Presta shop 1.6.23 Virus

[ron441241]

I upgraded Prestashop from 1.6.20 to 1.6.23. As soon as I did I received a email from the host stating the download had a virus. The virus continues to replicate and change files. Server is sending emails about every 4 minutes with scan results stating infected files.  How do I fix this? Thanks.  I did the auto update. I did not download and install from my end.

[Simonas Invertus]

Can you post report about the virus?

Are you sure it's PrestaShop issue, not theme or third party module?

[PrestaHeroes USA]

I got hacked while living in very small town in Spain, 1.4.6.2 and it really bugged me.  Here I wrote some basic ideas you can maybe follow:

MY PRESTASHOP HAS BEEN HACKED! WHAT DO I DO?

 15 Oct 2017, 10:43  News  el patron Tags: prestashop hack, prestashop malware, prestashop trojan  0 likes 950 views

 

Having your business interrupted by hacking is very stressful.  It’s even worse when you one realize this when Google or other search engine require additional action to access your shop, ‘access at your own risk’. 

FROM HOSTING:

1.        Remove old FTP accounts
2.        Change ALL FTP passwords

CHECK FILE PERMISSIONS:

Optimum Permissions for most content management systems.  These are the recommended settings for PrestaShop (really for any Content Management System ‘CMS’). 

1.        Folders 755
2.        Files 644
3.        .httaccess 664

TIP: If you have difficulty verifying all your shop folders/files contact your hosting company.  They should be able to provide this information for you. 

You must solve shop folder/filer permissions before continuing. 

 

IDENTIFYING CORRUPTED FILES

Check Shop Files with Antivirus

Preparation: Up to date high quality antivirus program running on your local computer.

Take away: a list of any files and their file paths detected by antivirus software.  We will learn how to replace these later with good files.

There are two approaches depending on your internet speed and hosting control panel.

1.        Connect via FTP and download your shop files.  Your anti-virus program should be monitoring these and identify and isolate files.  Make note of files and their file paths identified by your antivirus. 
2.        Non-FTP (download from hosting) to local folder.  If your anti-virus program does not auto detect corrupted files then open anti-virus program and run against that folder.

Ok, hopefully using antivirus program on your local computer you have a list of files and their file path that are known to be harmful. 

REPLACING CORRUPTED FILES

For native PrestaShop files download and unzip files for your version here.  For 3rd party modules and themes you will need either the original source files.

Replace corrupted files.

 

PREVENTION

Having had my PrestaShop hacked in 2013 I wanted a way to know if my shop files had been modified without my permission. 

This promoted me to write  PrestaVault Malware | Trojan | Virus Protection Protects and monitors your mission critical PrestaShop files. Quickly detect and remove unauthorized changes.. 

If detected change was not authorized you can  restore file the module file repository.