PayPal Community

Lascharcas07 · ‎Nov-12-2018

Anyone else hear of a hack in which a bad hat (Russian, apparently) hijacks a site after they donate? I'm with a non-profit, and just heard that donors went to a graphic porn site after completing a PayPal donation, which does, in fact seem to go through.

On investigation, I noticed that our PayPal button did NOT specify which page to go to after a donation was made. I changed that, copied the text into our WordPress HTML of the button, published, then made a donation myself...and a few seconds later, translation completed, was again at the same apparently Russian porn site!! I'm hoping I DID fix the problem, and the code just hadn't been replaced yet....

Thoughts? The button on our website had NOT been tampered with, as far as I could tell; is it possible a hacker could hijack a site by inserting code at PayPal when PayPal code was looking for a site redirection?

I've written PayPal officially; I'm just hoping this is a unique problem!!

NewSunSEO · ‎Mar-13-2019

This just happened to one of our clients, who clicks the same link to make a payment each month for two transactions. They are an IT company, I don't think they have been hacked. I have no idea what this could be, we are not redirecting them a page on our website after the transaction.

PayPal_Drew · ‎Mar-17-2019

Hi Lascharcas07 & NewSunSEO,

This does sound like a rather concerning situation for your customers. I can confirm that our provided button HTML code directly from your PayPal account would not have this information. I recommend that you reach out to your developer to see if there is an issue with the website's code. I haven't heard of this specific issue but they should be able to review your information to make sure everything is accurate. Also, if you don't have a developer, I think Wordpress (If that's who your website is through) offers support.

Thanks,

Drew

PayPal Community

Hack after user donates?

Haven't Found your Answer?