Home Private Messages Search
CPG Dragonfly™ CMS Dedicated Server & Bandwidth Sponsored by DedicatedNOW
Toggle Content
 
Forums ⇒ CMS (All) ⇒ Security :: Archives ⇒ Paypal :: Archived


Forum FAQForum FAQ  Log in to check your private messagesLog in to check your private messages  LoginLogin
SearchSearch  ModeratorsModerators
Paypal :: Archived
Post any security related questions in here.
Please send discovered reports to security @ cpgnuke.com
Do Not post links to exploits or hacker sites - your post will be edited/deleted.
If you think you've been hacked, FIRST go through your server logs.
Post new topic    Revive this topic    Printer Friendly Page     Forum Index ⇒  Security

Topic Archived View previous topic :: View next topic  
Author Message
DJ Maze
Developer
Developer

Offline Offline
Joined: Apr 19, 2004
Posts: 5683
Location: http://tinyurl.com/5z8dmv
PostPosted: Wed Apr 28, 2004 6:36 pm
Post subject: Paypal
I recieved a lot of spam within 1 week due to the old Paypal button on website.
How to prevent spammers from recieving your emailaddess:

Paypal now has the availability of a encoded string so it's hard for spammer software to trace the emailaddress for it.

So when you generate a button at paypal.com be shure the "secure code" is checked, then youget code like this
Code:: 
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but21.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----
MIIHbwYJKoZIhvcNAQcEoIIHYDCCB1wCAQExggEwMIIBLAIBADCBlDCBjjELMAkG
A1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
EgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UE
AxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJ
KoZIhvcNAQEBBQAEgYAwDa/NBO6JcOFFTLS8Tw9+rpE0cD+2zdCYvsfpxbUHtxqO
pED2SHGCejAvd4ve0qY4s7ltwCawNBJupDWLCLgHhbn1LOB2EKlSOABRXVAy0x+z
dhoQfdzdqlx/9qzWW+bq2g9/ZCxfSC5g9UB5q37AyJEyLhEItnG2aGBmx8AiizEL
MAkGBSsOAwIaBQAwgewGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQItAYHF0LEqQCA
gcinPd1gfb5ydthVxo+6s0g7FkLy1/k4qaMiSTQ6AyWealQXNakG3DZS6LxuD5JE
8c9A4LAIMCOda3TBmkkpCoTz9BdVZIqnzeRHi/0BzArNwxcKPirQgkhGVexrXGzy
IYN8Xt9F0ZAAPV5WNVtNWHdQ84IQvWfr5cHtVTTznBXzGjDnBBwX5K2ZHrVGDNQV
M1u/5CFHH63Zcv/tIjJ3tQYIuF6XD10/p13RAaLLKGRYb9YcZ+Y89ytIzVV3wcps
PEwl1ydaGJXb8KCCA4cwggODMIIC7KADAgECAgEAMA0GCSqGSIb3DQEBBQUAMIGO
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZp
ZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREw
DwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTAe
Fw0wNDAyMTMxMDEzMTVaFw0zNTAyMTMxMDEzMTVaMIGOMQswCQYDVQQGEwJVUzEL
MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1Bh
eVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2Fw
aTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAwUdO3fxEzEtcnI7ZKZL412XvZPugoni7i7D7prCe0AtaHTc9
7CYgm7NsAtJyxNLixmhLV8pyIEaiHXWAh8fPKW+R017+EmXrr9EaquPmsVvTywAA
E1PMNOKqo2kl4Gxiz9zZqIajOm1fZGWcGS0f5JQ2kBqNbvbg2/Za+GJ/qwUCAwEA
AaOB7jCB6zAdBgNVHQ4EFgQUlp98u8ZvF71ZP1LXChvsENZklGswgbsGA1UdIwSB
szCBsIAUlp98u8ZvF71ZP1LXChvsENZklGuhgZSkgZEwgY4xCzAJBgNVBAYTAlVT
MQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChML
UGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVf
YXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tggEAMAwGA1UdEwQFMAMB
Af8wDQYJKoZIhvcNAQEFBQADgYEAgV86VpqAWuXvX6Oro4qJ1tYVIT5DgWpE692A
g422H7yRIr/9j/iKG4Thia/Oflx4TdL+IFJBAyPK9v6zZNZtBgPBynXb048hsP16
l2vi0k5Q2JKiPDsEfBhGI+HnxLXEaUWAcVfCsQFvd2A1sxRr67ip5y2wwBelUecP
3AjJ+YcxggGaMIIBlgIBATCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjET
MBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG
9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJ
AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA0MDQyNzIwNDg0MFowIwYJ
KoZIhvcNAQkEMRYEFK3Oe8Mf65J16cOCutzsPs46x7zEMA0GCSqGSIb3DQEBAQUA
BIGAk1HRYRJEAvSVSihOIfW3hsk46lzUJDBwoTQ8zXJHLR/9L3RyeHxti+tPTLiG
QvSNl9nStFKmsLIfH5H0yHVynayqnYoDH/70XGc/J9Fa9OMMM9jSOm2lUCoo5ZRb
5gZUmEH+BYsU9AcoaAGfG86uD7rNkyDzJITIORV92ksYsjU=
-----END PKCS7-----
">
</form>
instead of
Code:: 
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="NOBODY@LOCALHOST.COM">
<input type="hidden" name="item_name" value="CPG-Nuke Donation">
<input type="hidden" name="item_number" value="3">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="return" value="http://cpgnuke.com/index.php?name=Paypal">
<input type="hidden" name="cn" value="Your CPG-Nuke membername">
<input type="hidden" name="currency_code" value="EUR">
<input type="hidden" name="tax" value="0">
<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but21.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>

