VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Credit card fraud and hackers
 Hacked again! Possible PayPal backdoor!
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

cooper
Starting Member

15 Posts

Posted - April 16 2003 :  08:31:39  Show Profile  Reply with Quote
Once again, a jackass got around the "checkout" and was able to download products on my site.

While this seems to be a reoccuring theme, this trick was a new one to me. The customer actually placed the order, selected PayPal and was returned to my cart, with VPASP thinking the transaction was a good one.

However, no funds were added to my PayPal account. When I looked at the order in my cart, the "Payment Type" was PayPal. The "Authorization" reads "refno= status="

Has this happended to anyone else??? Anyone know how to correct this???

support
Administrator

4266 Posts

Posted - April 16 2003 :  08:44:20  Show Profile  Visit support's Homepage  Reply with Quote
Paypal is not a reliable payment method and can be fooled. So unless you receive a PayPal receipt do not believe payment has been made.

Even receipts do not guarantee payment since some of Paypal status is "pending" meaning the money has not cleared.

We support Paypalipn interface where paypal returns "under the cover" the status of a transaction.

VP-ASP Support



Go to Top of Page

Cam
VP-ASP Super User

Australia
361 Posts

Posted - April 16 2003 :  10:24:52  Show Profile  Visit Cam's Homepage  Reply with Quote
Hi there,

We have changed the code so that if an incorrect message is returned the shopthanks page shows up ok but there is no download link.

We then add the user to our hacker file so his IP and email is blocked so he cannot get past the shopcustomer.asp page again.

While we haven't done this for PayPal the overall concept is the same and we could vary it for your business requirements if needed.

If you would to chat about this please feel free to email me at http://www.vpasp.com/sales/shopcustcontact.asp.

Cheers,
Cam

*************************************
Cam Flanigan
YourVirtualStore Sales
e-mail: http://www.vpasp.com/sales/shopcustcontact.asp
web: http://www.yourvirtualstore.net

Build you own YourVirtualStore!!!
www.yourvirtualstore.net
*************************************
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000