Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Paypal - guests keep trying to checkout with large amounts - hacking?


peterpil19

Recommended Posts

Hi,

When looking at my Paypal App logs, I notice regularly different guests attempting to checkout with some ridiculously large purchase (hundreds of thousands of dollars) but then cancelling or it failing for some reason.

Is this a hacking attempt of some kind? Anything I need to be concerned about?

Extract from an example below.

Anyone else notice this.

Peter

 

PAYMENTREQUEST_0_CURRENCYCODE CNY
PAYMENTREQUEST_0_AMT 31926868.90
PAYMENTREQUEST_0_CUSTOM 4923859218351241
Response
TIMESTAMP 2018-08-21T15:03:28Z
CORRELATIONID da597798d0ba
ACK Failure
VERSION 204
BUILD 48633247
L_ERRORCODE0 10605
L_SHORTMESSAGE0 Transaction refused because of an invalid argument. See additional error messages for details.
L_LONGMESSAGE0 Receiving country does not support the transaction currency.
L_SEVERITYCODE0 Error

CE PHOENIX SUPPORTER

Support the Project, go PRO and get access to certified add ons

Full-time I am a C-suite executive of a large retail company in Australia. In my spare time, I enjoying learning about web-design.

Download the latest version of CE Phoenix from gitHub here

Link to comment
Share on other sites

Hi Frankl,

Sometimes other currencies also.

These 'guests' do not appear to be registering and I cannot see any items linked with their paypal transaction.

Very odd if it is a hacking attempt. I don't understand the purpose of it. But I'm no expert on hacking...

Peter

CE PHOENIX SUPPORTER

Support the Project, go PRO and get access to certified add ons

Full-time I am a C-suite executive of a large retail company in Australia. In my spare time, I enjoying learning about web-design.

Download the latest version of CE Phoenix from gitHub here

Link to comment
Share on other sites

I assume your using PayPal express? If yes then I have just had to deal with a similar problem. I found over 400 guest check outs logs on one site!  Many were only seconds apart.They were all for amounts over £500.00. I only found out as I suddenly lost all PayPal Express checkout on all my sites and customers complained Guest check out was not working. I did a full scan both on server and off line as did host, and no hack or sql injection was found.

I never got an answer from PayPal as they said it was an osC matter and nothing to do with PayPal. I uninstalled PayPal express, then installed PayPal Standard, then removed that and reinstalled PayPal Express. Just uninstalling and reinstalling Express did not work.

This appears to have removed the error and its working fine now and no more guest logs appering.

So it looks like it was just a corruption in the PayPal Express app or its settings.

 

Link to comment
Share on other sites

Are there forms of PayPal where the data is sent to PP using GET (URL Query String), rather than POST? GET data transfers can always be faked, and should not be trusted as reliable. Or maybe the GET is further upstream in osC itself? That would be an osC problem, and a hack.

Link to comment
Share on other sites

Thanks all,

1. JcMagpie - correct, I am using Paypal express, not standard. I have not yet tried uninstalling and reinstalling.

2. Frankl - correct, I do I have guest checkout. Is that something you recommend I turn off?

3. Mr Phil - I would have no idea unfortunately. In which files do I check for this? My version of paypal express should be up to date but if I do find instances of GET I can then compare file by file against the up to date version on github.

I still do not understand what would be gained by people trying to process fake transactions...

Peter

CE PHOENIX SUPPORTER

Support the Project, go PRO and get access to certified add ons

Full-time I am a C-suite executive of a large retail company in Australia. In my spare time, I enjoying learning about web-design.

Download the latest version of CE Phoenix from gitHub here

Link to comment
Share on other sites

10 hours ago, peterpil19 said:

In which files do I check for this?

I can't give you a list of files. You would have to trudge through the Payment-related files, looking for code that builds a <a> link to PayPal and puts information in the URL Query String ('GET' transaction).

I still do not understand what would be gained by people trying to process fake transactions...

Well, if the transaction is going through PayPal successfully, and results in a money transfer to you, you haven't been defrauded, but someone else might have been (he whose PayPal account was the source of the payment). This might be a real attempt to get merchandise without paying for it (stealing someone else's account), or it might be criminal mischief (vandalism), or it might be an attempt to discredit and smear you or osC in general. That they used huge, round amounts in currencies you don't support is odd, but might even be an attempt to get a real refund to their accounts when it's canceled (and if the use of the account is unauthorized, it might be an attempt to get the account owner in legal trouble). There are all sorts of reasons this could be going on, none of them innocent.

I would think about contacting PayPal and let them know that you think something bad is going on here, so you're on record as being concerned about this activity and are not complicit. It might even help them track down who's behind this. You might want to consider disabling guest checkout, at least for a while, if the problem seems to be limited to non-members. I take it there are no merchandise orders associated with this activity, just payment/refund attempts?

Link to comment
Share on other sites

On 8/28/2018 at 11:33 AM, peterpil19 said:

2. Frankl - correct, I do I have guest checkout. Is that something you recommend I turn off?

I don't have any experience with guest checkout, never seen the use for it, but depending on how it's structured perhaps a URL which would normally be visible to logged on customers could be used in the attempt to process Paypal transactions.

osCommerce user since 2003! :thumbsup:

Link to comment
Share on other sites

Is "guest checkout" a reference to "purchase without account", to some other osC add-on, or is it some feature in PayPal App? What to do about the fraudulent PayPal attempts would depend on exactly what we're talking about. Please clarify, @peterpil19

Link to comment
Share on other sites

Change to POST button procedure against GET to fill out shopping cart to prevent robot activity. If robots can not access the cart then you wont have headache. I use it for ages without any problem in huge number of shops althought I proposed it in 2014 witout any core result... so I have deleted it from github.

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

With PayPal Express Guest checkout the bots can do nothing as they still have to pass the paypal security checks and they will fail everytime. It's just a case of having lots of failed entrys in your paypal log that you have to deleat. Still if there is a fix good to know @tgely any chance you have a copy still of the code?

 

Link to comment
Share on other sites

Thanks all,

This is very useful.

I may have confused things above with my comment regarding guest check out. You can check out using paypal express on my site without creating an account. I think this might just be paypal express thing (see below image).

Sorry, Mr Phil, I was not expecting you to list out all the files! Just a general direction like you gave above.

Peter

payment.jpg

CE PHOENIX SUPPORTER

Support the Project, go PRO and get access to certified add ons

Full-time I am a C-suite executive of a large retail company in Australia. In my spare time, I enjoying learning about web-design.

Download the latest version of CE Phoenix from gitHub here

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...