Customer information problem -- zenid

[janeausten72]

I run a site with only digital downloads (http://www.liddysloft.com/boutique) and lately I've had a few customer names that come up as ordering different combinations of our free items over and over (ie. order #1: freebie #1, order # 2: freebies #1-4, etc.)

I updated the site with the latest security fixes per the forum instructions as soon as the e-mail/announcement came out that they were needed.

Is this something wrong with the ordering system or an attempt at hacking? I had a lady just this morning (first time) e-mail me and say she received e-mail confirmations of orders that she didn't place and she was VERY irate.

[DrByte]

Doesn't sound like a hack. Sounds like spam abuse.
You could investigate the IP addresses these orders were place from, and perhaps ban them.

[janeausten72]

This is the e-mail the lady sent me,

"Hello. I'm really upset...Last night I created an account with you to download a couple of your freebies and possibly order a kit or two (which I was going to do this morning). To my surprise, this morning I woke up to an inbox full of order confirmations for orders that I did not place (10 in total). My security has been compromised! There are now a bunch of people that have my personal information...my full name, phone number, address and e-mail. Thank goodness I hadn't purchesed anything or they'd have that information too! Words cannot describe how violated I feel. You truly need
to do something to fix this situation."

I wasn't sure if this was the "hacker" still trying to get information from me by my reply.

[DrByte]

This isn't hacking.

This is most likely a result of advertising a URL to your site which included a &zenid=xxxxxxxxxxxxxxxxxxxx section in the link.

This would allow anybody to take over someone else's session if both people came in via that same link.

Try turning "Recreate Session" "on" in Admin->Configuration->Sessions
This should help prevent that behaviour.

However, you need to TEST several purchases from several different computers to be sure things are still working right.

AND ... GO FIND THAT BAD PUBLISHED URL ... and get rid of it...

[janeausten72]

I'll try that--as soon as I can. The server is flaky today! I'll update as soon as I do this.

Thank you!

[janeausten72]

In looking at the orders, I see two IP addresses for each order, on right after the other. This particular lady does have her IP address on several of the orders as the first IP address, but the second ones differ. And then there are orders with two completely different IPs. How do I figure out if I should ban any?

Sorry so many questions--I'm really new to all this!

[Merlinpa1969]

you dont need to ban any of these,
you need to findout where the link was that they came in from,
Also re-assure her that even had she placed an order that none of her payment information is stored,

[janeausten72]

Is there any easy way of tracking that? I have people that post links to the store, gallery, forums all over the place!

And any way to prevent that happening again or will the Recreating Sessions work?

[dbltoe]

This isn't hacking.

This is most likely a result of advertising a URL to your site which included a &zenid=xxxxxxxxxxxxxxxxxxxx section in the link.

This would allow anybody to take over someone else's session if both people came in via that same link.

Try turning "Recreate Session" "on" in Admin->Configuration->Sessions
This should help prevent that behaviour.

However, you need to TEST several purchases from several different computers to be sure things are still working right.

AND ... GO FIND THAT BAD PUBLISHED URL ... and get rid of it...

Do a search through your site to find "&zenid". You, or someone "helping" you, has added a link AND added the Zen ID into it. When this is done, everyone who clicks the link is entered into the same session and one order places an order for everyone including those who did not log out and whose session has not dropped.

Most of them are on the main page inserted from the define pages editor but, there may be others.

[janeausten72]

That seemed to work . . . only now the whole center section of the store has disappeared!
I checked all the settings I know about from Admin and everything is turned on that needs to be but my main page info., New Products, Specials, and when you click on a product the descriptions are no longer there!

Can someone help? http://liddysloft.com/boutique/index.php?main_page=index