Jump to content
peterpil19

Paypal - guests keep trying to checkout with large amounts - hacking?

Recommended Posts

Hi,

When looking at my Paypal App logs, I notice regularly different guests attempting to checkout with some ridiculously large purchase (hundreds of thousands of dollars) but then cancelling or it failing for some reason.

Is this a hacking attempt of some kind? Anything I need to be concerned about?

Extract from an example below.

Anyone else notice this.

Peter

 

PAYMENTREQUEST_0_CURRENCYCODE CNY
PAYMENTREQUEST_0_AMT 31926868.90
PAYMENTREQUEST_0_CUSTOM 4923859218351241
Response
TIMESTAMP 2018-08-21T15:03:28Z
CORRELATIONID da597798d0ba
ACK Failure
VERSION 204
BUILD 48633247
L_ERRORCODE0 10605
L_SHORTMESSAGE0 Transaction refused because of an invalid argument. See additional error messages for details.
L_LONGMESSAGE0 Receiving country does not support the transaction currency.
L_SEVERITYCODE0 Error

Full-time I am the COO of a large retail company in Australia.

In my spare time (what little I have), I enjoy buying, selling, and trading ancient coins and antiquities as a hobby: https://www.ancientcointraders.com.

I am enjoying learning about web-design.

 

osCommerce responsive is the best version of osCommerce.

Download it here: https://github.com/gburton/Responsive-osCommerce

Please donate so the team can continue their work on that project: https://pledgie.com/campaigns/31724

Share this post


Link to post
Share on other sites

In Chinese Yuan? I'm guessing so. Are they actually registering, putting items in the cart and attempting to checkout?


Let's make things easier for new osCommerce users http://forums.oscommerce.com/topic/402638-discussion-about-hard-coded-database-tables/?p=1718900  Getting there with osCommerce 2.4! :thumbsup:

Share this post


Link to post
Share on other sites

Hi Frankl,

Sometimes other currencies also.

These 'guests' do not appear to be registering and I cannot see any items linked with their paypal transaction.

Very odd if it is a hacking attempt. I don't understand the purpose of it. But I'm no expert on hacking...

Peter


Full-time I am the COO of a large retail company in Australia.

In my spare time (what little I have), I enjoy buying, selling, and trading ancient coins and antiquities as a hobby: https://www.ancientcointraders.com.

I am enjoying learning about web-design.

 

osCommerce responsive is the best version of osCommerce.

Download it here: https://github.com/gburton/Responsive-osCommerce

Please donate so the team can continue their work on that project: https://pledgie.com/campaigns/31724

Share this post


Link to post
Share on other sites

I assume your using PayPal express? If yes then I have just had to deal with a similar problem. I found over 400 guest check outs logs on one site!  Many were only seconds apart.They were all for amounts over £500.00. I only found out as I suddenly lost all PayPal Express checkout on all my sites and customers complained Guest check out was not working. I did a full scan both on server and off line as did host, and no hack or sql injection was found.

I never got an answer from PayPal as they said it was an osC matter and nothing to do with PayPal. I uninstalled PayPal express, then installed PayPal Standard, then removed that and reinstalled PayPal Express. Just uninstalling and reinstalling Express did not work.

This appears to have removed the error and its working fine now and no more guest logs appering.

So it looks like it was just a corruption in the PayPal Express app or its settings.


 

Share this post


Link to post
Share on other sites

@peterpil19 Do you have guest checkout? Can you see anything in your website logs? It may be a bit of a worry if bots are able to access the Paypal app and attempt to make transactions.


Let's make things easier for new osCommerce users http://forums.oscommerce.com/topic/402638-discussion-about-hard-coded-database-tables/?p=1718900  Getting there with osCommerce 2.4! :thumbsup:

Share this post


Link to post
Share on other sites

Are there forms of PayPal where the data is sent to PP using GET (URL Query String), rather than POST? GET data transfers can always be faked, and should not be trusted as reliable. Or maybe the GET is further upstream in osC itself? That would be an osC problem, and a hack.


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get (stable) Frozenpatches or (unstable) Edge. See also the naming convention and the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites

Thanks all,

1. JcMagpie - correct, I am using Paypal express, not standard. I have not yet tried uninstalling and reinstalling.

2. Frankl - correct, I do I have guest checkout. Is that something you recommend I turn off?

3. Mr Phil - I would have no idea unfortunately. In which files do I check for this? My version of paypal express should be up to date but if I do find instances of GET I can then compare file by file against the up to date version on github.

