[Free Module] Advanced Security Module

May 3, 2019

PrestaShop Module: Security Lite

With this module the risk of getting hacked is decreased. You should always care about security. By using this module, you add another layer of security to your PrestaShop website, that will benefit you in case someone tries to get unauthorized access.

I did not add settings that are obviously already covered by PrestaShop core with another technique, but when that it said, if some technique having more layers is good practice, I added those extra layers of security.

Here are the features you will have with this FREE module:

Brute force protection
Analyze HTTP headers
Block custom list of IP addresses
Block custom list of user agents
Ban IP’s
Automatic backup database
Generate strong passwords
Fix insecure permissions
Remove malicious files
Disable right click
Disable right click for images only
Check your shop for all known vulnerabilities

Download it here (v. 4.5.1): securitylite.zip

The installation of Security Pro is 100% according to PrestaShop's standards.

For PrestaShop 1.6.1.x and thirty bees 1.x.x Login into your shop's back office Go to "Add a new module" Click on "Choose a file" Browse for the module Click on "Upload this module" Look for the module and click "Install".

For PrestaShop 1.7.x.x Login into your shop's back office Go to "Modules & Services" Click on "Upload a Module" Browse for the module Upload and install the module.

The code quality is high and follows PretaShop's guidelines. The code is optimized for performance and security.

The module does not use overrides and none of the core-files are modified, so you are completely safe against conflicts between other modules.

Works on all major server software (Apache, Nginx, LiteSpeed, etc.). Works on PrestaShop 1.6.1.x, 1.7.x.x and on thirty bees 1.x.x. Works on PHP 5.6.x, 7.0.x, 7.1.x and 7.2.x.

Everything is very well tested. No known bugs exist and the module is battle tested! The module is already in production on many stores.

Raw screenshot:

Explanation:

Edited May 12 by MathiasReker
New major version (see edit history)

May 4, 2019

If you have suggestions for new features, please let me know in a comment. 😀

May 5, 2019

Hello.

I have review your module a little and I have an advice for an improvement and a report for an issue.

1. Will be good, if you add to your free version of the module the functionality to check security vulnerabilities that are known from CVE. This is my free and open-source library, that you can use on your free and paid module versions both: Security vulnerability checker

2. In your SecurityLite::getContent() method there is an issue. Every loading of the module settings page, your module clear the system cache

    public function getContent()
    {
        $output = null;

        if ((bool) Tools::isSubmit('submitSecurityLiteModule')) { ... }

        return $output . $this->renderForm() . $this->checkSystem() . $this->securityPro() . $this->clearCache();
    }

    public function clearCache()
    {
        Tools::clearSmartyCache();
        Tools::clearXMLCache();
        Media::clearCache();
        Tools::generateIndex();
    }

Edited May 5, 2019 by zapalm
Fixed a typo (see edit history)

May 5, 2019

5 hours ago, zapalm said:
Hello.

I have review your module a little and I have an advice for an improvement and a report for an issue.

1. Will be good, if you add to your free version of the module the functionality to check security vulnerabilities that are known from CVE. This is my free and open-source library, that you can use on your free and paid module versions both: Security vulnerability checker

2. In your SecurityLite::getContent() method there is an issue. Every loading of the module settings page, your module clear the system cache
    public function getContent()
    {
        $output = null;

        if ((bool) Tools::isSubmit('submitSecurityLiteModule')) { ... }

        return $output . $this->renderForm() . $this->checkSystem() . $this->securityPro() . $this->clearCache();
    }
    public function clearCache()
    {
        Tools::clearSmartyCache();
        Tools::clearXMLCache();
        Media::clearCache();
        Tools::generateIndex();
    }

zapalm Your module error

[PrestaShop] Fatal error in module file :/home/.../../classes/module/Module.php(1361) : eval()'d code:
syntax error, unexpected 'zapalm' (T_STRING), expecting \\ (T_NS_SEPARATOR)

PS 1.6.1.23

Edited May 5, 2019 by TCHOUPI (see edit history)

May 5, 2019

@zapalm Thank you.

1) I included your suggestions and made a fix for CVE-2018-7491.

2) You are right, it is superfluous to clear the case.

@TCHOUPI You can't install @zapalm's library as a module, it is a script. Btw. I included the checks in my module.

May 6, 2019

13 hours ago, shinetech.dk said:

@zapalm Thank you.

