wenzas Posted August 18, 2016 Share Posted August 18, 2016 Hello, last two weeks I've spent by analyzing someone hacking our server and reconfiguring prestashop on different hosting, while hacker reproduced attack on different server too, so obviously it wasnt about our hosting but Prestashop security problem... Here is the backstory: One day arrived email that we will get banned our server by our server housing company and then we also get to spamlists of many "spam" servers becose of sending about 61 emails/second ... Later we found out its prestashop that we host for our friend who is sending the mails, after some inspection we found out that there are files on server which we havent uploaded... The attacker somehow was able to upload file up.php into root folder... up.php is simple program containing code below: *Removed Where you can see exactly what is happening... We are open to provide whole prestashop folder, apache and other logs since I backed up folder before migrating to different server becose we tought I setted up something wrong and also that we dont trust prestashop to be hosting it... Also after reinstalling from clean with only database import from the old shop hacker noticed we changed server and reinstalled and then replicated the hack. So we are sure its prestashop or some of the modules. Shop feels as working, right now it feels we have problem with mailalert module, which doesnt necessarily needs to be hacker's fault. The problem is that he basically uploaded PHP file to our server via prestashop so he can right now play with whatever he wants. Are you interested into further inspection? What files ( only privately to prestashop development or support team - it contains our original photos etc.) will you need? Thank you, Vaclav Link to comment Share on other sites More sharing options...
endriu107 Posted August 18, 2016 Share Posted August 18, 2016 hi, did you read this topic: https://www.prestashop.com/forums/topic/544579-major-security-issues-with-few-modules-and-themes/ ? Link to comment Share on other sites More sharing options...
wenzas Posted August 18, 2016 Author Share Posted August 18, 2016 hi, did you read this topic: https://www.prestashop.com/forums/topic/544579-major-security-issues-with-few-modules-and-themes/ ? Hey, Im sorry I havent found the topic before, Im going to reinstall photoshop, update Attribute Wizard (which is probably the problem) and then let you know here. Thank you, Vaclav Link to comment Share on other sites More sharing options...
endriu107 Posted August 19, 2016 Share Posted August 19, 2016 In forum also was topic about smartblog module, if you use it you need to update it too. Link to comment Share on other sites More sharing options...
vekia Posted August 20, 2016 Share Posted August 20, 2016 as usual - the breakpoints are in modules, prestashop core itself is well securedif you've got some logs that shows the problem is in core - share a little more info, it will be helpful for community, especially for those focused on security Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now