MathiasReker Posted May 3, 2019 Posted May 3, 2019 (edited) PrestaShop Module: Security Lite Direct download link: Benefits for Merchants Security Pro is the industry leader in PrestaShop security modules. It’s the most advanced PrestaShop security module on the market. The module will automatically scan your website for common threats. You will be alerted if any signs of a security breach are detected with the instructions to fix them. The module can add additional layers of security to your PrestaShop website that will benefit in case someone attacks your website. Security Lite is a free version that includes some of the features. PrestaShop in its own is very secure. It's among the most secure content management systems available. When said, its good practice to add extra layers of security. I added all these layers as features so you can enable them without any coding knowledge to follow best practice. Benefits for customers Your customer's data are better protected in case of hacking attempts. Your customer's data are also better secured when your customers are browsing your website. Installation The installation of Security Lite is 100 % according to PrestaShop's standards. - For PrestaShop 1.6.1.x and thirty bees 1.x.x - Login into your shop's back office - Go to “Add a new module” - Click on “Choose a file” - Browse for the module - Click on “Upload this module” - Look for the module and click “Install” For PrestaShop 1.7.x.x - Login into your shop's back office - Go to “Module Manager” - Click on “Upload a Module” - Browse for the module - Upload and install the module Recommendations Tested on all major server software (Apache, Nginx, LiteSpeed, etc.). Tested on PrestaShop 1.6.1.x, 1.7.x.x and on thirty bees 1.x.x. Tested on PHP 5.6.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x and 7.4.x. Everything is very well tested. No known bugs exist and the module is battle-tested! The module is already in production on many websites. The module is multistore compatible and supports multi-language as well. Other Is the module using overrides? The module does not use overrides and none of the core-files is modified, so you are completely safe against conflicts between other modules. As this is an all-in-one module, you don’t need a bunch of security modules that could be conflicting. All the features in this module are built to work together. Can I try the module? There is a live demo of the module, so you can try it. This is highly recommended as some features are better explained in the demo. If you have questions don't hesitate to contact me. Link to live demo: https://reker.dk/demo/admin-dev Will the module affect the performance of the website? The code quality is high and it follows PrestaShop's guidelines. The code is optimized for performance, but in theory, any code will affect the performance. The firewall rules can have a very little effect on the performance due to some external lookups. These lookups are cached, so they do not get repeated for the same client. I doubt you could find a real-world scenario where that difference matters. Other than that, it will not affect noticeably performance in the front office at all. All of the firewall settings are configurable — the less aggressive, the more performance. Will this module fix a hacked website? If you got infected by malware, it is better to upload a backup from before you got infected and then secure your website with Security Pro. Due to the analysis tools of the module, the module can find vulnerabilities on and alert you if any signs of a security breach are detected with the instructions to fix them. Will this module affect SEO? The module is SEO friendly and none of the features in this module can harm your ranking. Google is excluded from the firewall rules, so Google will not get blocked in any way. Direct download link: v5.0.1-securitylite.zip Download Security Lite from GitHub: https://github.com/MathiasReker/Security-Lite/releases/latest Upgrade to Security Pro: https://addons.prestashop.com/en/website-security-access/44413-security-pro.html Edited March 1 by MathiasReker New patch version (see edit history) 3 Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted May 4, 2019 Posted May 4, 2019 If you have suggestions for new features, please let me know in a comment. 😀 Share this post Link to post Share on other sites More sharing options...
zapalm Posted May 5, 2019 Posted May 5, 2019 (edited) Hello. I have review your module a little and I have an advice for an improvement and a report for an issue. 1. Will be good, if you add to your free version of the module the functionality to check security vulnerabilities that are known from CVE. This is my free and open-source library, that you can use on your free and paid module versions both: Security vulnerability checker 2. In your SecurityLite::getContent() method there is an issue. Every loading of the module settings page, your module clear the system cache public function getContent() { $output = null; if ((bool) Tools::isSubmit('submitSecurityLiteModule')) { ... } return $output . $this->renderForm() . $this->checkSystem() . $this->securityPro() . $this->clearCache(); } public function clearCache() { Tools::clearSmartyCache(); Tools::clearXMLCache(); Media::clearCache(); Tools::generateIndex(); } Edited May 5, 2019 by zapalm Fixed a typo (see edit history) Share this post Link to post Share on other sites More sharing options...
