Jump to content

Possible misconfiguration; possible fraud

Recommended Posts

Hi everyone,

I have a signup for shared hosting. On the manage orders page, where I can manually accept, cancel, cancel and refund, etc., the following information shows:

Item Description Billing Cycle Amount Status Payment Status
Shared Hosting Hosting Packages - Unlimited Package
(www whois intoDNS)
Monthly £19.99 Pending Incomplete


The domain appears to be a subdomain of my domain (harryadney.com). Is this normal until the order is accepted?

Share this post

Link to post
Share on other sites

at a guess, I would think that when ordering, they've just selected the "use existing domain" option and entered datasupplies.harryadney in there...


a little naughty of them if you aren't offering subdomains with the product... if true, i'd put this more in the category of fraud than misconfiguration... but do a dummy test order, similar to above (datasupplies2.harryadney), and see if it looks the same on the Manage Orders page.

Share this post

Link to post
Share on other sites
1 hour ago, HarryAdney said:

Is there a setting I can use to stop people doing this?

sadly not - there are few checks with the cart in general, and fewer with the existing domain option... you'll be looking at editing the template or using a hook.

if thinking of editing the template, you could use HTML5 patterns as per the thread below...


if you would prefer to use a hook, there would be a number of ways - ShoppingCartValidateDomain would be one way, using jQuery would be another - in fact, @stormy recently posted code that i've quickly rewritten for your purpose as a hook (attached)..

it will do a number of things - firstly, if someone tries to add 'harryadney' to the sld input (left input field), then it removes that string... so in your case, if they had entered 'datasupplies.harryadney', the hook would change that too 'datasupplies' - the order will still go though because we're not checking whether datasupplies.com exists or not, but they shouldn't be able to use your domain (or any others that you add) from now on.

additionally, if somebody tries to play silly buggers and adds 'harryadney.com' to the tld input (right input field), it will get removed... e.g if they had entered 'datasupplies' in the sld field and 'harryadney.com' in the tld field, the order will still likely have gone through (that might be another way of how they did it)... with this hook, it won't progress any further because the tld field will be empty and they will have to enter another TLD.


Share this post

Link to post
Share on other sites
9 minutes ago, HarryAdney said:

Thanks mate. Do I just upload owndomain.php to the hooks folder? I'm not familiar with hooks, tbh.

yeah, just plonk it in /includes/hooks and you should be good to go.

  • Thanks 1

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.


Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated