Jump to content

Recommended Posts

Posted (edited)

lite.png.a6cb33e7b377f70b8479dd85fc0e36fb.png

PrestaShop Module: Security Lite

With this module the risk of getting hacked is decreased. You should always care about security. By using this module, you add another layer of security to your PrestaShop website, that will benefit you in case someone tries to get unauthorized access.

I did not add settings that are obviously already covered by PrestaShop core with another technique, but when that it said, if some technique having more layers is good practice, I added those extra layers of security.
 

Here are the features you will have with this FREE module:

  • Brute force protection
  • Ban IP’s
  • Fix insecure permissions
  • Disable right click
  • Check system for vulnerabilities
 
Download it here (v. 2.0.0): securitylite.zip
Build to work with PrestaShop 1.7.0.0+
Documentation:
 
Thank you @zapalm for your suggestion.

This module use no overrides and passes PrestaShop's Validator.

1.thumb.jpg.4b37765e55fb5a8ed07628ce16948168.jpg

2.thumb.jpg.748e6e8e0ce57ca3ac614ae0b6b4af81.jpg

3.thumb.jpg.1bfc1c50b34f5424ea67b0e61b776470.jpg

4.thumb.jpg.64dea059e06e0338bce882e7b4a96843.jpg

5.thumb.jpg.5849e1e8b1165109ed7d4632f2000864.jpg

6.thumb.jpg.5c732fbd8184e23fa85053a1967ae35d.jpg

7.thumb.jpg.7569e4bd6e24b1230e4eb788267a6a91.jpg

8.thumb.jpg.93bf38662048a3d0908ad397fd368a6a.jpg

9.thumb.jpg.bb1a4648446702329e96d679a51d08b6.jpg

10.thumb.jpg.8d304e5416fd3c80c5e0c3d69db8d7b0.jpg

11.thumb.jpg.af6cc55d56b9b350c83b373b39522c22.jpg

 

13.thumb.png.a152e1dde2c00edf1dee924f668e08ae.png

 

I advise you to read the documentation, because some settings might need a little explanation. If you have any questions, do not hesitate to contact me. Let's be safe!

Edited by shinetech.dk
added new version of module.
  • Thanks 1

Share this post


Link to post
Share on other sites

If you have suggestions for new features, please let me know in a comment. 😀

Share this post


Link to post
Share on other sites
Posted (edited)

Hello.

I have review your module a little and I have an advice for an improvement and a report for an issue.

1. Will be good, if you add to your free version of the module the functionality to check security vulnerabilities that are known from CVE. This is my free and open-source library, that you can use on your free and paid module versions both: Security vulnerability checker :)

2. In your SecurityLite::getContent() method there is an issue. Every loading of the module settings page, your module clear the system cache ;)

    public function getContent()
    {
        $output = null;

        if ((bool) Tools::isSubmit('submitSecurityLiteModule')) { ... }

        return $output . $this->renderForm() . $this->checkSystem() . $this->securityPro() . $this->clearCache();
    }
    public function clearCache()
    {
        Tools::clearSmartyCache();
        Tools::clearXMLCache();
        Media::clearCache();
        Tools::generateIndex();
    }

 

Edited by zapalm
Fixed a typo

Share this post


Link to post
Share on other sites
Posted (edited)
5 hours ago, zapalm said:

Hello.

I have review your module a little and I have an advice for an improvement and a report for an issue.

1. Will be good, if you add to your free version of the module the functionality to check security vulnerabilities that are known from CVE. This is my free and open-source library, that you can use on your free and paid module versions both: Security vulnerability checker :)

2. In your SecurityLite::getContent() method there is an issue. Every loading of the module settings page, your module clear the system cache ;)


    public function getContent()
    {
        $output = null;

        if ((bool) Tools::isSubmit('submitSecurityLiteModule')) { ... }

        return $output . $this->renderForm() . $this->checkSystem() . $this->securityPro() . $this->clearCache();
    }

    public function clearCache()
    {
        Tools::clearSmartyCache();
        Tools::clearXMLCache();
        Media::clearCache();
        Tools::generateIndex();
    }

 

 

zapalm Your module error
 
[PrestaShop] Fatal error in module file :/home/.../../classes/module/Module.php(1361) : eval()'d code:
syntax error, unexpected 'zapalm' (T_STRING), expecting \\ (T_NS_SEPARATOR)

PS 1.6.1.23

Edited by TCHOUPI

Share this post


Link to post
Share on other sites

@zapalm Thank you.

1) I included your suggestions and made a fix for CVE-2018-7491.

2) You are right, it is superfluous to clear the case.

@TCHOUPI You can't install @zapalm's library as a module, it is a script. Btw. I included the checks in my module.
 

