Mystery webhook: /?listener=stripe

  • Resolved johnatthepaper

    (@johnatthepaper)


    3 years, 4 months ago

    (Domain names changed to protect the guilty.) We use the WooCommerce Stripe Payment Gateway and my understanding is that it uses https://example.com/?wc-api=wc_stripe for all its knowing-what-Stripe-did needs. (Is that correct?)

    About 9 days ago we started getting emails about a webhook at https://example.com/?listener=stripe failing. And it indeed gets a 404. But I can’t figure out what wanted it. And if a human with access to our Stripe account had to log into Stripe and add that webhook, all I know is that it wasn’t me. But something or someone must have wanted it.

    Does anyone recognize it? Did the WooCommerce Stripe Payment Gateway once use /?listener=stripe and maybe stopped with a recent update (say, around November 9, 2021)? Or does anyone know some other plugin that uses that webhook?

    To the best of my knowledge, WooCommerce Stripe Payment Gateway is the only thing on our site that would have needed to know about our Stripe transactions, but maybe I’m wrong about that. O maybe some malicious plugin was sneakily spying, or .. I just don’t have any idea and am grasping at straws, so I’m hoping someone says, “Oh, I use product X and it uses that webhook,” and then I’ll slap my forehead and say “oh, I deactivated product X” but no way it’s going to be that easy. ??

Viewing 3 replies - 1 through 3 (of 3 total)

  • This seems unrelated to this plugin. It’s either from another plugin, something configured in your Stripe account, or an attempt to hack your site.

    Once you’ve eliminated the first 2 options, look at your raw access log (ask your hosting support if you’re not sure what that is) to find the IP and HTTP referrer used. Then, you can block them (again, hosting support can help).

    mother.of.code

    (@imazed)

    The Mother of Code

    Hi @johnatthepaper – I’d like to echo what @galbaras has said above. This isn’t coming from the WooCommerce Stripe plugin, I’m afraid. It’s a good idea to run a conflict test: https://docs.woocommerce.com/document/how-to-test-for-conflicts/

    We haven’t heard back from you in a while, so I’m going to mark this as resolved – we’ll be here if and/or when you are ready to continue.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Mystery webhook: /?listener=stripe’ is closed to new replies.

Tags