1) I included your suggestions and made a fix for CVE-2018-7491.

2) You are right, it is superfluous to clear the case.

@TCHOUPI You can't install @zapalm's library as a module, it is a script. Btw. I included the checks in my module.

ok thanks you, for ps 16 it can work ?

May 6, 2019

The module works with 1.7+ only, sorry.

May 6, 2019

14 hours ago, shinetech.dk said:

1) I included your suggestions and made a fix for CVE-2018-7491.

Advice for you for the future work You lose the benefits if you copy the library's code into your module. The best way is using Composer to keep up to date the library and get new vulnerability checks

May 6, 2019

22 minutes ago, zapalm said:

Advice for you for the future work You lose the benefits if you copy the library's code into your module. The best way is using Composer to keep up to date the library and get new vulnerability checks

I had to refactor your functions. Also I don't want to include the checks for 1.6. :-)

May 6, 2019

2 hours ago, shinetech.dk said:

The module works with 1.7+ only, sorry.

ok Thanks you my friend

May 6, 2019

Hi, wanted to try the module, PS 1.7.5.1, debug enabled, see the image pls. What exactly does it mean?

May 6, 2019

mr_absinthe, your server settings is not right configured.

You need to go to your php.ini file and look for allow_url_fopen. The value of this PHP configuration should be "On".

allow_url_fopen = On

Allow_url_fopen is required when you use PrestaShop.

If you don't know how, you can ask your hosting to change the value for you.

May 6, 2019

That is exactly what I have in php.ini. Cache cleared, browser and PS. Still the same.

May 6, 2019

Can you try to restart your server? Do you have any files overriding your php.ini file?

May 6, 2019

Server rebooted. Still the same. No I don't have any overrides related to php.ini as far as I know. Resetting module didn't help either.

Edited May 6, 2019 by mr_absinthe (see edit history)

May 6, 2019

10 minutes ago, mr_absinthe said:

Server rebooted. Still the same. No I don't have any overrides related to php.ini as far as I know. Resetting module didn't help either.

Weird.

I managed to reproduce the warning with "allow_url_fopen = Off". I made a refractory of my code to make it work with the setting off.

I will release new version tonight.

May 6, 2019

Weird is that I have

allow_url_fopen = On

May 6, 2019

5 minutes ago, mr_absinthe said:
Weird is that I have
allow_url_fopen = On

Yes, it is weird that you get the warning with allow_url_fopen = On

But don't worry. I fixed it on my dev version. I will release a new version very soon.

Edited May 6, 2019 by shinetech.dk (see edit history)

May 6, 2019

@mr_absinthe I just uploaded a new version, please give it a try. It should fix your warning. 🙂

May 7, 2019

Seems to be working fine, on my test server at the moment 😉 Will go for PRO version if there will be some kind of discount available in the near future. Is your "file changes" section checking for Size | Permissions {File | Group | Owner} | Time | Stamp ?

May 7, 2019

44 minutes ago, mr_absinthe said:

Seems to be working fine, on my test server at the moment 😉 Will go for PRO version if there will be some kind of discount available in the near future. Is your "file changes" section checking for Size | Permissions {File | Group | Owner} | Time | Stamp ?

The file changes will send you an e-mail with all files changes since last check. You decide how often you want to check. You set that interval in a cron-job. In the e-mail you will get a full path to the changed files. The file changes works by comparing a hash. 🙂

May 7, 2019

There will be a discount period when next release of PRO version get released. I release a new version this week with new PRO features.

May 7, 2019

OK, if you will be sending a discount code, please let me have one as the current price is rather steep.

May 13, 2019

On 5/7/2019 at 5:08 PM, mr_absinthe said:

OK, if you will be sending a discount code, please let me have one as the current price is rather steep.

i changed the price from 89 EURO to 59 EURO: https://addons.prestashop.com/en/website-security-access/44413-security-pro.html

May 23, 2019

What about the umask issue in core PrestaShop that converts new module directories to 0777 once they get uploaded?

May 23, 2019

15 minutes ago, tapanda.gr said:

What about the umask issue in core PrestaShop that converts new module directories to 0777 once they get uploaded?

It is already solved. click on the tab "Permissions" then enable the features and "Save". This will run a script that fix all permissions on your PrestaShop website. Repeat this everytime you install a module.

It is overkill to hook this script or set it up as a cronjob. Lets keep the module lightweight so it does not affect your shops performance.

