Monthly Archives: September 2008

PayPal Doesn’t Mind Fraud?

Leave a reply

We use PayPal exclusively (for better or worse) to collect payments on one of the e-commerce sites I manage. Recently, we noticed a lot of suspicious transactions being allowed through PayPal. High dollar value, Overnight Shipping, to shipping addresses that didn’t match billing addresses. What was odd is it seemed like it was happening all of a sudden. Turns out, we’d been hit be what appeared to be the same group for about 12 days.

I was really shocked this problem just popped up because you’d think PayPal would be on top of this sort of thing and let us know of suspicious transactions. Well, that isn’t the case. I’m not 100% sure if PayPal changed something in account settings or not, but it turns out that we had all of our Risk Controls set to Accept. Now, I’ve never seen this stuff before in our PayPal profile, but I also don’t manage the PayPal account on a daily basis.

What I found shocking, and absolutely ridiculous, is that PayPal didn’t set the defaults for these settings to the safest possible, but the unsafest. We were set to accept all transactions, regardless of address verification, credit card security verification, and a whole bunch of other settings. I couldn’t believe it when I saw it. The only reason I actually looked was that I had posed my problem to the PayPal Developer Community. Needless to say I locked the entire account down so we were as safe as possible, but I just couldn’t believe PayPal would do this by default.

It seems obvious, since PayPal isn’t a bank or even your typical credit card processor, that PayPal is just interested in collecting its fees. They probably could care less about you as a merchant and how you need protected. I’m sure we’ll be investigating other processors (which I know there are plenty of out there) to use in the future. PayPal just doesn’t seem to be the safest way to pay (pun totally intended).

Wakeboarding = Fun!

1 Reply

Sunday afternoon, I was able to take my first crack at wakeboarding. My friend Bob took me out on his boat with my wife and my other friend Jay for an afternoon on the lake. After a few tips from Bobby and Jay, out I went.

The hardest part is definitely getting up out of the water. You basically have 2 seconds to turn the board and get up or over on your face you go. I did ok I guess for my first time out. I got up out of the water and went for a few “rides” down the lake, but nothing fancy. Keeping the board edges up correctly is definitely key too. A few times I got the nose of the board down going out over the wake and face planted hard. I definitely got a good case of whiplash hitting the water face first.

Monday I was sore as hell. My legs and arms definitely took a beating. It takes a lot of strength to pull yourself up out of the water. A lot more than water skiing, which I’ve done before. All in all it was a ton of fun though. I’m definitely hooked and can’t wait to go again!

WordPress Login Redirect Issue

Leave a reply
WordPress

It’s been a while since I’ve written here. I’ve been busy taking care of some personal and work business that’s just taken up more time than it should have. A few people have wondered where I’ve been and were clamoring for some new content to read. So here we go!

I upgraded the version of WordPress that this blog runs today, but ran into a problem when I went to log in. Each time I logged in, I’d just get redirected back to the login page. Turns out, I was a victim of a security hole in an older version of WordPress. I found a useful article by John Hawkins that details the issue. His solution was a little more involved than I wanted to get into, so I tried something on my own that worked.

John notes in step 4 that you need to delete the current value of active_plugins in the wp_options table. Turns out, this is all I needed to do, e.g.

update wp_options set option_value = '' where option_name = 'active_plugins'

I cleared that out, logged back in, and re-activated all of my plugins. Problem solved!