This topic has 2 voices, contains 6 replies, and was last updated by  shaifful 4404 days ago.

Error Notice: Undefined variable: thumb

ThemeBurn SupportForumsOpenCart ThemesShoppica OpenCart ThemeError Notice: Undefined variable: thumb

This topic has been marked as not resolved.

Hi, I’m using shoppica 1.0.12 and found this error
Notice: Undefined variable: thumb in /home/apasajabiz/public_html/catalog/controller/module/shoppica.php on line 124

I’m using OpenCart 1.5.2.1
But in shoppica files above, which I’m surely download new themes have the error above. Please advise..

Tq
 shaifful
April 24, 2012 at 4:42 am #8276

Hi,

I assume you see this notice in the error log only and not on your site. It is generated from search engines by crawling non-existing products on your site. The notice is harmless, you can safely ignore it.

We have made the necessary fixes to prevent the notice from showing in the error log. We’ll incorporate the fixes in the next Shoppica update.
 TB Support
April 26, 2012 at 11:40 am #8348

Unfortunately it was found on my site, although I’m sure that Display errors is OFF,
BTW, there is a 0Day hack in the current version of OC is it is hosted on OpenVZ. Mine was hack recently and despite the password are quite secure, the hackers able to bypass my Mod_security and gain access to the root password. Using a backdoor OpenVZ root hack. The hackers did take for granted of OC to hack my site.

Please be careful.
 shaifful
April 26, 2012 at 11:51 am #8349

Can you point us to your site where the error notice is displayed ?

Also, about the OC hack. Is it OpenVZ security issue or OC issue ? Did the hackers gain root access to OpenVZ through OC or the opposite ?
 TB Support
April 26, 2012 at 12:04 pm #8350

The hacker have remove my website, what they did is.
They bypass my Mod_sec and after that using a 0Day hack for the OC to get into my OpenVZ SSH (using remote code execution at opencart Core). According to him, he is using private local php heap spray overflow techniques, and gain back connect connection and get into the OpenVZ SSH) So that mean, the OC is hacked first, and they continue to log in to the OpenVZ SSH console using the info from the OC.

I don’t really know how he do it, but definitely he have deface my website.
Now I’m really worried about using the OC.
 shaifful
April 26, 2012 at 1:02 pm #8351

Is your hosting platform windows ?
 TB Support
April 26, 2012 at 1:17 pm #8352

Nope, I’m using Centos 6.2. Running mod_security 2.6.5 with OWASP 2.2.4,
rkhunter, ossec ids, clamd, csf firewall. And I’m aware of 0Day OC on Windows platform. But never thought of getting hack. According to the hacker, his 0Day hack is unpublished anywhere.

  • This reply was modified 4404 days ago by  shaifful.
 shaifful
April 26, 2012 at 1:52 pm #8353
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.