Edited May 23, 2019 by MathiasReker (see edit history)

June 28, 2019

If anyone needs help, please let me know.

July 2, 2019

Feature requests are welcome too.

July 23, 2019

Hi I have this error when I try to configure the module.
The installation went ok, the configuration doesn't work.

[Tue Jul 23 10:26:39.988752 2019] [fcgid:warn] [pid 11106] [client 83.224.157.129:52003] mod_fcgid: stderr: PHP Fatal error: Call to undefined method SecurityLite::displayInformation() in /var/www/clients/client6/web114/web/modules/securitylite/securitylite.php on line 86, referer: https://*************.it/************/index.php/module/manage?_token=QmCkpOIcZKEgO5smDIgcI9RnYFw-qSn1c2z466iYRkA

[Tue Jul 23 10:26:39.988844 2019] [fcgid:warn] [pid 11106] [client 83.224.157.129:52003] mod_fcgid: stderr: #2 /var/www/clients/client6/web114/web/vendor/symfony/symfony/src/Symfony/Component/Debug/ErrorHandler.php(668): Symfony\\Component\\Debug\\ErrorHandler->handleException(Object(Symfony in /var/www/clients/client6/web114/web/app/bootstrap.php.cache on line 3231, referer: https://********.it/***********/index.php/module/manage?_token=QmCkpOIcZKEgO5smDIgcI9RnYFw-qSn1c2z466iYRkA

Thanks in advance

July 23, 2019

7 minutes ago, linoolmostudio said:

Hi I have this error when I try to configure the module.
The installation went ok, the configuration doesn't work.

[Tue Jul 23 10:26:39.988752 2019] [fcgid:warn] [pid 11106] [client 83.224.157.129:52003] mod_fcgid: stderr: PHP Fatal error: Call to undefined method SecurityLite::displayInformation() in /var/www/clients/client6/web114/web/modules/securitylite/securitylite.php on line 86, referer: https://*************.it/************/index.php/module/manage?_token=QmCkpOIcZKEgO5smDIgcI9RnYFw-qSn1c2z466iYRkA

[Tue Jul 23 10:26:39.988844 2019] [fcgid:warn] [pid 11106] [client 83.224.157.129:52003] mod_fcgid: stderr: #2 /var/www/clients/client6/web114/web/vendor/symfony/symfony/src/Symfony/Component/Debug/ErrorHandler.php(668): Symfony\\Component\\Debug\\ErrorHandler->handleException(Object(Symfony in /var/www/clients/client6/web114/web/app/bootstrap.php.cache on line 3231, referer: https://********.it/***********/index.php/module/manage?_token=QmCkpOIcZKEgO5smDIgcI9RnYFw-qSn1c2z466iYRkA

Thanks in advance

What is your PrestaShop version and your PHP version?

July 23, 2019

@linoolmostudio I did not manage to reproduce your warning. Can you send me a copy of your htaccess file in a private message?

July 23, 2019

21 minutes ago, MathiasReker said:

@linoolmostudio I did not manage to reproduce your warning. Can you send me a copy of your htaccess file in a private message?

Just sent a private message.
thx

July 23, 2019

4 minutes ago, linoolmostudio said:

Just sent a private message.
thx

I send a msg. I think it should be solve by that solution. If you need anymore help, please let me know 🙂

July 26, 2019

Hello Mathias,

This link doesn't work:

Download it here (v. 2.0.0): securitylite.zip

Do you have another alternative link to download it?

Thanks,

July 26, 2019

@marcosaso please try again, the link works fine in my end :)

July 26, 2019

@marcosaso try this link insteaed: https://github.com/MathiasReker/Security-Lite/releases/download/2.0.0/securitylite.zip

July 27, 2019

Thanks Mathias,
Now both links are working.

Do you have a discount code to buy a security pro?

Regards,

Marcos

August 3, 2019

Hello Marcos,

The price is already adjusted, so everyone gets the discount.

You can buy the module here: https://addons.prestashop.com/en/website-security-access/44413-security-pro.html

Best regards

Mathias

August 29, 2019

New Pro version released: https://addons.prestashop.com/en/website-security-access/44413-security-pro.html

September 4, 2019

Hi,
does your module support range IP block? If so, do I use 192.168.0.* or 192.168.0.1/24? Also, are blocked IPs listed in searchable table?

