♥peterpil19 Posted August 22, 2018 Share Posted August 22, 2018 Hi, When looking at my Paypal App logs, I notice regularly different guests attempting to checkout with some ridiculously large purchase (hundreds of thousands of dollars) but then cancelling or it failing for some reason. Is this a hacking attempt of some kind? Anything I need to be concerned about? Extract from an example below. Anyone else notice this. Peter PAYMENTREQUEST_0_CURRENCYCODE CNY PAYMENTREQUEST_0_AMT 31926868.90 PAYMENTREQUEST_0_CUSTOM 4923859218351241 Response TIMESTAMP 2018-08-21T15:03:28Z CORRELATIONID da597798d0ba ACK Failure VERSION 204 BUILD 48633247 L_ERRORCODE0 10605 L_SHORTMESSAGE0 Transaction refused because of an invalid argument. See additional error messages for details. L_LONGMESSAGE0 Receiving country does not support the transaction currency. L_SEVERITYCODE0 Error CE PHOENIX SUPPORTER Support the Project, go PRO and get access to certified add ons Full-time I am a C-suite executive of a large retail company in Australia. In my spare time, I enjoying learning about web-design. Download the latest version of CE Phoenix from gitHub here Link to comment Share on other sites More sharing options...
frankl Posted August 22, 2018 Share Posted August 22, 2018 In Chinese Yuan? I'm guessing so. Are they actually registering, putting items in the cart and attempting to checkout? osCommerce user since 2003! Link to comment Share on other sites More sharing options...
♥peterpil19 Posted August 24, 2018 Author Share Posted August 24, 2018 Hi Frankl, Sometimes other currencies also. These 'guests' do not appear to be registering and I cannot see any items linked with their paypal transaction. Very odd if it is a hacking attempt. I don't understand the purpose of it. But I'm no expert on hacking... Peter CE PHOENIX SUPPORTER Support the Project, go PRO and get access to certified add ons Full-time I am a C-suite executive of a large retail company in Australia. In my spare time, I enjoying learning about web-design. Download the latest version of CE Phoenix from gitHub here Link to comment Share on other sites More sharing options...
♥JcMagpie Posted August 24, 2018 Share Posted August 24, 2018 I assume your using PayPal express? If yes then I have just had to deal with a similar problem. I found over 400 guest check outs logs on one site! Many were only seconds apart.They were all for amounts over £500.00. I only found out as I suddenly lost all PayPal Express checkout on all my sites and customers complained Guest check out was not working. I did a full scan both on server and off line as did host, and no hack or sql injection was found. I never got an answer from PayPal as they said it was an osC matter and nothing to do with PayPal. I uninstalled PayPal express, then installed PayPal Standard, then removed that and reinstalled PayPal Express. Just uninstalling and reinstalling Express did not work. This appears to have removed the error and its working fine now and no more guest logs appering. So it looks like it was just a corruption in the PayPal Express app or its settings. Link to comment Share on other sites More sharing options...
frankl Posted August 24, 2018 Share Posted August 24, 2018 @peterpil19 Do you have guest checkout? Can you see anything in your website logs? It may be a bit of a worry if bots are able to access the Paypal app and attempt to make transactions. osCommerce user since 2003! Link to comment Share on other sites More sharing options...
MrPhil Posted August 25, 2018 Share Posted August 25, 2018 Are there forms of PayPal where the data is sent to PP using GET (URL Query String), rather than POST? GET data transfers can always be faked, and should not be trusted as reliable. Or maybe the GET is further upstream in osC itself? That would be an osC problem, and a hack. Link to comment Share on other sites More sharing options...
