Guest checkout is disabled but guests still able to access to payment method

[mssales]

Hello,

 

I have set Enable guest checkout to No and I am surprised to find out there are guests who are able to access to my payment options for example the Paypal module.

 

I know this because I get some errors from the Paypal module and when I view the Customer carts, I saw some unregistered customers carts, see image.

 

Does this sound like hacking? What can we do?

 

Is there a way to force customers to login to add to cart?

 

Thank you.

 

Edited August 19, 2013 by mssales (see edit history)

[NemoPS]

Hi,

Are you using multistore perhaps? Have you used it in the past? Prestashop version?

[mssales]

Hello Nemo1,

 

I am using v1.5.4.1 and do not use multistores before.

 

I am wondering also if there is a way to execute the Paypal express checkout without going through a Prestashop web site?

 

Are we able to track IP address customers who have place items in their cart? So if we find these carts are suspicious, we would want to block them?

 

Thanks a lot!

[mssales]

I think I have figure out who has trying to executing pages on my Prestashop web site.

 

It's SiteLock's bot.

 

I checked my IP tracking from my hosting provider and discovered SiteLock has been running this line:

 

http://mysite.com/modules/paypal/express_checkout/payment.php?quantity=1%29%20AND%20%286211=6211&id_p_attr=1&bn=FR_PRESTASHOP_H3S&id_product=24&current_shop_url=http:/www.mysite.com/shirts/Product123.html&express_checkout=product

 

So it looks like anyone can use this on any Prestashop website with Paypal module and causing false alerts to be generated.

 

Not sure if we can prevent this or this is something to be improved in the PrestaShop Paypal module?

 

Thanks a lot.