Just got two $0.01 orders - but have no such products...
Hi, I just recieved two payments via Paypal made to my shop. These orders where both from the same guy who made a payment of $0.01 - thing is I don't have any products on my site for that amount.
Is this something to worry about? Could it be a 'hacking' attempt?
Also I didn't receive the [NEW ORDER] e-mail that the store normally would send. And there is no record of an order in the 'orders' section in the admin panel. Though I can see the customers name and account details...
Re: Just got two $0.01 orders - but have no such products...
What version of Zen Cart? Which PayPal module is installed?
Re: Just got two $0.01 orders - but have no such products...
Version 1.3.8a, using PayPal IPN.
Re: Just got two $0.01 orders - but have no such products...
Quote:
Originally Posted by
jnms
Hi, I just recieved two payments via Paypal made to my shop. These orders where both from the same guy who made a payment of $0.01 - thing is I don't have any products on my site for that amount.
Is this something to worry about? Could it be a 'hacking' attempt?
Hey, did you recently setup PayPal? Both PayPal & Google Checkout carry out couple of penny transactions to verify your bank account setup. I don't think you have anything to worry. You might want to confirm this with PayPal.
Re: Just got two $0.01 orders - but have no such products...
Quote:
Originally Posted by
jnms
Hi, I just recieved two payments via Paypal made to my shop. These orders where both from the same guy who made a payment of $0.01 - thing is I don't have any products on my site for that amount.
Is this something to worry about? Could it be a 'hacking' attempt?
Also I didn't receive the [NEW ORDER] e-mail that the store normally would send. And there is no record of an order in the 'orders' section in the admin panel. Though I can see the customers name and account details...
By the sounds of it, I would say it was a hacking 'probe' to see what would happen.
As you don't have any pricing for 0.01 cents but somebody was able to place one, they obviously knew how to get around an error page. Not sure about Google but I know PayPal uses two (2) payment deposits of different amount and more than 0.01 cents, when confirming a Bank account. Then they ask you to insert the amount they deposited to confirm your account. Could be they've change that amount though, so it's good advice to check with PayPal.
As to seeing the Customers Name and Account details, that is a default function of Zen Cart regardless of the Order payment being successful/unsuccessful. I'm hoping that gets changed. Although it can be helpful in troubleshooting valid Orders that had a payment problem, it can be confusing as well as somewhat of a Security issue... but maybe that's just me? :wink:
Re: Just got two $0.01 orders - but have no such products...
Might have been some sort of probe to look for vulnerabilities or test payments.
Zen Cart won't record an order if the payment doesn't match an order for which it's waiting confirmation, so you won't end up with rogue orders in your database from that.
I'm not sure what you're referring to about customer information though. If you're referring to the details of who paid you when looking at the transaction in PayPal, that's to be expected ... PayPal tells you who paid the amount.
If you figure the transaction is rogue, I recommend refunding it ... that way they won't do any chargeback.
Re: Just got two $0.01 orders - but have no such products...
Sounds like "carding", the practice of trying out stolen credit cards to see if they are still valid.