Hi there,
We are having a random issue on our site which is baffling me.
On occasions when we go to print an invoice, it will generate an invoice, but for a completely different store on the internet. Its not like someone is trying to modify our own invoice with their payment details, it is a completely different invoice using a completely different layout than what we are using with a completely different currency. With customer details and products that we don't have on our system. Its very odd. The two sites are:
- Enagic.com who also use CS-CART and appear to be a reputable company
- Discount Junction (I can't find a website for these guys, so I have no idea how the invoice is being generated)
I have checked the server logs and there has been no unauthorised access to the system via SSH or any modifications to the source files of the site. I have the source for the site in version control and can pull down a fresh copy.
This doesn't happen with invoices that are emailled to the customer, it appears to have happened only when we select "Print Invoice (PDF)" from the backend. So its good that our customers are not being effected. If this is a hack, I don't understand the purpose of it as the customers are not receiving this content.
The situation is not easily repeatable and only being experienced by one person on the team which made me think that a virus on their computer might be the cause?
I am struggling to think of the cause, but one theory was a DNS issue which caused our domain to point to someone elses? Although it seems a bit of a coincidence that we keep getting other CS-CART sites.
We are running CS-CART 4.2.4
Any ideas? Your thoughts would be greatly appreciated.