I have someone hacking my PayPal Buy Now Buttons. After clicking the 'Buy Now' button everything seems to load fine. Then the next page I have the 'Pay With Debit or Credit Card' Button. When you click this, it looks like it is loading normal, but the turning circle jumps several times. When I look at the loading with Inspect Elements, all kinds of other things are loading besides just PayPal. There is a Facebook page that GET's my PP account #, along with the item and price, etc.
My question is because the hack is loading 2 pages away from my website from the https page of PayPal, does anyone know of a way I can stop this injection of these javascripts, xml's, and gif's that are loading with the hack codes.
I am very new to this and can not afford a web developer. I think I am probably in need of a robust CSP (Content Security Policy) but I just can't figure out how to get it so that it loads the correct elements and not the hacked elements. Most is coming through .gif's and .js's - Is there a way to block everything, and then only allow the correct PayPal elements? Is there anyone that knows of a place that may be able to help me? Maybe a page that shows some examples of CSP from a page that uses PayPal's 'Buy Now' buttons?
Whenever I try it either all still loads or nothing loads, not even PayPal's - I am using the secure Buy Now buttons made on PayPals website. Could I set up a certificate instead somehow to where it checks that before it loads? It just seems so unsafe with just adding the button code in the html and that is it. Isn't there something more secure? Any suggestions anyone can help me with would be GREATLY appreciated. These people are stealing over $2000 a month from me. Thank you for your help. I truly, truly would appreciate it!!
Kind regards,
BillAddr