_________________
There are two paths, the short one and the long one.
When you choose the short path you will notice it takes longer then the long path.
So READ the FAQ and Wiki first Razz

DJ Maze's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Fedora 15 / 2.2.22 / 5.5.20 / 5.3.10 / CVS
Back to top
View user's profile Visit poster's website Yahoo Messenger Photo Gallery
Jeruvy
Security Team
Security Team

Offline Offline
Joined: Apr 23, 2004
Posts: 1432
Location: Canada
PostPosted: Wed May 26, 2004 4:40 pm
Post subject: Re: Paypal
You know I could find nothing on paypals site about this. Could you provide a link? Nothing about a SECURE button that I could see...

This is a great idea btw...

_________________
J.
j e r u v y a t y a h o o d o t c o m

Need help? Look here: www.dragonflycms.org/W...d=112.html
Need to chat? Look for me on irc.freenode.net

Jeruvy's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Ubuntu7.10/Debian3.1 - 2.2.3/1.3.37 - 5.0.38/4.0.27 - 5.2.1/4.4.7 - CVS/9.1.2}
Back to top
View user's profile ICQ Number Yahoo Messenger Photo Gallery
Viperal
Supporter
Supporter

Offline Offline
Joined: May 01, 2004
Posts: 858
Location: New York
PostPosted: Wed May 26, 2004 5:17 pm
Post subject: Re: Paypal
when you do a make link or bottom it asks you if you want to make it a secure link or bottom. Tell me if you don't see , I'll go into my paypal and find the excact location.

_________________
What is The Viperal ?
Email: viperal1 @ gmail.com

Viperal please enter your server specs in your user profile! Crying or Very sad
Back to top
View user's profile Visit poster's website AIM Address MSN Messenger Yahoo Messenger
BrainSmashR
Heavy poster
Heavy poster

Offline Offline
Joined: May 27, 2004
Posts: 215
Location: Louisiana, USA
PostPosted: Sun May 30, 2004 4:39 pm
Post subject: Re: Paypal
Woot, got my donation block up, so get on over to BrainSmashR.com and make a donation today!!!!


BrainSmashR's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
FreeBSD 4.10/Apache 1.3.33/MySQL4.1.15/PHP4.4.1/Dragonfly9.0.6.1
Back to top
View user's profile Send e-mail Visit poster's website ICQ Number MSN Messenger
submit2s
Nice poster
Nice poster

Offline Offline
Joined: Jun 11, 2005
Posts: 76
Location: USA
PostPosted: Sat Jun 25, 2005 2:17 pm
Post subject: Re: Paypal
DJMaze, do you know if there is a way to incorporate this on the current treasury structure?

