Edit History

@venditdevs Thanks for your reply. so If I am understanding you correctly, your analysis of the 'hack' that you saw was someone using the "Back-office URL", "Back-office login" and "Back-office password" you provided in the form above when submitting a support request for a module that was made by prestashop (not a 3rd party)?

p.s. for anyone who is reading this post and is not sure what to do, I would suggest the following as a quick check guide (its not a full guide by any means but should help):
1) Check the files head.tpl and layout-both-columns.tpl (if you know how check your server for any files that have changed recently, if not, ask your host to SSH into the hosting and do this for you)
2) Check your login users and remove any you don't need.
3) Change login details in PS admin
4) Change login URL for PS admin
5) In your admin .htaccess file, add at the top a deny from all but allow your IP:
e.g.

order deny,allow
deny from all
allow from 127.0.0.1

(if you have a dynamic IP, you will need to keep changing the 127.0.0.1 to your IP

6) Chanege your mysql databse login details and update your app/config.parameters.php file to match the new details.
7) Change your FTP login details if you provided these.
8) Do a full security audit.

 

@venditdevs Thanks for your reply. so If I am understanding you correctly, your analysis of the 'hack' that you saw was someone using the "Back-office URL", "Back-office login" and "Back-office password" you provided in the form above when submitting a support request for a module that was made by prestashop (not a 3rd party)?

p.s. for anyone who is reading this post and is not sure what to do, I would suggest the following as a quick check guide (its not a full guide by any means but should help):
1) Check the files head.tpl and layout-both-columns.tpl (if you know how check your server for any files that have changed recently, if not, ask your host to SSH into the hosting and do this for you)
2) Check your login users and remove any you don't need.
3) Change login details in PS admin
4) Change login URL for PS admin
5) In your admin .htaccess file, add at the top a deny from all but allow your IP:
e.g.

order deny,allow
deny from all
allow from 127.0.0.1

(if you have a dynamic IP, you will need to keep changing the 127.0.0.1 to your IP

6) Chanege your mysql databse login details and update your app/config.parameters.php file to match the new details.
7) Change your FTP login details if you provided these.
😎 Do a full security audit.

 

@venditdevs Thanks for your reply. so If I am understanding you correctly, your analysis of the 'hack' that you saw was someone using the "Back-office URL", "Back-office login" and "Back-office password" you provided in the form above when submitting a support request for a module that was made by prestashop (not a 3rd party)?

p.s. for anyone who is reading this post and is not sure what to do, I would suggest the following as a quick check guide (its not a full guide by any means but should help):
1) Check the files head.tpl and layout-both-columns.tpl (if you know how check your server for any files that have changed recently, if not, ask your host to SSH into the hosting and do this for you)
2) Check your login users and remove any you don't need.
3) Change login details in PS admin
4) Change login URL for PS admin
5) In your admin .htaccess file, add at the top a deny from all but allow your IP:
e.g.

order deny,allow
deny from all
allow from 127.0.0.1

(if you have a dynamic IP, you will need to keep changing the 127.0.0.1 to your IP

6) Chanege your mysql databse login details and update your app/config.parameters.php file to match the new details
6) Do a full security audit.

 

@venditdevs Thanks for your reply. so If I am understanding you correctly, your analysis of the 'hack' that you saw was someone using the "Back-office URL", "Back-office login" and "Back-office password" you provided in the form above when submitting a support request for a module that was made by prestashop (not a 3rd party)?

p.s. for anyone who is reading this post and is not sure what to do, I would suggest the following as a quick check guide (its not a full guide by any means but should help):
1) Check the files head.tpl and layout-both-columns.tpl (if you know how check your server for any files that have changed recently, if not, ask your host to SSH into the hosting and do this for you)
2) Check your login users and remove any you don't need.
3) Change login details in PS admin
4) Change login URL for PS admin
5) In your admin .htaccess file, add at the top a deny from all but allow your IP:
e.g.

order deny,allow
deny from all
allow from 127.0.0.1

(if you have a dynamic IP, you will need to keep changing the 127.0.0.1 to your IP
6) Do a full security audit.