Well I was hoping when I purchased this peace of art that it will protect me at all times and it did. Yesterday someone signed up on my site , paid and went ahead and changed email adress and name. Than reported to paypal that this was a fraudulent activity and that someone stole his paypal account. With help of amember I was able to provide paypal fraud departmant with, ip adress, time loged in, actual name who paid, name change evrery single detail this person did on my site. Than I was able to block both emails, username, IP adress which helped me stoping this junk from further downloading products from my site. Trust me if I was using any other paymant system or just paypal I would never be able to find this person. Joomla was also fulled as it was not able to find the original person anymore. My suggestion to anyone. 1.Do not let users change anything in account accept their password. 2.Set you password generator on because in order to login they have to get that email. 3. Turn off automatic login and change text from "Thank you for joining you can log in now" To " You will receive email with your new password" THANK YOU ALEX!
Hi, The most important is to view your server logs. This is available in any account and you do not need a server. Any fradulent activity is registered in there, provided it is activated in the correct manner. This would also help to track what other malicious activities one did on the website. The Access log in aMember simply provides you a small part of it. Yes, I highly recommend to turn off the automatic logins where money is involved. Password generator is not all that necessary because one registered email address exists, the user will have to activate his account. The actiation key is by itself a password, an additional one other to the one an user chose.
Small update. Paypal just gave me my $$ back , so now let say the guy did not do real damage , I have the $$$ and he or she is blocked
I purchased aMember for 3 different site and highly recommend it to all my friends. I never user aMember with PayPal. my current gateway charges me a monthly fee only when I have transactions, but I am thinking some a-la-cart upgrades and price them low enough. I was thinking PayPal would be a better choice until volume picks up. Personally I don't like PayPal, but am open to give them another try. Any tips I need to know before I jump in? BTW any news when v. 3.0.9 of aMember may be released? I'm still on 3.0.7.
Go to Setup/Configuration --> Advanced --> then change it where it says "User can change the following fields"
I don't understand what is the risk of having the automatic logins turned on. Can someone explain me? Thanks!
This script canNOT save you from fraud with paypal. Paypal will not get involved in virtual goods or subscriptions. They will refund the money and wash their hands of it, it was explained to me that if they do not refund the money they risk a chargeback fee. So if you do not ship a real tangible item you better manually approve all new paypal users otherwise they will rob you blind. Paypal is the worst payment system on the planet for fraud, Google is a very close second. If you are going to do high volume just get your own merchant account, sign up for a gate way (Authorize.net), and use Maxmind Anti-Fraud services. I set this up ad I only had 1 chargeback that we had to fight and we won just because we used MaxMind and the built in Anti-Fraud from Authorize.net. Again this is high volume site, I bill between 1250 to 1900 a day depending on the day of the week etc.
Hello everyone, I'm helping setup a whole Moodle-aMember teaching site using Paypal temporarily until we can get a real Credit Payment Gateway. This is a great article talking about what can happen. Looking through the aMember logs, I cannot find where all these logs about user changing their details are. Where are these details logs about user activity? I can only find IP address and what pages they visited. Thanx.
Authorize.net works great with any merchant account. Make sure you get the city service with maxmind. Seems like a lot of sign up and money going out but it iw well worth it. I have not had one error with authorize.net it has always worked flawlessly! Moneybookers is good too if you do not use their credit card option then their rates are ok and it works without issue either
I too would like to know what's the harm in auto-logins. And I think it would frustrate customers to sign up and then need to check email for their password.