corwindev | Stripe Developers | Page 1

burnt micaBOT Jul 25, 2023, 8:59 AM

#

severe plover Jul 25, 2023, 9:00 AM

#

How are they being created? Can you share an example cus_xxx ID?

hollow sand Jul 25, 2023, 9:01 AM

#

#

https://cdn.discordapp.com/attachments/1076536506145050755/1133323048456573008/image.png

severe plover Jul 25, 2023, 9:04 AM

#

Can you paste the ID

hollow sand Jul 25, 2023, 9:05 AM

#

cus_OK6AmYzDTkPam8

severe plover Jul 25, 2023, 9:06 AM

#

Looks like you use some kind of plugin? https://www.whmcs.com/

WHMCS | Web Hosting Automation Made Easy

hollow sand Jul 25, 2023, 9:06 AM

#

severe plover Looks like you use some kind of plugin? https://www.whmcs.com/

Yes

#

Using whmcs stripe

severe plover Jul 25, 2023, 9:07 AM

#

Hmm, your hands are likely tied from our perspective

#

Those requests are initiated by I assume that plugin if the user performs some kind of action. Normally you could re-roll your secret key if it had leaked, but that's not the case here

#

Equally I doubt restricting API key access by IP address will help. I'd recommend speaking to your hosting provider/plugin creator (https://stripe.com/docs/keys#limit-api-secret-keys-ip-address)

API keys

Use API keys to authenticate API requests.

burnt micaBOT Jul 25, 2023, 9:10 AM

#

hollow sand Jul 25, 2023, 9:22 AM

#

Okayy, so just contact WHMCS about this?

icy sage Jul 25, 2023, 9:27 AM

#

👋 taking over for my colleague. Let me catch up.

#

yes I guess that's the only choice you have here

hollow sand Jul 25, 2023, 9:37 AM

#

But what can they do?

icy sage Jul 25, 2023, 9:50 AM

#

the plugin maintainers need to do some work from their side

hollow sand Jul 25, 2023, 9:52 AM

#

And what work

icy sage Jul 25, 2023, 9:53 AM

#

that's for them to do, if they need help they will reach out

hollow sand Jul 25, 2023, 9:57 AM

#

Okay, thanks

#

One last thing, can you delete those fake customers?

icy sage Jul 25, 2023, 9:58 AM

#

you can

#corwindev