Hackers Ordering and bypassing paypal.

[ryans]

Hackers are hijacking my current customer accounts and ordering domains. I use the paypal paypment gateway. Last night I got a bogus order so I changed every password and every user password.

 

I wake up this morning and there are more orders from my customers and they ordered domains on their accounts, changed their email addresses etc.

 

The weird thing is none of my products are setup for auto setup but these orders that came in were using auto setup.

 

- - - Updated - - -

 

I am running the latest whmcs.

 

- - - Updated - - -

 

It looks like they inject credit into the customers account and then use that to buy domains.

[vec]

you may have a breach.. get a support ticket in ASAP and see what the problem might be... look at all the logs as well.. What version of WHMCS are you using?

[Alex - Arvixe]

A support ticket would be best at this stage I think. We can't really look into it without certain details which you probably don't want to share for good reasons.

 

I would recommend you temporarily disable the credits system to prevent yourself from getting new orders (resulting in loss money on domains).

 

Whilst products are not set to auto setup, how about domains (set on a per TLD basis)? Verify they're not automatically setup as that should stop them going through.