♥peterpil19 Posted August 28, 2018 Author Share Posted August 28, 2018 Thanks all, 1. JcMagpie - correct, I am using Paypal express, not standard. I have not yet tried uninstalling and reinstalling. 2. Frankl - correct, I do I have guest checkout. Is that something you recommend I turn off? 3. Mr Phil - I would have no idea unfortunately. In which files do I check for this? My version of paypal express should be up to date but if I do find instances of GET I can then compare file by file against the up to date version on github. I still do not understand what would be gained by people trying to process fake transactions... Peter CE PHOENIX SUPPORTER Support the Project, go PRO and get access to certified add ons Full-time I am a C-suite executive of a large retail company in Australia. In my spare time, I enjoying learning about web-design. Download the latest version of CE Phoenix from gitHub here Link to comment Share on other sites More sharing options...
MrPhil Posted August 28, 2018 Share Posted August 28, 2018 10 hours ago, peterpil19 said: In which files do I check for this? I can't give you a list of files. You would have to trudge through the Payment-related files, looking for code that builds a <a> link to PayPal and puts information in the URL Query String ('GET' transaction). I still do not understand what would be gained by people trying to process fake transactions... Well, if the transaction is going through PayPal successfully, and results in a money transfer to you, you haven't been defrauded, but someone else might have been (he whose PayPal account was the source of the payment). This might be a real attempt to get merchandise without paying for it (stealing someone else's account), or it might be criminal mischief (vandalism), or it might be an attempt to discredit and smear you or osC in general. That they used huge, round amounts in currencies you don't support is odd, but might even be an attempt to get a real refund to their accounts when it's canceled (and if the use of the account is unauthorized, it might be an attempt to get the account owner in legal trouble). There are all sorts of reasons this could be going on, none of them innocent. I would think about contacting PayPal and let them know that you think something bad is going on here, so you're on record as being concerned about this activity and are not complicit. It might even help them track down who's behind this. You might want to consider disabling guest checkout, at least for a while, if the problem seems to be limited to non-members. I take it there are no merchandise orders associated with this activity, just payment/refund attempts? Link to comment Share on other sites More sharing options...
frankl Posted August 29, 2018 Share Posted August 29, 2018 On 8/28/2018 at 11:33 AM, peterpil19 said: 2. Frankl - correct, I do I have guest checkout. Is that something you recommend I turn off? I don't have any experience with guest checkout, never seen the use for it, but depending on how it's structured perhaps a URL which would normally be visible to logged on customers could be used in the attempt to process Paypal transactions. osCommerce user since 2003! Link to comment Share on other sites More sharing options...
MrPhil Posted August 29, 2018 Share Posted August 29, 2018 Is "guest checkout" a reference to "purchase without account", to some other osC add-on, or is it some feature in PayPal App? What to do about the fraudulent PayPal attempts would depend on exactly what we're talking about. Please clarify, @peterpil19 Link to comment Share on other sites More sharing options...
tgely Posted August 29, 2018 Share Posted August 29, 2018 Change to POST button procedure against GET to fill out shopping cart to prevent robot activity. If robots can not access the cart then you wont have headache. I use it for ages without any problem in huge number of shops althought I proposed it in 2014 witout any core result... so I have deleted it from github. osCommerce based shop owner with minimal design and focused on background works. When the less is more.Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store. Link to comment Share on other sites More sharing options...
♥JcMagpie Posted August 29, 2018 Share Posted August 29, 2018 With PayPal Express Guest checkout the bots can do nothing as they still have to pass the paypal security checks and they will fail everytime. It's just a case of having lots of failed entrys in your paypal log that you have to deleat. Still if there is a fix good to know @tgely any chance you have a copy still of the code? Link to comment Share on other sites More sharing options...
♥peterpil19 Posted August 29, 2018 Author Share Posted August 29, 2018 Thanks all, This is very useful. I may have confused things above with my comment regarding guest check out. You can check out using paypal express on my site without creating an account. I think this might just be paypal express thing (see below image). Sorry, Mr Phil, I was not expecting you to list out all the files! Just a general direction like you gave above. Peter CE PHOENIX SUPPORTER Support the Project, go PRO and get access to certified add ons Full-time I am a C-suite executive of a large retail company in Australia. In my spare time, I enjoying learning about web-design. Download the latest version of CE Phoenix from gitHub here Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.