indus

Hi All, I did open a report on github, but they said its a different bug, not related to the spam registrations. I took their suggestion and installed eicaptcha and it seems to work fine. https://github.com/PrestaShop/PrestaShop/issues/14627

Hi There was some brief period after the patch when this had stopped, but the robots seem to have discovered new vulnerabilities in the code,. and the spam is massive now. Kindly let me know how to report this

Hi All, I have tried upgrading, manually adding the fix from doekia, and also downloading a fresh install of prestashop and replacing the validate.php and customer.php files. The spam continues. Any suggestions are highly appreciated.

From this reply by El Patron in this thread https://www.prestashop.com/forums/topic/541673-malicious-code/?p=2363762 1.Download the entire directory of your web root to your local desktop machine and run a malware scan on it. These are pretty good in detecting malicious code in your files. There are no good free tools to do the same on your server. 2.Update all software to the latest version 3. Cut off external access to your website if possible. You need to contact your host or do it yourself if on a VPS. 4. Remove unused modules and stray files lying around on your server - This is really important along with step 2. I had this issue where even after patching a recent theme vulnerability , malicious code kept getting placed on my server root and other places. Turns out i had an unused module ( image slider - why am i not suprised ) which had a similar issue as my vulnerable theme. Both image upload or content upload without validation . 5. Monitor traffic via analytics. This will point you to some file on your web server which the attacker might be trying to access and not part of standard prestashop installation. You should monitor traffic for the next few days for any such behaviour. 6. If you have VPS access, check your apache access logs for hits to strange file types or names. 7. Manually scan each folder for suspicious files placed by the attacker. This will let other users view your files, passwords in config files etc etc.Some files might be a mail config program designed to spam emails to users. 8. Change all passwords [ Database, admin backoffice, etc etc ] after you are reasonably sure all the suspect code has been cleaned. If you still have doubts, use professional help like El Patron;s solution which should be a safe bet if you choose that option.

I compared files with the original prestashop folder i downloaded, and there are a lot of base64 code in the original also.

Yes, i think you need to move the prestashop installation to root folder to get rid of install in the URL. Or try this https://www.prestashop.com/forums/topic/18393-solved-move-prestashop-from-subfolder-to-root/

Seems to be correct.

You can take a backup of the old file classes/controller/AdminController.php, then copy the entire contents from this link if thats easier > https://raw.githubusercontent.com/PrestaShop/PrestaShop/7e891c594e3cc8b48aea0a57ed674189abc19493/classes/controller/AdminController.php The link i gave you before is lines you need to add in green, and ones to comment out highlighted in red.

Please go to your backoffice > preferences > seo and change the settings as i suggested. Then try again with only italjet.dk and see if it opens homepage.

Hi You have to set the path of your install to http://italjet.dk/install in backoffice > SEO , and enable friendly URL's.

https://www.prestashop.com/forums/topic/393218-16011-problem-with-saving-products/?p=2141635

Hi Olafur Can you try this : https://www.prestashop.com/forums/topic/393218-16011-problem-with-saving-products/?p=2141635 Follow that thread for possible alternative suggestions if the above doesnt work. This fix worked for me. Make sure you clear browser cache before trying to save again.

Hi Yes, i agree, all BO pages are also loading much faster after the fix.

The forums might be a good place to find answers to questions for many problems which other users might have faced or are facing, but it has been said many times that if you are stuck without a solution, the forge is the right place to file a bug and wait for the solution. The github link i posted above was given to be by one of the developers of Prestashop, and they actually have replied pretty soon to bugs i have filed in the last 4 years i have been using Prestashop. I remember the block layered navigation, one of the best features of Prestashop which had so many bugs at launch, but the devs would address so many bugs taking remote FTP access and paying individual attention to all of these bugs. As far as this bug is concerned, what is interesting technically to me is, i never had this issue till i upgraded to 1.6.1.1, all the other versions before this worked fine. Some of you had problems with the save button since January on older versions. Hmm...

My problem with the spinning save buttons is solved after i applied this commit : https://github.com/PrestaShop/PrestaShop/commit/7e891c594e3cc8b48aea0a57ed674189abc19493 Loads in around 3 - 5 seconds now.