I still do not understand what would be gained by people trying to process fake transactions...

Peter

Edited by peterpil19

Full-time I am the COO of a large retail company in Australia.

In my spare time (what little I have), I enjoy buying, selling, and trading ancient coins and antiquities as a hobby: https://www.ancientcointraders.com.

I am enjoying learning about web-design.

 

osCommerce responsive is the best version of osCommerce.

Download it here: https://github.com/gburton/Responsive-osCommerce

Please donate so the team can continue their work on that project: https://pledgie.com/campaigns/31724

Share this post


Link to post
Share on other sites
10 hours ago, peterpil19 said:

In which files do I check for this?

I can't give you a list of files. You would have to trudge through the Payment-related files, looking for code that builds a <a> link to PayPal and puts information in the URL Query String ('GET' transaction).

I still do not understand what would be gained by people trying to process fake transactions...

Well, if the transaction is going through PayPal successfully, and results in a money transfer to you, you haven't been defrauded, but someone else might have been (he whose PayPal account was the source of the payment). This might be a real attempt to get merchandise without paying for it (stealing someone else's account), or it might be criminal mischief (vandalism), or it might be an attempt to discredit and smear you or osC in general. That they used huge, round amounts in currencies you don't support is odd, but might even be an attempt to get a real refund to their accounts when it's canceled (and if the use of the account is unauthorized, it might be an attempt to get the account owner in legal trouble). There are all sorts of reasons this could be going on, none of them innocent.

I would think about contacting PayPal and let them know that you think something bad is going on here, so you're on record as being concerned about this activity and are not complicit. It might even help them track down who's behind this. You might want to consider disabling guest checkout, at least for a while, if the problem seems to be limited to non-members. I take it there are no merchandise orders associated with this activity, just payment/refund attempts?


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get (stable) Frozenpatches or (unstable) Edge. See also the naming convention and the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites
On 8/28/2018 at 11:33 AM, peterpil19 said:

2. Frankl - correct, I do I have guest checkout. Is that something you recommend I turn off?

I don't have any experience with guest checkout, never seen the use for it, but depending on how it's structured perhaps a URL which would normally be visible to logged on customers could be used in the attempt to process Paypal transactions.


Let's make things easier for new osCommerce users http://forums.oscommerce.com/topic/402638-discussion-about-hard-coded-database-tables/?p=1718900  Getting there with osCommerce 2.4! :thumbsup:

Share this post


Link to post
Share on other sites

Is "guest checkout" a reference to "purchase without account", to some other osC add-on, or is it some feature in PayPal App? What to do about the fraudulent PayPal attempts would depend on exactly what we're talking about. Please clarify, @peterpil19


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get (stable) Frozenpatches or (unstable) Edge. See also the naming convention and the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites

Change to POST button procedure against GET to fill out shopping cart to prevent robot activity. If robots can not access the cart then you wont have headache. I use it for ages without any problem in huge number of shops althought I proposed it in 2014 witout any core result... so I have deleted it from github.


:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Share this post


Link to post
Share on other sites

With PayPal Express Guest checkout the bots can do nothing as they still have to pass the paypal security checks and they will fail everytime. It's just a case of having lots of failed entrys in your paypal log that you have to deleat. Still if there is a fix good to know @tgely any chance you have a copy still of the code?


 

Share this post


Link to post
Share on other sites

Thanks all,

This is very useful.

I may have confused things above with my comment regarding guest check out. You can check out using paypal express on my site without creating an account. I think this might just be paypal express thing (see below image).

Sorry, Mr Phil, I was not expecting you to list out all the files! Just a general direction like you gave above.

Peter

payment.jpg


Full-time I am the COO of a large retail company in Australia.

In my spare time (what little I have), I enjoy buying, selling, and trading ancient coins and antiquities as a hobby: https://www.ancientcointraders.com.

I am enjoying learning about web-design.

 

osCommerce responsive is the best version of osCommerce.

Download it here: https://github.com/gburton/Responsive-osCommerce

Please donate so the team can continue their work on that project: https://pledgie.com/campaigns/31724

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×