September 11, 2019

On 9/4/2019 at 2:50 PM, mr_absinthe said:

Hi,
does your module support range IP block? If so, do I use 192.168.0.* or 192.168.0.1/24? Also, are blocked IPs listed in searchable table?

Maybe I will support IP range in next version. Are you on free or pro version?

September 11, 2019

Currently trying the free version

September 11, 2019

3 minutes ago, mr_absinthe said:

Currently trying the free version

Okay. I will see how much work it takes. Maybe I will include IP ranges.

September 12, 2019

sorry to disturb you.

same problem as linoolmostudio
The installation went fine, fatal error in configuration.

PrestaShop version: 1.7.2.4
security lite: 2.00

best regards

September 12, 2019

15 minutes ago, larrson said:

sorry to disturb you.

same problem as linoolmostudio
The installation went fine, fatal error in configuration.

PrestaShop version: 1.7.2.4
security lite: 2.00

best regards

Can you send me a screenshot, then I will get a clue how to fix it, because I am not able to reproduce the error.

September 12, 2019

20 hours ago, MathiasReker said:

Okay. I will see how much work it takes. Maybe I will include IP ranges.

That would be certainly good feature to have, also if those banned IPs are listed below each other, such as:

123.12.12.11

123.11.11.13

etc. so we can search them unlike it is done on the maintenance settings.

On my two servers, I noticed "Some features in Security Pro might not work on your setup, because your .htaccess file is not used! (Apache)" however on both the .htaccess is present in root.

September 12, 2019

1 minute ago, mr_absinthe said:

That would be certainly good feature to have, also if those banned IPs are listed below each other, such as:

123.12.12.11

123.11.11.13

etc. so we can search them unlike it is done on the maintenance settings.

On my two servers, I noticed "Some features in Security Pro might not work on your setup, because your .htaccess file is not used! (Apache)" however on both the .htaccess is present in root.

Are you on a Apache, nginx or litespeed?

September 12, 2019

first one:

Server information Linux #1 SMP Tue May 14 21:24:32 UTC 2019 x86_64

Server software version: Apache, PHP version: 7.2.22

second one:

Apache, CGI with Apache Worker or another webserver, PHP version: 7.2.22

Both running PrestaShop version: 1.7.6.1

Edited September 12, 2019 by mr_absinthe (see edit history)

September 12, 2019

4 minutes ago, mr_absinthe said:

first one:

Server information Linux #1 SMP Tue May 14 21:24:32 UTC 2019 x86_64

Server software version: Apache, PHP version: 7.2.22

second one:

Apache, CGI with Apache Worker or another webserver, PHP version: 7.2.22

Both running PrestaShop version: 1.7.6.1

Can you try to clear your cache and check if that message is still displayed?

September 12, 2019

Cache cleared browser + ps and it is still the same on both.

September 12, 2019

1 minute ago, mr_absinthe said:

Cache cleared browser + ps and it is still the same on both.

Okay, I will make some additional checks. I release a new version soon

September 12, 2019

37 minutes ago, larrson said:

sorry to disturb you.

same problem as linoolmostudio
The installation went fine, fatal error in configuration.

PrestaShop version: 1.7.2.4
security lite: 2.00

best regards

It might be, that your htaccess file is not writeable. Can you please check?

September 12, 2019

8 hours ago, MathiasReker said:

It might be, that your htaccess file is not writeable. Can you please check?

Unfortunately, it's still doesn't work. I tried everything. 0655, 0755, and even 0777.

best regards

September 20, 2019

Just to let you know, if I enable Debug mode and run on PS v 1.7.5.1 and security lite: 2.00 I receive this error popup:

Warning on line 159 in file /home/xsxsxsxsxs/public_html/modules/securitylite/securitylite.php
[2] chmod(): Operation not permitted

September 20, 2019

2 hours ago, mr_absinthe said:

Just to let you know, if I enable Debug mode and run on PS v 1.7.5.1 and security lite: 2.00 I receive this error popup:

Warning on line 159 in file /home/xsxsxsxsxs/public_html/modules/securitylite/securitylite.php
[2] chmod(): Operation not permitted

You get this error because you do not have permission to use chmod(). Ask your hosting administrator to grant you that permission.

September 20, 2019

On 9/12/2019 at 10:05 PM, larrson said:

Unfortunately, it's still doesn't work. I tried everything. 0655, 0755, and even 0777.

best regards

Please send me a screenshot of the error.