Soyons Solidaire Posted May 5, 2019 Posted May 5, 2019 (edited) 5 hours ago, zapalm said: Hello. I have review your module a little and I have an advice for an improvement and a report for an issue. 1. Will be good, if you add to your free version of the module the functionality to check security vulnerabilities that are known from CVE. This is my free and open-source library, that you can use on your free and paid module versions both: Security vulnerability checker 2. In your SecurityLite::getContent() method there is an issue. Every loading of the module settings page, your module clear the system cache public function getContent() { $output = null; if ((bool) Tools::isSubmit('submitSecurityLiteModule')) { ... } return $output . $this->renderForm() . $this->checkSystem() . $this->securityPro() . $this->clearCache(); } public function clearCache() { Tools::clearSmartyCache(); Tools::clearXMLCache(); Media::clearCache(); Tools::generateIndex(); } zapalm Your module error [PrestaShop] Fatal error in module file :/home/.../../classes/module/Module.php(1361) : eval()'d code:syntax error, unexpected 'zapalm' (T_STRING), expecting \\ (T_NS_SEPARATOR) PS 1.6.1.23 Edited May 5, 2019 by TCHOUPI (see edit history) Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted May 5, 2019 Posted May 5, 2019 @zapalm Thank you. 1) I included your suggestions and made a fix for CVE-2018-7491. 2) You are right, it is superfluous to clear the case. @TCHOUPI You can't install @zapalm's library as a module, it is a script. Btw. I included the checks in my module. 1 Share this post Link to post Share on other sites More sharing options...
Soyons Solidaire Posted May 6, 2019 Posted May 6, 2019 13 hours ago, shinetech.dk said: @zapalm Thank you. 1) I included your suggestions and made a fix for CVE-2018-7491. 2) You are right, it is superfluous to clear the case. @TCHOUPI You can't install @zapalm's library as a module, it is a script. Btw. I included the checks in my module. ok thanks you, for ps 16 it can work ? Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted May 6, 2019 Posted May 6, 2019 The module works with 1.7+ only, sorry. Share this post Link to post Share on other sites More sharing options...
zapalm Posted May 6, 2019 Posted May 6, 2019 14 hours ago, shinetech.dk said: 1) I included your suggestions and made a fix for CVE-2018-7491. Advice for you for the future work You lose the benefits if you copy the library's code into your module. The best way is using Composer to keep up to date the library and get new vulnerability checks Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted May 6, 2019 Posted May 6, 2019 22 minutes ago, zapalm said: Advice for you for the future work You lose the benefits if you copy the library's code into your module. The best way is using Composer to keep up to date the library and get new vulnerability checks I had to refactor your functions. Also I don't want to include the checks for 1.6. :-) Share this post Link to post Share on other sites More sharing options...
Soyons Solidaire Posted May 6, 2019 Posted May 6, 2019 2 hours ago, shinetech.dk said: The module works with 1.7+ only, sorry. ok Thanks you my friend Share this post Link to post Share on other sites More sharing options...
mr_absinthe Posted May 6, 2019 Posted May 6, 2019 Hi, wanted to try the module, PS 1.7.5.1, debug enabled, see the image pls. What exactly does it mean? Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted May 6, 2019 Posted May 6, 2019 mr_absinthe, your server settings is not right configured. You need to go to your php.ini file and look for allow_url_fopen. The value of this PHP configuration should be "On". allow_url_fopen = On Allow_url_fopen is required when you use PrestaShop. If you don't know how, you can ask your hosting to change the value for you. Share this post Link to post Share on other sites More sharing options...
mr_absinthe Posted May 6, 2019 Posted May 6, 2019 That is exactly what I have in php.ini. Cache cleared, browser and PS. Still the same. Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted May 6, 2019 Posted May 6, 2019 Can you try to restart your server? Do you have any files overriding your php.ini file? Share this post Link to post Share on other sites More sharing options...
mr_absinthe Posted May 6, 2019 Posted May 6, 2019 (edited) Server rebooted. Still the same. No I don't have any overrides related to php.ini as far as I know. Resetting module didn't help either. Edited May 6, 2019 by mr_absinthe (see edit history) Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted May 6, 2019 Posted May 6, 2019 10 minutes ago, mr_absinthe said: Server rebooted. Still the same. No I don't have any overrides related to php.ini as far as I know. Resetting module didn't help either. Weird. I managed to reproduce the warning with "allow_url_fopen = Off". I made a refractory of my code to make it work with the setting off. I will release new version tonight. Share this post Link to post Share on other sites More sharing options...
mr_absinthe Posted May 6, 2019 Posted May 6, 2019 Weird is that I have allow_url_fopen = On Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted May 6, 2019 Posted May 6, 2019 (edited) 5 minutes ago, mr_absinthe said: Weird is that I have allow_url_fopen = On Yes, it is weird that you get the warning with allow_url_fopen = On But don't worry. I fixed it on my dev version. I will release a new version very soon. Edited May 6, 2019 by shinetech.dk (see edit history) Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted May 6, 2019 Posted May 6, 2019 @mr_absinthe I just uploaded a new version, please give it a try. It should fix your warning. 🙂 Share this post Link to post Share on other sites More sharing options...