I started getting spam after enabling treasury on my site, and I do not know how to factor in nuke sentinel to block the harvest?


submit2s's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Unix/Apache version 1.3.33 (Unix)/MySQL version 4.0.24-standard/version 4.3.11
Back to top
View user's profile Visit poster's website Yahoo Messenger
DJ Maze
Developer
Developer

Offline Offline
Joined: Apr 19, 2004
Posts: 5683
Location: http://tinyurl.com/5z8dmv
PostPosted: Sat Jun 25, 2005 2:31 pm
Post subject: Re: Paypal
PKCS7 (Public Key) is a SSL encryption type.

To generate PKCS7 keys you need the OpenSSL extension in PHP then use commands like

php.net/openssl_pkcs7_encrypt
php.net/openssl_pkcs7_decrypt
php.net/openssl_pkcs7_sign
php.net/openssl_pkcs7_verify

I haven't checked the above key yet to verify if you could write your own pem's to send to PayPal

_________________
There are two paths, the short one and the long one.
When you choose the short path you will notice it takes longer then the long path.
So READ the FAQ and Wiki first Razz

DJ Maze's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Fedora 15 / 2.2.22 / 5.5.20 / 5.3.10 / CVS
Back to top
View user's profile Visit poster's website Yahoo Messenger Photo Gallery
DJ Maze
Developer
Developer

Offline Offline
Joined: Apr 19, 2004
Posts: 5683
Location: http://tinyurl.com/5z8dmv
PostPosted: Sat Jun 25, 2005 2:46 pm
Post subject: Re: Paypal
Update:

i did a search on paypal.com for EWP and in the General Technical Questions forum i found some nice links about it.

paypaltech.com/Stephen.../index.php
paypaltech.com/Dave/ap...wpphp.html


DJ Maze's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Fedora 15 / 2.2.22 / 5.5.20 / 5.3.10 / CVS
Back to top
View user's profile Visit poster's website Yahoo Messenger Photo Gallery
submit2s
Nice poster
Nice poster

Offline Offline
Joined: Jun 11, 2005
Posts: 76
Location: USA
PostPosted: Sat Jun 25, 2005 3:04 pm
Post subject: Re: Paypal
Thanks DJMaze, I have no problem if I was designing a site other than a phpnuke or dragonfly,

I have the latest dragonfly system and not sure how to incorporate this encrypted information or in what file, so that it will not confuse the other modules that pull information from another module.

I rather have sentinel, but not sure how if this has been ported, now i'm getting spam of bogus paypal emails, and i'm sure it is because of the form exposing the addy.

I will try to find the paypal receive email addy in the form and encrypte the email addy, see if that helps, without messing out the form.

Thanks.


submit2s's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Unix/Apache version 1.3.33 (Unix)/MySQL version 4.0.24-standard/version 4.3.11
Back to top
View user's profile Visit poster's website Yahoo Messenger
Display posts from previous:   
Post new topic    Revive this topic    Printer Friendly Page    Forum Index ⇒  Security
Page 1 of 1
All times are GMT

Archive Revive
Username:
This is an archived topic - your reply will not be appended here.
Instead, a new topic will be generated in the active forum.
The new topic will provide a reference link to this archived topic.
 
   Toggle Content User Info

Welcome Anonymous
Nickname
Password
(Register)

   Toggle Content Last CVS commits
· Fixed .ico Expires header.
· Removed domain name from cookies so subdomains wont access them anymore.
· CSS and JS, case insensitives.
· CSS and JS, send correct HTTP 1.1 headers and fixed issues where themes and...
· Further security class improvements.
· 301 redirects on LEO changes
· Option to force 3xx http status codes
· Validate googlebot.com and google.com crawlers.
· CCBot
· Rss with etag and atom.

read more...

   Toggle Content Community

Support for DragonflyCMS in a other languages:

Deutsch
Español

   Toggle Content X-links
UltraEdit Browse Happy logo Firefox MySQL PostgreSQL Valid CSS! Valid XHTML 1.0! Unicode Encoded Badge NukeBiz Resources Raven DragonflyCMS Dedicated Now InsideSupport Lampe Berger

You are seeing squares or questionmarks on this page?

All content of this website is copyrighted by the Creative Commons NC-SA
The logos and trademarks used on this site are the property of their respective owners
We are not responsible for comments posted by our users, as they are the property of the poster.
Our server runs on a P3 1.2GHz with 512MB RAM with no accelerators
Support GoPHP5.org
Interactive software released under GNU GPL, Code Credits, Privacy Policy