ncyoung.com

A client who uses Authorize.net started seeing a bunch of one cent transactions show up in their merchant interface. There's no way for someone to buy something for a penny at the site, so this was troubling.

We immediately changed the site passwords and the authorize.net account passwords. I audited the scripts to make sure that no-one had changed anything (made a bit harder to do by a recent design update of the site). I updated the scripts to use authorize.net's newer protocol which allows for an MD5 hash to be attached to the transaction as it is sent from our server to the authorize.net server.

I never did figure out exactly where the 1c transactions were coming from, which is a tiny bit troubling. But they have stopped.

As for the why, I can only think that someone had a big batch of stolen credit card numbers and was trying to figure out which ones were good accounts. We live in interesting times.

Moved Perl Ecommerce package and associated file to a new server.

Modify scripts to use Perl mail module rather than sendmail system call.

Setup Apache URL rewriting to provide an easy URL for product pages both for human visitors and for search engines.

Authorize.net had stopped supporting an older version of their protocol which the site used. So I updated the site to use the then-current equivalent.

A short time later we began having problems with that equivalent (which authorize.net is now phasing out because of security problems). See The Mover's Friend Authorize.net Security Update

Software that allows faculty to create and automatically grade on-line quizzes.

started: 1998-06-01

Ended: 1998-07-01