OpenCart Community

Scumbag got an email EVERY time credit card details entered on my website....

Hi All

I'll be brief, basically my site got hacked. They (rather clever but most annoying person) placed just 3 lines of code into the PayPal Pro Payment mod.

These simple three lines dropped him an email whenever someone entered credit card details using PayPal Pro payment (the one where people enter the values actually on your website, in my opinion this is the least effort for the customer in most cases, and they just choose paypal express if wanted).

However, that's bad, and VISA are now DEMANDING I get a 'PFI Lite' (PCI Forensic Investigation). Otherwise I'll be blacklisted.

They (PayPal) don't state what 'blacklisted' means; me as a person, the business, what?

I may be in for fines from Visa too. Around £2000 is what the PFI people are saying.

Has anything like this happened to you?

I have trustwave scanner, and virus scanner and what I though was a locked down setup on a business (Shared) server (£35/month).

I really feel if this happened to me, It really could happen to you.

And given I had no idea that I would be liable for such a bill, from Visa of all people, I thought I should share.

If you have PayPal Pro, you are at risk of this bill too.

What are you doing to prevent this happening to you?

Thanks for your feedback and support...

i'm not sure why you need to deal with visa, when you should be dealing with paypal directly since you're using their services.

Anyway, I haven't heard of such cases, but a shared host will unlikely be a PCI compliant server. Using paypal standard may be a better choice, as for personal preferences, I don't like entering payment details on the website itself, but directed to paypal for safer payment.

Hi, the hosting package is 'special' for PCI compliance, so yes it was.

There are many people having a similar problem on this forum, saying they get authorise.net or similar payment method enabled on their site.... actually this is just a hacker enabling it and setting it to his/her account so he gets paid instead of the store owner.. it's similar, not the same.

My main problem it would seem is not recognising this problem occurred.

The fact this happens is just part of being online, but not noticing is the main problem.

I've a new system that checking the MD5 hash of all my files every hour now, and so now I know every time a file changes on the server.

This could happen to you if you use Paypal Pro, and just wanted to let people know.

I've moved over to Stripe now, as that sends the data straight to Stipe's servers. But in my opinion this could still be hacked so you still need to monitor any changes to your code files.