja Posted March 30, 2013 Share Posted March 30, 2013 cheers Os-commerce v2.3.3 Security Pro v11 Site Monitor IP Trap htaccess Protection Bad Behaviour Block Year Make Model Document Manager X Sell Star Product Modular Front Page Modular Header Tags Link to comment Share on other sites More sharing options...
♥Biancoblu Posted March 31, 2013 Share Posted March 31, 2013 @@geoffreywalton sounds like a very useful addon, I will definitely try it :thumbsup: ~ Don't mistake my kindness for weakness ~ Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted March 31, 2013 Author Share Posted March 31, 2013 Don't forget the same technique can be used for any payment method. To test it, once it is installed, change the email address on the paypal module record and the payment method will no longer be offered during the check out and you will get an email telling you there is a problem. Just don't forget to change it back!! HTH G @@Biancoblu Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
♥Biancoblu Posted March 31, 2013 Share Posted March 31, 2013 @@geoffreywalton Thanks, I will do as you suggested. Cheers ~ Don't mistake my kindness for weakness ~ Link to comment Share on other sites More sharing options...
♥Biancoblu Posted April 1, 2013 Share Posted April 1, 2013 @@geoffreywalton change the email address on the paypal module record and the payment method will no longer be offered during the check out and you will get an email telling you there is a problem. Just don't forget to change it back!! sorry, probably 2 dumb questions but I'll ask anyway..... 1. do you mean to change the paypal address directly in the DB or in shop admin? in the first post you say the hackers change it in the DB so I'm kind of confused. 2. what happens if the shop owner needs/wants to change his paypal address? Thanks ~ Don't mistake my kindness for weakness ~ Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted April 1, 2013 Author Share Posted April 1, 2013 If you have changed the email address in the code to match the one set up in the shop admin then the patment method will appear. If you then go into the shop admin and change the emails address in the Paypal Standard module this schanges the value in the db, thus mimicing what the hackers do, and the method will no longer be offered. So this test emulates a hacking attack. If you ever need to change the PP address then the test will need to be changed. HTH G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
alexman Posted April 8, 2013 Share Posted April 8, 2013 In admin area/configuration/modules/payment/paypal web payment standard, I changed the PayPal seller e-mail address to accept payments for another email address, and after this I proceeded to buy a product. In payment phase I receive the following message: "Please select a payment method for your order". It seems that my payment method are no longer available. Also I checked my email and I didn't receive any announcement about changing the email address. When I put again my real paypal email address, everything works good. Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted April 8, 2013 Author Share Posted April 8, 2013 Alex Looks like the disable if hacked is working but sending the email is not. Do you get emails from the contact us page? G @@alexman Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
alexman Posted April 9, 2013 Share Posted April 9, 2013 Yes I can receive emails from contact us page. Link to comment Share on other sites More sharing options...
Demitry Posted July 21, 2013 Share Posted July 21, 2013 Hi Geoffrey, I just installed the PayPal Hack Detector - v.1.0.1 and tested it. It is an excellent security measure and I will do the same for the paypal IPN module. I read the forum on this contribution and had a couple of questions for you. 1) Is there a security script or way to prevent the actual hack of the paypal and paypal IPN account emails? 2) If the paypal account was compromised, how do you find the hacker's intrusion code and secure the site from this hack happening again? 3) The alert notification email is sent in 3's and says that it will continue to be sent. I was wondering if there is a code snippet that can control how many of such emails will be sent per hour or per day? osCommerce: made for programmers, ...because store owners do not want to be programmers. https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted July 21, 2013 Author Share Posted July 21, 2013 1) Is there a security script or way to prevent the actual hack of the paypal and paypal IPN account emails? If you are running RC2A check the security thread for actions to secure your site if you are runing a 2.3.1 site or later, no actio is required. 2) If the paypal account was compromised, how do you find the hacker's intrusion code and secure the site from this hack happening again? If this happens to you I do have a document to point you in the right direction but it is probably left to a skilled person to cleanse a site. 3) The alert notification email is sent in 3's and says that it will continue to be sent. I was wondering if there is a code snippet that can control how many of such emails will be sent per hour or per day? If you get 3 emails it is brcause the script is run 3 times, if you want to write some code to sreduce the number feel free, personally I would want to have a sharp stick telling me there is a problem untill I corect it. HTH Cheers G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Demitry Posted July 21, 2013 Share Posted July 21, 2013 Thanks Geoffrey, I have version 2.2-MS2 with a few security add-ons. I'll leave the email notifications alone. I just did not know if I would have to delete a hundred emails or not - 3 I can deal with. If you have a link for that doc, I'd really appreciate it. Thanks, Demitry osCommerce: made for programmers, ...because store owners do not want to be programmers. https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.