Jump to content

Hackers Ordering and bypassing paypal.


Recommended Posts

Hackers are hijacking my current customer accounts and ordering domains. I use the paypal paypment gateway. Last night I got a bogus order so I changed every password and every user password.


I wake up this morning and there are more orders from my customers and they ordered domains on their accounts, changed their email addresses etc.


The weird thing is none of my products are setup for auto setup but these orders that came in were using auto setup.


- - - Updated - - -


I am running the latest whmcs.


- - - Updated - - -


It looks like they inject credit into the customers account and then use that to buy domains.

Link to comment
Share on other sites

A support ticket would be best at this stage I think. We can't really look into it without certain details which you probably don't want to share for good reasons.


I would recommend you temporarily disable the credits system to prevent yourself from getting new orders (resulting in loss money on domains).


Whilst products are not set to auto setup, how about domains (set on a per TLD basis)? Verify they're not automatically setup as that should stop them going through.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated