The first time, the middle of last week, I simply blew it off. I had an established buyer tell me that when he opened my site and logged in he got taken to someone else's account, had the history, contact info, etc. all shown. The account he was taken to was from someone in South Africa, so I just deleted it.
Then today, another established customer gives me the same story. I get this help desk ticket:
I've just opened up your site to order a tablet and it told me that I was already logged in as 'Tomas' who apparently is this dude:
I had full access to his previous orders, customers, etc.
I've never head of the bloke and only I use my laptop so seems strange. Is there a potential security issue or don't I need to worry?
WTF?
Twice in 5 days, this is not just some crossed wires out in space, there is definitely a problem.
What's the solution?
This just in - another one.
When browsing your site I noticed that I was supposedly logged in as someone called William. How this happened is unknown to me as I have no account here and have no idea who this William is.
To make matters worse his contact details are easily viewable in the account info as well as all the addresses he has sent items to.
I hope this issue can be resolved as quickly as possible as it's quite a bad flaw, especially if it's happening to more users than myself.
What is going on? Been using this cart for years and suddenly this comes up????
When browsing your site I noticed that I was supposedly logged in as someone called William. How this happened is unknown to me as I have no account here and have no idea who this William is.
To make matters worse his contact details are easily viewable in the account info as well as all the addresses he has sent items to.
I hope this issue can be resolved as quickly as possible as it's quite a bad flaw, especially if it's happening to more users than myself.
What is going on? Been using this cart for years and suddenly this comes up????
A Trusted Wholesale Dropshipper
Web Hosting Under $ 5.00 Month! FREE Shopping Carts!
25,000+ Real Wholesale & Dropship Sources!
Thanks, mate
From the server tech - I've removed the Opencart php.ini as it sets a very long session timeout..
I guess we'll see what happens.
I have not seen it myself. In one case it looked like they shared the same IP, but one in South Africa and one in the UK?
Of course, other suggestions are welcome.
From the server tech - I've removed the Opencart php.ini as it sets a very long session timeout..
I guess we'll see what happens.
I have not seen it myself. In one case it looked like they shared the same IP, but one in South Africa and one in the UK?
Of course, other suggestions are welcome.
A Trusted Wholesale Dropshipper
Web Hosting Under $ 5.00 Month! FREE Shopping Carts!
25,000+ Real Wholesale & Dropship Sources!
Well, that was not the answer. Just got this from a buyer -
Thought I better let you know that I have just recieved an email to update my order from last night (the keyboard/cases) and when I clicked the link it took me to someone elses account ! his name is xxxxxx and his address for delivery is :
ccccccc
12456978
Enschede
9874563
Overijssel
Netherlands
This also happened to me with my last order but I just assumed it was some sort of glych but now its happened again I thought I'd better bring it to your attention so you can speak to your tech guys !
The order he was linked to is from April 2011, so it's not something current. It seems random. Also the seller, my customer of that order, placed only one order, ever, that one in April 2011, so it's not mixing up with recent activity.
what is going on here?
Thought I better let you know that I have just recieved an email to update my order from last night (the keyboard/cases) and when I clicked the link it took me to someone elses account ! his name is xxxxxx and his address for delivery is :
ccccccc
12456978
Enschede
9874563
Overijssel
Netherlands
This also happened to me with my last order but I just assumed it was some sort of glych but now its happened again I thought I'd better bring it to your attention so you can speak to your tech guys !
The order he was linked to is from April 2011, so it's not something current. It seems random. Also the seller, my customer of that order, placed only one order, ever, that one in April 2011, so it's not mixing up with recent activity.
what is going on here?
A Trusted Wholesale Dropshipper
Web Hosting Under $ 5.00 Month! FREE Shopping Carts!
25,000+ Real Wholesale & Dropship Sources!
Yeah, bunches of these:
2012-10-03 13:21:00 - PP_STANDARD :: IPN REQUEST: cmd=_notify-validate&invoice=12242+-+my+customer&first_name=M+D&mc_shipping=0.00&mc_currency=GBP&payer_status=verified&payment_fee=&address_status=unconfirmed&payment_gross=&address_zip=ox284eg&address_country_code=GB&txn_type=cart&num_cart_items=2&mc_handling=0.00&verify_sign=APFzBiYnhDkiG2iFWDs4RgnQ8SyhAkzCoLyxkI6du3D.Yw7YMTbfyOGD&payer_id=xxxxxxxxxxxxxxx&option_selection2_1=Black&charset=windows-1252&tax1=0.00&receiver_id=xxxxxxxxxxxxxxx&tax2=0.00&mc_handling1=0.00&mc_handling2=0.00&item_name1=Star+N9000+Android+4.0.3+Smart+Phone+MTK6575+5.0%22+WVGA+Capacitance+Screen+GPS+WIFI+3G+WDCMA&item_isbn1=&tax=0.00&item_name2=Shipping%2C+Handling%2C+Discounts+%26+Taxes&item_isbn2=&payment_type=instant&address_street=xx+nnnnnnnn+Drive%0D%0AWitney&mc_shipping1=0.00&mc_shipping2=0.00&item_count_unit1=0&txn_id=7BCccccccccccccccccccccc&item_tax_rate1=0&item_count_unit2=0&item_tax_rate2=0&mc_gross_1=107.17&quantity1=1&mc_gross_2=2.70&quantity2=1&item_number1=i9220&protection_eligibility=Partially+Eligible+-+INR+Only&item_number2=&custom=ZmNkZ2Y%3D&item_plu1=&option_selection1_1=EU+2+Round+Pin+Plug+..&item_plu2=&business=payments%40turnkeyservices.us&item_tax_rate_double1=0.00&item_tax_rate_double2=0.00&residence_country=GB&last_name=customer&address_state=&payer_email=whatever%40hotmail.com&option_name2_1=MUST+Choose+a+Color&item_model_number1=&item_model_number2=&address_city=Oxon&item_taxable1=N&item_taxable2=N&payment_status=Completed&payment_date=06%3A20%3A52+Oct+03%2C+2012+PDT&transaction_subject=ZmNkZ2Y%3D&receiver_email=payments%40turnkeyservices.us&mc_fee=3.72¬ify_version=3.7&item_style_number1=&address_country=United+Kingdom&item_style_number2=&mc_gross=109.87&address_name=myn+customer&item_mpn1=&item_mpn2=&option_name1_1=MUST+Indicate+Plug+Style&ipn_track_id=8a043262d7110
2012-10-03 13:21:00 - PP_STANDARD :: IPN RESPONSE: VERIFIED
For the last month or so, just line after line of the same sort of thing. The IPN Request and then the IPN Response. But no other problems and the payments go through and the status updates take place.
