An accidental "backdoor" to a free membership

I have a paid site managed by s2member plugin and CCBill. Someone joined the site, and their registration email (like all of them do) went to the SPAM folder. The chain of events went like this…

– he joins, and doesn’t see the SPAM’d registration email
– he contacts me through my website’s “members” form saying “I wasn’t sent a password”
– he waits for a reply, but I haven’t seen his email yet
– he cancels, assuming I’m ripping him off
– CCBill has not yet charged his creditcard, only approved the transaction
– I see his email
– I reply that i’m sorry he’s gone and for the inconvenience. I hope he’ll give us another try sometime and that I’ll make sure he’s refunded
– CCBill’s system has still never taken a payment
– I call CCBill, and explain. They say “His card hasn’t been charged yet, so no big deal.”
– WHILE I’m talking to CCBill, the guy sees my reply, and decides “Oh, no problem, I don’t mind. I’ll just try the registration now.”
-I have CCBill void the transaction while he’s doing that, not knowing he’s gone ahead and tried it anyway.
– CCBill voids him
– he registers simultaneously

The result: it “appears” that he has access to the site forever, for free since the registration email picked up the ID and original transaction. Without paying, he was granted access with a paid ID#, and since there was no longer any record with CCBill, the system didn’t “red flag” it. He had full member access, but was no longer in the CCBill customer database as a paying subscriber.

All I could think to do is delete him from the database on my site, hoping that would delete his password and thereby stop him from accessing any more of the site than he already had.

FYI.

• This topic was modified 3 years, 11 months ago by  Shawn Barry.
• This topic was modified 3 years, 11 months ago by  Shawn Barry.

Thanks for reporting this important issue.

If this happens in the future, I would generate a Registration Access Link yourself from the Dashboard.
See: Dashboard -› s2Member® -› ccBill® Buttons -› Registration Access Links

---

Also, if you’re having a problem with emails being delivered to the SPAM folder, I would suggest that you contact your hosting company to find out if your server has been blacklisted in some way. Maybe there is something they can do for you. Another option would be this plugin (WP-Mail SMTP), which can work with an offsite mail server that can do a better job of getting mail delivered to your customer’s inbox.

Thanks Jason. I’ll look into the email adjustment you suggested.