Support A2Billing :

provided by Star2Billing S.L.

Support A2Billing :
It is currently Tue Mar 19, 2024 2:25 am
Voice Broadcast System


All times are UTC




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: A2BILLING EPAYMENT ATTACK PLEASE HELP!
PostPosted: Thu May 08, 2014 1:30 pm 
Offline

Joined: Sat Jul 25, 2009 8:03 pm
Posts: 45
Greetings,

Starting this morning, my a2billing from my 2 Elastix servers are starting to bomb my e-mail account with this e-mail:

Subject: Epayment Gateway Security Verification Failed

Body:

Dear Administrator

Please check the Epayment Log, System has logged a Epayment Security failure. that may be a possible attack on epayment processing.

Time of Transaction: $time
Payment Gateway: $paymentgateway
Amount: $amount



Kind regards,
EST Telecomm, INC



-POST Var
Array
(
[transactionID] => 12
[sess_id] => 324345
[key] => 35434
[mc_currency] => 345
[currency] => 325
[md5sig] => 35
[merchant_id] => 345
[mb_amount] => 01
[status] =>
[mb_currency] =>
[transaction_id] => 54646'
[mc_fee] => 4356456
[card_number] => 2343235345
[x] => 51
[y] => 8
)

Transaction ID does not exist, merchant ID does not exist, card number does not exist... This certainly is an attack. Has someone stumbled with this before? I have a firewall blocking pretty much everything... A2B is 1.9.5 because I run it over Elastix 2.4.0 and due to the PHP version they use (5.1.6) I cannot upgrade A2B to version 2.0.x

Please help, I have had to stop the postix service to avoid dealing with thousand mails about this...

Paul


Top
 Profile  
 
 Post subject: Re: A2BILLING EPAYMENT ATTACK PLEASE HELP!
PostPosted: Sat May 30, 2015 3:31 pm 
Offline

Joined: Wed Nov 25, 2009 12:01 pm
Posts: 90
Hi,

I'm getting similar attack on a2b 2.0.13, can't figure out how they inserting papal payment.
they first attempt to make payment using the paypal check out. then cancel the payment without completing the payment. i believe they catch the payment url then try to inject some code to spoof payment. This kind of hack has been carried on many occasion. i have been burnt on previous occasion. we need to collectively work together to fix this exploitation.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 
Predictive Dialer


All times are UTC


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group