September 20, 2019

As a test, I have manually changed permissions an a directory to 777 using FileZilla. With debug disabled, I run the fix using your module, permissions are changed back to 755 and success message "Permissions updated!" is received. Do you still think that I do not have permission to use chmod()?

December 2, 2019

Well it doesnt work

December 3, 2019

14 hours ago, Giovanni - HexaNet said:

Well it doesnt work

please let me know what does not work, and I will apply a fix.

December 4, 2019

where to buy the pro version? can you provide a link please??

December 4, 2019

16 minutes ago, fitgura said:

where to buy the pro version? can you provide a link please??

You can buy Pro version here: https://addons.prestashop.com/en/website-security-access/44413-security-pro.html

December 4, 2019

Hi, did you manage to have a look at the issue mentioned above: "On my two servers, I noticed "Some features in Security Pro might not work on your setup, because your .htaccess file is not used! (Apache)" however on both servers the .htaccess is present in root." ?

Edited December 4, 2019 by mr_absinthe (see edit history)

December 4, 2019

2 minutes ago, mr_absinthe said:

Hi, did you manage to have a look at the issue mentioned above: "On my two servers, I noticed "Some features in Security Pro might not work on your setup, because your .htaccess file is not used! (Apache)" however on both servers the .htaccess is present in root." ?

It is solved in the pro version. I will fix it it lite version in this week. Thank you.

December 4, 2019

Hi Mathias,

I'm testing to Free module but the file permissions doesn't solve my problem.
Sorry the text is in Dutch but you can understand it I think. :>)

December 5, 2019

21 hours ago, spacestar said:

Hi Mathias,

I'm testing to Free module but the file permissions doesn't solve my problem.
Sorry the text is in Dutch but you can understand it I think. :>)

Can you show me a screenshot where you see this message?

December 5, 2019

This is/was😁 the screenshot.

December 5, 2019

Just now, spacestar said:

This is/was😁 the screenshot.

Please show a full shreenshot with all content on the page. You can send me a private message.

December 5, 2019

I can't find the PM, so I hope this is OK

December 19, 2019

New version. All reported bugs fixed.

January 8

You should all consider to download my new module, that fix the critical security issue reported by Prestashop today.

May 12

On 5/5/2019 at 12:05 PM, Soyons Solidaire said:

zapalm Your module error

[PrestaShop] Fatal error in module file :/home/.../../classes/module/Module.php(1361) : eval()'d code:
syntax error, unexpected 'zapalm' (T_STRING), expecting \\ (T_NS_SEPARATOR)

PS 1.6.1.23

The module is now compatible with 1.6.1.x +

May 12

On 9/4/2019 at 2:50 PM, mr_absinthe said:

Hi,
does your module support range IP block? If so, do I use 192.168.0.* or 192.168.0.1/24? Also, are blocked IPs listed in searchable table?

The module does now support IP ranges. 🙂 Both formats are supported.

Edited May 12 by MathiasReker (see edit history)

[Free Module] Advanced Security Module

Recommended Posts

MathiasReker 18

Share this post

Link to post

Share on other sites

MathiasReker 18

Share this post

Link to post

Share on other sites

zapalm 31

Share this post

Link to post

Share on other sites

Soyons Solidaire 246

Share this post

Link to post

Share on other sites

MathiasReker 18

Share this post

Link to post

Share on other sites

Soyons Solidaire 246

Share this post

Link to post

Share on other sites

MathiasReker 18

Share this post

Link to post

Share on other sites

zapalm 31

Share this post

Link to post

Share on other sites

MathiasReker 18

Share this post

Link to post

Share on other sites

Soyons Solidaire 246

Share this post

Link to post

Share on other sites

mr_absinthe 2

Share this post

Link to post

Share on other sites

MathiasReker 18

Share this post

Link to post

Share on other sites

mr_absinthe 2

Share this post

Link to post

Share on other sites

MathiasReker 18

Share this post

Link to post

Share on other sites

mr_absinthe 2

Share this post

Link to post

Share on other sites

MathiasReker 18

Share this post

Link to post

Share on other sites

mr_absinthe 2

Share this post

Link to post

Share on other sites

MathiasReker 18

Share this post

Link to post

Share on other sites

MathiasReker 18

Share this post

Link to post

Share on other sites

mr_absinthe 2

Share this post