vBulletin 4 Subscription Help (Usergroup Tricking Through Paypal?)

Discussion in 'vBulletin Discussions' started by Runekeep, Mar 4, 2010.

  1. Runekeep

    Runekeep Newcomer

    Joined:
    Feb 22, 2010
    Messages:
    10
    Likes Received:
    0
    I have a big issue and can not find a answer to it, since I have greatly been helped here already and my problems to that question solved. I hope this is another place to get answers to questions that I seem unable to find. Here's my problem.

    Paypal, usergroup tricking.

    I created 2 user groups.
    Trial Member Usergroup - (3 Day Trial - Cost $1)
    Premium Member Usergroup - (30 Days - Cost $5)
    along with the subsscription package to go along with it.

    Today someone sent in a payment with paypal, using the vBulletin Subscriptions API(I believe it's called),ordering the Premium Membership package I have set up on vBulletin, which gave them the Rank and set their Usergroup to Premium Member, but yet, they only paid for the Trial Member Usergroup which is $1. I have checked all the user groups settings and the payment settings and they are all correct. Has anyone ever heard of this happening before? This person somehow trick the payment process and I need some information on how I can patch this feature and stop it from happening again.


    So they pretty much got the $5 Premium Member for $1 using some kinda of trick/hack.

    I hope I explained this good enough and I can be helped with it. Thanks for reading.
     
    Runekeep, Mar 4, 2010
    #1
  2. Abomination

    Abomination Zealot

    Joined:
    Jun 1, 2009
    Messages:
    1,514
    Likes Received:
    102
    When I have problems like that in v3, it is usually some setting in my admincp that I've set up incorrectly. I usually test with test accounts. In my case the least likely possibility would be someone doing it on purpose, especially if it only saved $4.

    I am not technical enough, or familiar enough with v4 to help, but I hope you find the answers to the issue.
     
    Abomination, Mar 4, 2010
    #2
  3. Outdoor-Fishing

    Outdoor-Fishing Adept

    Joined:
    Dec 25, 2009
    Messages:
    146
    Likes Received:
    21
    From a third party source:
    A very old trick. I am not technical enough to explain all the details, but it involves changing the set value.
    Example: Paypal invoice is sent with the original value of $5. The member intercepts and changes the owed value to what they want. Invoice is paid, and you recieve the adjusted payment.

    Basically, the user is hacking your code somewhere and changing it.

    Outdoor-Fishing
     
    Outdoor-Fishing, Mar 5, 2010
    #3

Share This Page