Order administrator notification Email

  • Posts: 11
  • Thank you received: 0
4 years 11 months ago #306047

-- HikaShop version -- : 4.0.3
-- Joomla version -- : 3.9.5
-- PHP version -- : 7.0.33

Hello,
Today one of the Order administrator notification emails went to the customer instead of the administrator. Subject "A new order has been created on your website". I checked the settings and tested, it did not repeat the error.

Did it get hacked?

I have a screeshot for you but need it to be confidential. Where can I send it you?

Last edit: 4 years 11 months ago by Mark Saiger.

Please Log in or Create an account to join the conversation.

  • Posts: 81540
  • Thank you received: 13069
  • MODERATOR
4 years 11 months ago #306048

Hi,

I would first recommend to double check via the menu Customers>Email history. There, you get a list of all the emails sent by HikaShop. So you'll be able to make sure of what was sent to who.
Besides some strange custom plugin or email override or weird side effect of some mass action, I don't see how that could be possible.
I don't see why it would be a hack. A hacker would have better things to do than that. Like for example redirect the payments to his bank account, or get all your customers private information, etc.

If you wish to send private information, you can send an email to contact AT hikashop DOT com along with a link to this thread.

Please Log in or Create an account to join the conversation.

  • Posts: 11
  • Thank you received: 0
4 years 11 months ago #306056

Ok thank you Nicolas! I sent an email from my msn.com account.

Please Log in or Create an account to join the conversation.

  • Posts: 11
  • Thank you received: 0
4 years 11 months ago #306057

Also, this may be a part of the issue:
During the last 2 days we have gotten many 503 errors during checkout. That is why I thought of hacking using the resources of the server.
Here is what the error log had:
[26-Apr-2019 14:39:46 UTC] PHP Warning: Invalid argument supplied for foreach() in /home/mysite/public_html/components/com_hikashop/controllers/checkout_legacy.php on line 942

Last edit: 4 years 11 months ago by Mark Saiger.

Please Log in or Create an account to join the conversation.

  • Posts: 81540
  • Thank you received: 13069
  • MODERATOR
4 years 11 months ago #306077

Hi,

Thank you, we got your emails.
What happened is really strange, especially the fact that the same email was sent to the correct email address both before and after the email that was sent to the wrong email address.
So I suspect that there is indeed something dynamically changing the email address for some reason. It's likely a bug somewhere or something wrongly configured.

Did it happen only for one email or did it happen several times ?

I don't think that 503 errors have anything to do with that nor that error message.

First, to be able to identify the problem, the thing that should be done would be to be able to reproduce the issue consistently. There must be something different between that order with the issue and the other orders. If it only happened with one order so far, I would recommend to wait and monitor the next orders to see if you have the issue again and try to find similarities between the orders with the issue compared to the other orders.

Once you get more information on the issue, it will help us understand better the situation and hopefully provide a solution.

Please Log in or Create an account to join the conversation.

Time to create page: 0.062 seconds
Powered by Kunena Forum