Jump to content

Issue with members being overcharged and strange IP address


Go to solution Solved by tlw1999,

Recommended Posts

Posted

Two members have recently been charged twice for a membership renewal, I can handle this with a refund but it should not be happening.  When I logged in the admin section and checked their membership I noticed a lot of activity of changing memberships which should not be happening as only two are active, the others are not and cannot be purchased or upgraded/downgraded to (I recently changed this after these incidents so they can upgrade from the lesser to the more expensive).  The changes on their account appear to be happening from an IP address in Canada, as we are a UK based company and only accept subscriptions from the UK, I was wondering if you could shed some light on this.  I've done a screenshot which shows the offending IP address but nothing that can identify the member.  Can you help?

Could contain: Page, Text

Changed from Gold to Standard, members cannot do this.

Changed from Standard to Gold, members cannot do this.

Changed again from Gold to Standard, etc you can see how it goes.  The only subscriptions active are Community and Full Member.  Thanks.

Posted

I'm not sure what I am supposed to get from that Wikipedia link.  The activity clearly shows that the IP address is from Canada and it's the same IP address showing on another members account.  I omitted the first IP address as that was correct, but the others are a mystery to me.

Could contain: Page, Text

We have no one from Canada on our site, it is UK only and the two members concerned have stated they have no connection to Canada and they are not using a VPN.

Posted

If your server is running through a reverse proxy, this may explain the IP address the way it is. You will want to contact your hosting provider/server administrator to ask this.

The subscription options listed there are not available to that user on the front-end (or have been removed since) as logging in as the user, I am not seeing them. Did this user previously have one of these subscriptions then removing them from being purchase did you opt to change the subscription?

Posted

Server is with IONOS and located in the UK.

Some users are still on the older subscriptions but they are no longer available to purchase, nor can they change subscriptions themselves.  The only two that are available to purchase are Community and Full, there are still older subscription in use, which we will be removing as soon as we find out what those subscribers want to do, but as of now they are still being billed for them, but they cannot change themselves.

Both users concerned has older subscriptions and asked for a change to one of the active subscriptions.  It's a bit confusing which is why I am trying to get older subscribers moved to the two active ones.  This still doesn't explain the amount of changes going on in their account and from a Canadian IP address.

This is where the IP address resolves to

Could contain: Text, Number, Symbol

Thanks for bearing with me as I'm not that technically minded, it just seems odd that changes are going on that really should not be happening and from this strange IP address.

  • Solution
Posted (edited)

I had an issue along similar lines when I upgraded from 4.3 to 4.7 this week.

Some active subscriptions were cancelled during the upgrade whereas others continued on as normal. It looks like it only affected the long time subscribers who had been continually renewing on an older sub created on a different platform and carried over from a previous conversion. Those subs got cancelled, but ones created on invision seemed to be fine.

Were your older subscriptions created on this platform or converted to invision from something else?

The ip address connected to my cancellations resolved to Australia. And when I clicked on that ip it brought up a list of members whose subs had been cancelled.

See below

Could contain: Page, TextCould contain: Page, Text, File, Webpage

 

Edited by tlw1999
Posted
39 minutes ago, BRIAN MCELDERRY said:

Server is with IONOS and located in the UK.

You would need to double check any questions with your hosting provider, I'm afraid. Simply because your server is one area, doesn't mean they have other areas of their infrastructure involved.

41 minutes ago, BRIAN MCELDERRY said:

Both users concerned has older subscriptions and asked for a change to one of the active subscriptions.  It's a bit confusing which is why I am trying to get older subscribers moved to the two active ones.  This still doesn't explain the amount of changes going on in their account and from a Canadian IP address.

How exactly did you perform this upgrade? 

Posted

Cancelled the old membership and added the user to the new membership - by cancelled I mean I deleted the subscription completely and then added the user to the new subscription.

I am unclear as to what effect where the server is on that IP address going through all those motions of changing subscriptions, it is appearing on other accounts, same IP address.  Basically what I am asking, is there something untowards going on there, for example a hack of some kind.  If this is something normal then I'll just run with it, but it is disconcerting when there appears to be no way of reasoning this out as where that IP address is accessing accounts.

Posted
46 minutes ago, tlw1999 said:

The ip address connected to my cancellations resolved to Australia. And when I clicked on that ip it brought up a list of members whose subs had been cancelled.

I have 22 pages relating to this IP address a lot of them are indeed cancelled or updated subscriptions.  I've always been on the IPS platform, so no conversion from another system.  It just seems weird that the IP address resolves to Canada, could this be something to do with Stripe?

Posted
2 minutes ago, BRIAN MCELDERRY said:

I have 22 pages relating to this IP address a lot of them are indeed cancelled or updated subscriptions.  I've always been on the IPS platform, so no conversion from another system.  It just seems weird that the IP address resolves to Canada, could this be something to do with Stripe?

 

I don't use Stripe, only paypal.

Have you recently upgraded to a newer version? All of my changes happened during an upgrade to 4.7 and there has been nothing since.

I agree that it is unsettling that an unknown ip seems to be able to cancel subscriptions, but I assumed it was a glitch in converting them during the upgrade. 

Posted
8 minutes ago, tlw1999 said:

Have you recently upgraded to a newer version? All of my changes happened during an upgrade to 4.7 and there has been nothing since.

I agree that it is unsettling that an unknown ip seems to be able to cancel subscriptions, but I assumed it was a glitch in converting them during the upgrade. 

Yes we updated to 4.7.3 and this is when it was noticed - I will be updating to 4.7.4 tomorrow and will keep an eye on this and see how it plays out.  Thanks for sharing that information as it has calmed my anxiety down somewhat. 

Posted
42 minutes ago, BRIAN MCELDERRY said:

I am unclear as to what effect where the server is on that IP address going through all those motions of changing subscriptions, it is appearing on other accounts, same IP address.  Basically what I am asking, is there something untowards going on there, for example a hack of some kind.  If this is something normal then I'll just run with it, but it is disconcerting when there appears to be no way of reasoning this out as where that IP address is accessing accounts.

As mentioned several times now, if you are using a reverse proxy, this would explain the IP address and it frequently coming up as you would actually be routed to the reverse proxy first and the reverse proxy's IP address would be used/logged. Only your hosting provider would be able to provide assistance as this is a server-related item.

Posted
3 hours ago, Richard Arch said:

Have you tried clicking on the ip address, it will give you more information and you can click again on the numbers which will tell you who is using that ip or at least give you a clue.

Could contain: Page, Text, Number, Symbol

 

 

 

 

 

I did this and it had the ip address being used by a number of members who I know for certain were not using that ip. In the member history it said 50, and those members all had their subs cancelled during the upgrade. 

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...