Yesterday I tried to login as usual to our adminsite but denied access. I triple verified the password yet I still was denied. Later I tried to access our Cpanel which also did not work.
As it turned out some guy from Pakistan had hacked our store and changed the passwords. Luckily we do not store any cardnumbers so nothing like that was leaked (we have a hosted gateway).
After looking trough the entire store I did find that they had messed with the PayPal settings. Basically redirecting customers to their account.
The field “Email Associated with PayPal Merchant Account” had a totally different email than ours, under “Website Payments Standard”. However we only use Express Checkout. So I replaced the email back to ours and thought that everything was OK. I did however miss to check the Express Settings. Here’s where it gets freaky. The part where you enter the API credentials etc was totally missing (see attached screendump).
Since the fields about credentials and all were missing I did not react. I regret this now. Today I received an order payed with PayPal and voilá… no transaction in our account. I had a look in the database and saw that indeed they had entered their own API keys.
Replacing the keys (which I get from PayPal) in the database using phpmyadmin does not help… that only results in server timeout at checkout.
I want to have my admin section back so I can go through the entire API wizard. How can I get it back? I have uploaded the Mage_Paypal folder into the App folder with no success. Also my host says no activity has been logged on the FTP so no files has been touched?
Does any one more have experience from this?
Click thumbnail to see full-size image