  • Like 1

Share this post


Link to post
Share on other sites
13 hours ago, shinetech.dk said:

@zapalm Thank you.

1) I included your suggestions and made a fix for CVE-2018-7491.

2) You are right, it is superfluous to clear the case.

@TCHOUPI You can't install @zapalm's library as a module, it is a script. Btw. I included the checks in my module.
 

ok thanks you, for ps 16 it can work ?
 

Share this post


Link to post
Share on other sites
14 hours ago, shinetech.dk said:

1) I included your suggestions and made a fix for CVE-2018-7491.

Advice for you for the future work :) You lose the benefits if you copy the library's code into your module. The best way is using Composer to keep up to date the library and get new vulnerability checks ;)

Share this post


Link to post
Share on other sites
22 minutes ago, zapalm said:

Advice for you for the future work :) You lose the benefits if you copy the library's code into your module. The best way is using Composer to keep up to date the library and get new vulnerability checks ;)

I had to refactor your functions. Also I don't want to include the checks for 1.6. :-)

Share this post


Link to post
Share on other sites
2 hours ago, shinetech.dk said:

The module works with 1.7+ only, sorry.

ok Thanks you my friend

Share this post


Link to post
Share on other sites

Hi, wanted to try the module, PS 1.7.5.1, debug enabled, see the image pls. What exactly does it mean?

security_lite.png

Share this post


Link to post
Share on other sites

mr_absinthe, your server settings is not right configured.

You need to go to your php.ini file and look for allow_url_fopen. The value of this PHP configuration should be "On".

allow_url_fopen = On

Allow_url_fopen is required when you use PrestaShop.

If you don't know how, you can ask your hosting to change the value for you.

Share this post


Link to post
Share on other sites

That is exactly what I have in php.ini. Cache cleared, browser and PS. Still the same.

Share this post


Link to post
Share on other sites

Can you try to restart your server? Do you have any files overriding your php.ini file?

Share this post


Link to post
Share on other sites
Posted (edited)

Server rebooted. Still the same. No I don't have any overrides related to php.ini as far as I know. Resetting module didn't help either.

Edited by mr_absinthe

Share this post


Link to post
Share on other sites
10 minutes ago, mr_absinthe said:

Server rebooted. Still the same. No I don't have any overrides related to php.ini as far as I know. Resetting module didn't help either.

Weird.

I managed to reproduce the warning with "allow_url_fopen = Off". I made a refractory of my code to make it work with the setting off.

I will release new version tonight.

Share this post


Link to post
Share on other sites
Posted (edited)
5 minutes ago, mr_absinthe said:

Weird is that I have


allow_url_fopen = On

Yes, it is weird that you get the warning with allow_url_fopen = On

But don't worry. I fixed it on my dev version. I will release a new version very soon.

Edited by shinetech.dk

Share this post


Link to post
Share on other sites

@mr_absinthe I just uploaded a new version, please give it a try. It should fix your warning. 🙂

Share this post


Link to post
Share on other sites

Seems to be working fine, on my test server at the moment 😉 Will go for PRO version if there will be some kind of discount available in the near future. Is your "file changes" section checking for Size | Permissions {File | Group | Owner} | Time | Stamp ?

Share this post


Link to post
Share on other sites
44 minutes ago, mr_absinthe said:

Seems to be working fine, on my test server at the moment 😉 Will go for PRO version if there will be some kind of discount available in the near future. Is your "file changes" section checking for Size | Permissions {File | Group | Owner} | Time | Stamp ? 

The file changes will send you an e-mail with all files changes since last check. You decide how often you want to check. You set that interval in a cron-job. In the e-mail you will get a full path to the changed files. The file changes works by comparing a hash. 🙂

Share this post


Link to post
Share on other sites

There will be a discount period when next release of PRO version get released. I release a new version this week with new PRO features.

Share this post


Link to post
Share on other sites

OK, if you will be sending a discount code, please let me have one as the current price is rather steep.

Share this post


Link to post
Share on other sites

What about the umask issue in core PrestaShop that converts new module directories to 0777 once they get uploaded?

Share this post


Link to post
Share on other sites
Posted (edited)
15 minutes ago, tapanda.gr said:

What about the umask issue in core PrestaShop that converts new module directories to 0777 once they get uploaded?

It is already solved. click on the tab "Permissions" then enable the features and "Save". This will run a script that fix all permissions on your PrestaShop website. Repeat this everytime you install a module.

image.png.f37af2627864200cec0bfc23f3b9ad14.png

 

It is overkill to hook this script or set it up as a cronjob. Lets keep the module lightweight so it does not affect your shops performance.

Edited by MathiasReker

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More