Someone Tried To Steal From Me …
I have a Premium Access at my DIYMiniSite.com. It’s a one-time fee of $67. And last night, I caught a transaction trying to buy it for $0.01. And fortunately I have a really cool IPN checking …
The script not only checks for verified Paypal transaction, but also checks the price customers are paying. In this case it’s NOT $67 — so something is wrong.
In case you don’t know this, when you create a Paypal button, others can manually create one too. And they can create one that contains your Paypal email address, your redirection page, etc. And they just have to change one thing - the price. Instead of your selling price, they may change it to $0.01. — And it doesn’t matter where they host this little button. It’ll work even from a Geocities, or even a local computer.
So the normal IPN script is not enough. Your IPN script must also check the price that your customers are paying. In my case, I have something like:
if (($_POST[’receiver_email’] == ‘your_paypal_id@yourdomain.com’) && ($_POST[’mc_gross’] == ‘67.00′)) { … }
He didn’t get the Premium Access. And I may report his ID to Paypal, together with his IP address and the rest of the information.
