gswahhab wrote: I'm not sure if this is the case or not. Someone had mentioned that the api id / transaction keys were compromised. You may want to reset your transaction key if you haven't already.
I don't know if this is what actually was compromised or not.
Already reset the key. the transaction id looked like it came from DTdonate. I doubt they got my credentials. They are using DTdonate sites to find valid credit cards.
gswahhab wrote: I'm not sure if this is the case or not. Someone had mentioned that the api id / transaction keys were compromised. You may want to reset your transaction key if you haven't already.
I don't know if this is what actually was compromised or not.
Already reset the key. the transaction id looked like it came from DTdonate. I doubt they got my credentials. They are using DTdonate sites to find valid credit cards.
I can confirm this as we are having the same issue.
Upon investigation, it seems that the CAPTCHA is only checked client side, not server side, via the donation form. Using a custom page to post data directly to the processing page bypasses the CAPTCHA entirely.
I've had to shut down our donation page, as blocking the IP is a game of cat and mouse. They'll just change to a new proxy.
dthadmin wrote: Guys... sorry this thread wasn't replied to before, but this issue has already been addressed. Upgrade to 2.2.4 and you'll find this can't happen anymore. Also, the IP address is now captured also. Notification of this update went out on email and also has been posted here in the forum (announcements category).
you sure this is fixed? we have like 20 $1 charges all of the sudden using 2.2.4. I also see no failed attempts in the donation records log
I have been hit on 2 sites. They seem to be entering it manually with about 2 minutes between transactions. I blocked ip addresses to no avail. What seems to work is to have the bank require address, name and CCV validation and tighten up on the same checking from authorize.net,
The biggest impact we are now seeing is a daily settlement for zero transactions and zero dollars. I suggest you keep your eyes opened for any bogus transaction which processed. I had one a few weeks ago which processes for $100. I was able to void it immediately, but the woman must have been very tight.We had 10 about calls asking about the transaction. Chase finally reversed it.