We (Old Magento 1.7 shop) have been hacked by someone that filled in there PayPal account as the only payment method available. In the database settings (core_config_data), I was able to retrieve his api_username / api_password / api_signature. But these fields are encrypted. Can anyone tell how they encrypted? They all end in equal signs.
Any change I can hack back by using his API credentials?
If not, can I disable the encryption, so that a future hacker would leave his credentials exposed?
Related: How could I effectively remove PayPal from the software so I can prevent this hack? I tried disabling Mage_paypal module but it still leaves the config options intact. I would like to remove the options from the config.
submitted by /u/bjinse
[link] [comments]