Prestashop 1.7.8.6 - hacket??

[966972_1508426717]

Today at 01.52 was some file, picture and pdf file changed on our server. How is that possible and how to stop it?

 

[ComGrafPL]

Turn on maintenance mode and scan www.prestashop.com/forums/topic/1067200-hack-prestashop-sur-la-page-de-paiement-nettoyage/, fix it and update to latest 1.7 version. Also consider cloudflare.

[966972_1508426717]

Hi there are module here, do it work??

https://addons.prestashop.com/en/search?search_query=cloudflare

I dont understand French...

 

[El Patron]

After you recover (restore?)  you can use my module written when my 1.4 shop got hacked.  Once installed it will monitor your shop files and detect 'any' change rnd send an alert.  You can then action by:  restoring the file from vault |  commit trusted change to vault.  

https://prestaheroes.com/collections/all-modules/products/prestavault-malware-trojan-virus-protection

immunavy is good to have on your hosting, for plesk but may be one for cpanel.

 

What to do immediately

Change all passwords

• PrestaShop back office users
• FTP / SFTP
• Hosting panel
• Database user
• Scan for modified files
• Compare timestamps vs backups

Look for:

• Unexpected .php files
• PHP code inside /img, /upload, /pdf
• Modified .htaccess
• Lock down permissions
• Files: 644
• Folders: 755

Disable unused modules

• Especially old or unmaintained ones
• Remove modules you “might use later”

Note: AI is excellent in reading and reporting log issues.

Check logs

Access log

Error log

ModSecurity log (if enabled)

Look for POST requests to upload endpoints

[Mediacom87]

Hi,

Some reading material to help you secure your website.

https://www.mediacom87.com/post/security/