Post by PicWorks » Tue Nov 17, 2009 11:49 pm

Hi,

I have just installed Open Cart for someone and he is getting the following issue:

When trying to upload an image for a product an error was made which was that the image was in tif format rather than jpg. After the upload failed a new product appeared which was not added by him. The title of the product was Test1 and it included a totally unknown image. The first time it was a jetty stretching out in to a blue lake, next time it was Monument Vally... He made a few mistakes, I checked the images folder in his account to find a few images that appeared when there was a mistake with uploading images.

The question is where are they coming from???? Is this system secure.

Obviously this is of great concern so any advice would be welcome.

Newbie

Posts

Joined
Tue Nov 17, 2009 11:36 pm

Post by Daniel » Wed Nov 18, 2009 12:17 am

There is no security problem with opencart.

Your client is obviously doing something wrong or your just making the whole thing up.

do you have a link to this site?

DON'T POST TITLES ALL IN UPPER CASE UNLESS YOU WANT TO BE BANNED!!!!

OpenCart®
Project Owner & Developer.


User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by PicWorks » Wed Nov 18, 2009 12:37 am

Hi Daniel,

He is not making this up, I saw it for myself. He was complaining about not being able to upload image so I logged in and talked him through it. He swore blind he was uploading jpgs but on further investigation they were not. As he tried while on the phone to me I could see these 'test 1', 'tes 2' etc. products appearing (on refreshing the browser).

His site can be found at: http://www.thamesphotomemories.co.uk/

The 'test' products and the images have been removed by me I'm afraid so there is nothing to see. I have a demo version installed which I am going to test. I'll get back to you when done.

Newbie

Posts

Joined
Tue Nov 17, 2009 11:36 pm

Post by amplifywebdesign » Wed Nov 18, 2009 1:04 am

First off it is doubtable that a hacker would try and create test products as a way to compromise the site.

You sure he just doesn't mean the pictures because if you upload with images with the same filenames it will overwrite them without prompting you.

User avatar
New member

Posts

Joined
Sat Aug 22, 2009 1:56 am
Location - Sheffield & North Wales

Post by PicWorks » Wed Nov 18, 2009 1:35 am

amplifywebdesign wrote:First off it is doubtable that a hacker would try and create test products as a way to compromise the site.

You sure he just doesn't mean the pictures because if you upload with images with the same filenames it will overwrite them without prompting you.
While the customer was going through the process he was telling me what he was doing and typing because he had become frustrated by the fact he could not add the product and image. This of course turned out to be because of 'tif' instaed of 'jpg' but he did not add 'test' as a title or anything else. He typed in a unique product name filled in the required fiels and tried to ad the product and image. Because the image was a tif adding of the product failed without any notices. When I refreshed my browser to see if he had added the product a 'test' product appeared with an image which he says is not on his computer, it is not on mine and I cannot imagine where is is coming from.
He only has 6 products online and I had to help him form the very first, so I donot believe anything was overwritten.

As I said in a previous post I have a demo install I am going to try it there myself and report back.

Newbie

Posts

Joined
Tue Nov 17, 2009 11:36 pm

Post by PicWorks » Wed Nov 18, 2009 1:53 am

Hi,

I have tried to replicate the issue on both a demo account and by logging in to the client's account and and adding a product in the normal way and using a 'tif' file instead of 'jpg' myself.

On both occasions I failed with the upload and no 'test' product with stray image was added. I can only think it is something strange with his setup! The question I suppose, is what is going on? Why when a product being added fails in his setup does another image appear and why is the added product renamed to 'test'?

Could this be that there is some type of virus on his computer (Mac laptop)! But still, why the renamed product!

I am baffled, I will advise the client to have his Mac scanned for viruses/spyware etc. Although as a Mac user myself I think this is unlikely to be the problem.

Newbie

Posts

Joined
Tue Nov 17, 2009 11:36 pm

Post by Daniel » Wed Nov 18, 2009 2:04 am

Coud it be you have deleted the test products by clearing the product table but not the product_description table?

OpenCart®
Project Owner & Developer.


User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by PicWorks » Wed Nov 18, 2009 2:26 am

The products were removed via the admin area by selecting them and clicking the delete button. However, none of the images that appeared with these 'test' products had ever been uploaded (intentionally).

I will as a matter of course take a look through the database anyway.

Newbie

Posts

Joined
Tue Nov 17, 2009 11:36 pm

Post by Qphoria » Wed Nov 18, 2009 2:57 am

All teh same.. I don't think a hacker came to your site to add test products. It's likely the client doesn't know his ass from a hole in the ground.. Since the issue is resolved, just move on.

Image
Donate!|OpenCart Basics|GeoZones
Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by PicWorks » Wed Nov 18, 2009 5:52 pm

Just a quick update.

As a matter of course I have checked the database and all seems ok! I have a tendancy to agree with Qphoria and that is that my client has a problem not the software.

Many thanks for all replies - they are appreciaied, but like the man says... time to move on.

Newbie

Posts

Joined
Tue Nov 17, 2009 11:36 pm
Who is online

Users browsing this forum: Google [Bot] and 53 guests