Hello,
I got a major problem with one of my websites. Running the latest Joomla version 3.9.21 and running the latest Virtuemart 3.8.4 with PHP version 7.4.9.
There is an order with 100% discount. And the coupon code is used, it's the last name of the customer, but I don't have that coupon code.
https://imgur.com/a/ChgadIm
Also there is no payment method selected, while I only have 1 payment method. And when the order was placed, it automatically went to the confirmed status, without being paid, see the screenshot. Is this a known bug? Very major leak I think.
Any idea what the issue might be?
Any possibility the sie has been hacked? Any out of date 3rd party extensions?
Quote from: jenkinhill on September 07, 2020, 16:19:36 PM
Any possibility the sie has been hacked? Any out of date 3rd party extensions?
No that is not a possibility, I don't see anything weird in the logs. Also every 3rd party plugin I use is up to date, that is why I found it extremely weird. I haven't seen this ever, and I am using Virtuemart for quite some time now.
That is why I thought it's some kind of leak?
Sounds fishy to me. Do you actually have a 100% discount coupon? Have you checked the raw access logs?
Quote from: jenkinhill on September 08, 2020, 11:12:21 AM
Sounds fishy to me. Do you actually have a 100% discount coupon? Have you checked the raw access logs?
No I don't have a 100% coupon code. I checked the access logs but I cannot seem to see anything. Around that time there aren't even lines... :S
Quote from: Huubs on September 08, 2020, 10:52:56 AM
No that is not a possibility, I don't see anything weird in the logs.
....
I checked the access logs but I cannot seem to see anything. Around that time there aren't even lines... :S
Thank god, then it might have been just a glitch in the matrix.
Or a difference between local time and server time.
Quote from: Huubs on September 08, 2020, 10:52:56 AM
That is why I thought it's some kind of leak?
How do you define leak?
Probably a security leak, like a weak password, or a person with access to the backend.
But thank god, hacked is not a possibility. Or maybe?
Personally if there is no possibility for a hack, I run a check with mysites.guru.
Devastating what that tells me about how hacked sites are sometimes.
Stefan
I think that someone :
- found the admin credentials(or used a hack)
- added product to basket
- generated a coupon.
- used the coupon
- confirmed the order
- removed the coupon.
You can check if the coupons IDs have a hole in the sequence, if this is the case then my theory is certainly right.