Disappointed, Plugin Possibly Hacked

  • Resolved Tankerman

    (@sdrynan)


    9 years, 9 months ago

    To the author, this plugin is either hacked or there is an exploited back door into it. Seems really funny to me that within 2 days of installing it I have some piss ant card tester using my site to fraudulently run credit cards to find out which will work and which won’t. The amount of times the cards are run during the day suggests the scumball has no life and sits on his computer running the cards manually or they have an automated script the runs with the code of the plugin. The chances of them finding my website are so minuscule that it fosters suspicion and indicates that you have a problem. Very disappointed, thought this could be a cool plugin.

    https://www.ads-software.com/plugins/wp-donate/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author ketanajani

    (@ketanajani)

    Thank you for using this plugin and pointing out the issue that there may be an exploited back door into it.

    You’ve just provided information that is someone trying to check which CC is working and which one is not, right? The plugin is free and anyone can use/modify it. So in my opinion you should edit plugin yourself and make it secure(as well as your site) according to requirements. For example adding captcha on the payment form.

    I can provide support if you will have any error on plugin or any trouble configuring it.

    Thread Starter Tankerman

    (@sdrynan)

    I need the plugin to pull the IP of the person using it and send it along with the CC information to my processor, is there a way to do that?

    Plugin Author ketanajani

    (@ketanajani)

    Yes you can get the IP address of plugin, and to do that you need to modify two files:
    – donate-display.php (from where the function called to process the payment)
    – donate-functions.php (from where the actual payment process executed)
    Both these files are inside “include” directory of this plugin.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Disappointed, Plugin Possibly Hacked’ is closed to new replies.