Jump to content

Non-customer Malicious Email in Backoffice from site domainwebcentral.org


jjmmortiz

Recommended Posts

I recently I received a malicious email from  www.domainwebcentral.org in my back office, in the "customer service" area in Prestashop 1.7.1.2. The message was sent by [email protected] and some how introduced in the internal messaging system in Prestashop 1.7 Customer Service, an area reserved (I thought) only for communication between authorized employees and registered customers.
 
Any help to prevent these messages would be highly appreciated. 
 
I attach a copy of the message. Thanks for your help:
 
Disclaimer: We are not responsible for any financial loss, data loss, downgrade in search engine rankings, missed customers, undeliverable email or any other damages that you may suffer upon the expiration of www.dcbestmovers.com. For more information please refer to section 17.c.1a of our User Agreement. 

This is your final notice to renew www.dcbestmovers.com: 

https://domainwebcentral.org/?n=www.dcbestmovers.com&r=c 

In the event that www.dcbestmovers.com expires, we reserve the right to offer your listing to competing businesses in the same niche and region after 3 business days on an auction basis. 

This is the final communication that we are required to send out regarding the expiration of www.dcbestmovers.com 

Secure Online Payment: 

https://domainwebcentral.org/?n=www.dcbestmovers.com&r=c 

All services will be automatically restored on www.dcbestmovers.com if payment is received in full before expiration. Thank you for your cooperation.

 

 

 

post-733468-0-17080300-1503241497_thumb.png

Link to comment
Share on other sites

Can you please add this to the bugtracker. This bug is available since years on Prestashop. Messaging forms are stolen/abused by third party. See here my report for PS 1.6. versions, and also for PS 1.4. and 1.5. versions this bug was available.

 

http://forge.prestashop.com/browse/PSCSX-9132

 

Please add there a new report specially for the PS 1.7. version. Thank you. Only on bugtracker the bugs were eliminated in next versions. Developers rarely are reading in here.

Link to comment
Share on other sites

SelectShop.at 

 

I already reported it as you suggested. Here is the link: http://forge.prestashop.com/browse/BOOM-3677

 

Any suggestion on steps  I should take to avoid any security concerns in prestashop 1.7.1.2?

 

Please note this is a fresh, out the box installation, with no customization done to any files, only a module Installation done named Delete Order from MyPresta.eu.

 

Thanks for your help.

Link to comment
Share on other sites

Prestashop 1.7. is still beta in development, I do not suggest you use in production. If you are not a developer and can recode, than you have still to wait for debugging of Prestashop. If you are seller or mounting a page for third parties than take the latest PS 1.6.

 

Se here also discussion about 1.7.: https://www.prestashop.com/forums/topic/566115-prestashop-17-is-now-available/ and

https://www.prestashop.com/forums/topic/480580-want-to-know-more-about-17/page-12

Link to comment
Share on other sites

selectshop.at

 

My shop is new, fresh installation, no products have been loaded yet. I am testing it and security is a concern. How can a scam message get into the customer admin area in this version, how to prevent it?

 

I am posting it to let the prestashop community know of the problem. I have 4 other sites in prestshop 1.6, I have never seen a scam message finds its way to the internal messaging system. 

 

Thanks for your help. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...