2012-10-03 13:21:00 - PP_STANDARD :: IPN REQUEST: cmd=_notify-validate&invoice=12242+-+my+customer&first_name=M+D&mc_shipping=0.00&mc_currency=GBP&payer_status=verified&payment_fee=&address_status=unconfirmed&payment_gross=&address_zip=ox284eg&address_country_code=GB&txn_type=cart&num_cart_items=2&mc_handling=0.00&verify_sign=APFzBiYnhDkiG2iFWDs4RgnQ8SyhAkzCoLyxkI6du3D.Yw7YMTbfyOGD&payer_id=xxxxxxxxxxxxxxx&option_selection2_1=Black&charset=windows-1252&tax1=0.00&receiver_id=xxxxxxxxxxxxxxx&tax2=0.00&mc_handling1=0.00&mc_handling2=0.00&item_name1=Star+N9000+Android+4.0.3+Smart+Phone+MTK6575+5.0%22+WVGA+Capacitance+Screen+GPS+WIFI+3G+WDCMA&item_isbn1=&tax=0.00&item_name2=Shipping%2C+Handling%2C+Discounts+%26+Taxes&item_isbn2=&payment_type=instant&address_street=xx+nnnnnnnn+Drive%0D%0AWitney&mc_shipping1=0.00&mc_shipping2=0.00&item_count_unit1=0&txn_id=7BCccccccccccccccccccccc&item_tax_rate1=0&item_count_unit2=0&item_tax_rate2=0&mc_gross_1=107.17&quantity1=1&mc_gross_2=2.70&quantity2=1&item_number1=i9220&protection_eligibility=Partially+Eligible+-+INR+Only&item_number2=&custom=ZmNkZ2Y%3D&item_plu1=&option_selection1_1=EU+2+Round+Pin+Plug+..&item_plu2=&business=payments%40turnkeyservices.us&item_tax_rate_double1=0.00&item_tax_rate_double2=0.00&residence_country=GB&last_name=customer&address_state=&payer_email=whatever%40hotmail.com&option_name2_1=MUST+Choose+a+Color&item_model_number1=&item_model_number2=&address_city=Oxon&item_taxable1=N&item_taxable2=N&payment_status=Completed&payment_date=06%3A20%3A52+Oct+03%2C+2012+PDT&transaction_subject=ZmNkZ2Y%3D&receiver_email=payments%40turnkeyservices.us&mc_fee=3.72¬ify_version=3.7&item_style_number1=&address_country=United+Kingdom&item_style_number2=&mc_gross=109.87&address_name=myn+customer&item_mpn1=&item_mpn2=&option_name1_1=MUST+Indicate+Plug+Style&ipn_track_id=8a043262d7110
2012-10-03 13:21:00 - PP_STANDARD :: IPN RESPONSE: VERIFIED
For the last month or so, just line after line of the same sort of thing. The IPN Request and then the IPN Response. But no other problems and the payments go through and the status updates take place.
A Trusted Wholesale Dropshipper
Web Hosting Under $ 5.00 Month! FREE Shopping Carts!
25,000+ Real Wholesale & Dropship Sources!
OK, debug is done.
I'll get with the server guys, the head tech is scratching his head over this one.
Thanks!
I'll get with the server guys, the head tech is scratching his head over this one.
Thanks!
A Trusted Wholesale Dropshipper
Web Hosting Under $ 5.00 Month! FREE Shopping Carts!
25,000+ Real Wholesale & Dropship Sources!
No update. The server has already been set up as mentioned.
Still a problem, it seems.
Still a problem, it seems.
A Trusted Wholesale Dropshipper
Web Hosting Under $ 5.00 Month! FREE Shopping Carts!
25,000+ Real Wholesale & Dropship Sources!
Who is online
Users browsing this forum: Baidu [Spider], Bing [Bot], Google [Bot] and 11 guests
