Jump to content
inowgsm

Security issue - Mega Menu

Recommended Posts

Hello guys,

It just came to my attention that the module for which I have paid entitled very "responsive" Mega Menu is in fact missing some lines in the EVAL.Php function, thus generating a backdoor for Obfuscation.F Trojan, which adds permits the hacker to access the header, thus the file system and to add a b374k.php backdoor.

Did this happen to anyone before?

Share this post


Link to post
Share on other sites
1 hour ago, inowgsm said:

Hello guys,

It just came to my attention that the module for which I have paid entitled very "responsive" Mega Menu is in fact missing some lines in the EVAL.Php function, thus generating a backdoor for Obfuscation.F Trojan, which adds permits the hacker to access the header, thus the file system and to add a b374k.php backdoor.

Did this happen to anyone before?

Have you purchased these modules in Addons?

Share this post


Link to post
Share on other sites
1 hour ago, inowgsm said:

Hello guys,

It just came to my attention that the module for which I have paid entitled very "responsive" Mega Menu is in fact missing some lines in the EVAL.Php function, thus generating a backdoor for Obfuscation.F Trojan, which adds permits the hacker to access the header, thus the file system and to add a b374k.php backdoor.

Did this happen to anyone before?

Hi,

do you mean this theme ? https://waterthemes.com/neutral/14-home-appliances-prestashop-theme.html I have a theme module with the same mega menu functionality i guess (it's name is : WT Megamenu v1.1.0

But I don't have any eval string in the filenames or contet.

Maybe you got hit by some other backdor or outdated module or FTP password manager leak.

 

Share this post


Link to post
Share on other sites
1 hour ago, prestowicz said:

Hi,

do you mean this theme ? https://waterthemes.com/neutral/14-home-appliances-prestashop-theme.html I have a theme module with the same mega menu functionality i guess (it's name is : WT Megamenu v1.1.0

But I don't have any eval string in the filenames or contet.

Maybe you got hit by some other backdor or outdated module or FTP password manager leak.

 

Thank you so much for your useless information. No, I wasn't "hit" by another "contet". Also, your WT Megamenu V1.1.0 is not the same as Responsive Mega Menu Pro which is listed on the Addons Prestashop and under Envato's ThemeForrest. I do appreciate the fact that you took the time to advertise your website and took time to add even HTTPS so it won't let Google quote without :).

 

Short notice: GO away. And yeah, I can read logs and yeah, I've been learning Linux for the past 20 years. I know a breach when I see one, also Smart Blog is hacked, also Every Other time of Forum thing from Prestashop is vulnerable to b374k.php

 

So, my little friend, go and learn Php the way it should be learned. See that you have a Github link and you can learn this method which works only on Prestashop.

 

Thank you and stop messaging here as I do not want your resolution.

Share this post


Link to post
Share on other sites

Yes there was some security issues in 2016 mostly with themes and Addons from ThemeForest but some native modules too

here is one topic 

other that explained bit more have been deleted.

In short modules that have some upload options, usually images got security issue.

Do read http://iqit-commerce.com/securityhotfix/ guide have good description how to find and clean

all files. Some users also had issues if that if Wordpress or Drupal was on same server and those were

initially hacked.

 

And inowgsm do try to be polite to other users, people try to help how ever they can.

 

Share this post


Link to post
Share on other sites

Same issue here, same responsive mega menu, and same b374k.php exploit... A shame we paid for this module...

As far as we went, it seems they installed a module to do some fishing...

Edited by th0riz0 (see edit history)

Share this post


Link to post
Share on other sites
2 minutes ago, th0riz0 said:

Same issue here, same responsive mega menu, and same b374k.php exploit... A shame we paid for this module...

I know. Weird is that an idiot above called me stupid before even checking facts. Envato closed the contributer account due to this backdoor. I even have an email with confirmation and server logs as a proof.

 

buuut, Prestashop doesn't give a rats ass about its users! Gj Presta! We love u! 👌🏼

Share this post


Link to post
Share on other sites

 

On 11/20/2018 at 6:24 AM, inowgsm said:

Hello guys,

It just came to my attention that the module for which I have paid entitled very "responsive" Mega Menu is in fact missing some lines in the EVAL.Php function, thus generating a backdoor for Obfuscation.F Trojan, which adds permits the hacker to access the header, thus the file system and to add a b374k.php backdoor.

Did this happen to anyone before?

Hi remember this is a community where we share.  it would be great if you could provide the detail and fix for other community members and then go chase down the developer for less positive karma remarks.  We need community members with skillz and you say you have them,  show us! lol 

Also to be perfectly honest buying a megamenu is so PS 1.4.  All high quality themes now come with built in menu systems and loads of other features so rarely is there reason to buy a stand alone module for base shops.  Also we never buy from anywhere but addon's anymore as dev keep those up to date but may no on 3rd party resellers.  

so show us your mad skillz and how to fix and you can go beat the dev around the head and neck as  you please.

Edited by El Patron (see edit history)
  • Like 2

Share this post


Link to post
Share on other sites

The validator on addons is checking that "eval()" is not used in templates and in PHP code. It is not allowed 🙂

  • Like 1

Share this post


Link to post
Share on other sites
16 minutes ago, ttoine said:

The validator on addons is checking that "eval()" is not used in templates and in PHP code. It is not allowed 🙂

another 'great' reason to buy from addon's...

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More