Hi, I’m using shoppica 1.0.12 and found this error
Notice: Undefined variable: thumb in /home/apasajabiz/public_html/catalog/controller/module/shoppica.php on line 124
I’m using OpenCart 1.5.2.1
But in shoppica files above, which I’m surely download new themes have the error above. Please advise..
Tq
|
|
Hi,
I assume you see this notice in the error log only and not on your site. It is generated from search engines by crawling non-existing products on your site. The notice is harmless, you can safely ignore it.
We have made the necessary fixes to prevent the notice from showing in the error log. We’ll incorporate the fixes in the next Shoppica update.
|
|
Unfortunately it was found on my site, although I’m sure that Display errors is OFF,
BTW, there is a 0Day hack in the current version of OC is it is hosted on OpenVZ. Mine was hack recently and despite the password are quite secure, the hackers able to bypass my Mod_security and gain access to the root password. Using a backdoor OpenVZ root hack. The hackers did take for granted of OC to hack my site.
Please be careful.
|
|
Can you point us to your site where the error notice is displayed ?
Also, about the OC hack. Is it OpenVZ security issue or OC issue ? Did the hackers gain root access to OpenVZ through OC or the opposite ?
|
|
The hacker have remove my website, what they did is.
They bypass my Mod_sec and after that using a 0Day hack for the OC to get into my OpenVZ SSH (using remote code execution at opencart Core). According to him, he is using private local php heap spray overflow techniques, and gain back connect connection and get into the OpenVZ SSH) So that mean, the OC is hacked first, and they continue to log in to the OpenVZ SSH console using the info from the OC.
I don’t really know how he do it, but definitely he have deface my website.
Now I’m really worried about using the OC.
|
|
Is your hosting platform windows ?
|
|
Nope, I’m using Centos 6.2. Running mod_security 2.6.5 with OWASP 2.2.4,
rkhunter, ossec ids, clamd, csf firewall. And I’m aware of 0Day OC on Windows platform. But never thought of getting hack. According to the hacker, his 0Day hack is unpublished anywhere.
-
This reply was modified 4404 days ago by shaifful.
|
|