mr_absinthe Posted May 7, 2019 Posted May 7, 2019 Seems to be working fine, on my test server at the moment 😉 Will go for PRO version if there will be some kind of discount available in the near future. Is your "file changes" section checking for Size | Permissions {File | Group | Owner} | Time | Stamp ? Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted May 7, 2019 Posted May 7, 2019 44 minutes ago, mr_absinthe said: Seems to be working fine, on my test server at the moment 😉 Will go for PRO version if there will be some kind of discount available in the near future. Is your "file changes" section checking for Size | Permissions {File | Group | Owner} | Time | Stamp ? The file changes will send you an e-mail with all files changes since last check. You decide how often you want to check. You set that interval in a cron-job. In the e-mail you will get a full path to the changed files. The file changes works by comparing a hash. 🙂 Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted May 7, 2019 Posted May 7, 2019 There will be a discount period when next release of PRO version get released. I release a new version this week with new PRO features. Share this post Link to post Share on other sites More sharing options...
mr_absinthe Posted May 7, 2019 Posted May 7, 2019 OK, if you will be sending a discount code, please let me have one as the current price is rather steep. Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted May 13, 2019 Posted May 13, 2019 On 5/7/2019 at 5:08 PM, mr_absinthe said: OK, if you will be sending a discount code, please let me have one as the current price is rather steep. i changed the price from 89 EURO to 59 EURO: https://addons.prestashop.com/en/website-security-access/44413-security-pro.html Share this post Link to post Share on other sites More sharing options...
tapanda.gr Posted May 23, 2019 Posted May 23, 2019 What about the umask issue in core PrestaShop that converts new module directories to 0777 once they get uploaded? Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted May 23, 2019 Posted May 23, 2019 (edited) 15 minutes ago, tapanda.gr said: What about the umask issue in core PrestaShop that converts new module directories to 0777 once they get uploaded? It is already solved. click on the tab "Permissions" then enable the features and "Save". This will run a script that fix all permissions on your PrestaShop website. Repeat this everytime you install a module. It is overkill to hook this script or set it up as a cronjob. Lets keep the module lightweight so it does not affect your shops performance. Edited May 23, 2019 by MathiasReker (see edit history) Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted June 28, 2019 Posted June 28, 2019 If anyone needs help, please let me know. Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted July 2, 2019 Posted July 2, 2019 Feature requests are welcome too. Share this post Link to post Share on other sites More sharing options...
linoolmostudio Posted July 23, 2019 Posted July 23, 2019 Hi I have this error when I try to configure the module. The installation went ok, the configuration doesn't work. [Tue Jul 23 10:26:39.988752 2019] [fcgid:warn] [pid 11106] [client 83.224.157.129:52003] mod_fcgid: stderr: PHP Fatal error: Call to undefined method SecurityLite::displayInformation() in /var/www/clients/client6/web114/web/modules/securitylite/securitylite.php on line 86, referer: https://*************.it/************/index.php/module/manage?_token=QmCkpOIcZKEgO5smDIgcI9RnYFw-qSn1c2z466iYRkA [Tue Jul 23 10:26:39.988844 2019] [fcgid:warn] [pid 11106] [client 83.224.157.129:52003] mod_fcgid: stderr: #2 /var/www/clients/client6/web114/web/vendor/symfony/symfony/src/Symfony/Component/Debug/ErrorHandler.php(668): Symfony\\Component\\Debug\\ErrorHandler->handleException(Object(Symfony in /var/www/clients/client6/web114/web/app/bootstrap.php.cache on line 3231, referer: https://********.it/***********/index.php/module/manage?_token=QmCkpOIcZKEgO5smDIgcI9RnYFw-qSn1c2z466iYRkA Thanks in advance Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted July 23, 2019 Posted July 23, 2019 7 minutes ago, linoolmostudio said: Hi I have this error when I try to configure the module. The installation went ok, the configuration doesn't work. [Tue Jul 23 10:26:39.988752 2019] [fcgid:warn] [pid 11106] [client 83.224.157.129:52003] mod_fcgid: stderr: PHP Fatal error: Call to undefined method SecurityLite::displayInformation() in /var/www/clients/client6/web114/web/modules/securitylite/securitylite.php on line 86, referer: https://*************.it/************/index.php/module/manage?_token=QmCkpOIcZKEgO5smDIgcI9RnYFw-qSn1c2z466iYRkA [Tue Jul 23 10:26:39.988844 2019] [fcgid:warn] [pid 11106] [client 83.224.157.129:52003] mod_fcgid: stderr: #2 /var/www/clients/client6/web114/web/vendor/symfony/symfony/src/Symfony/Component/Debug/ErrorHandler.php(668): Symfony\\Component\\Debug\\ErrorHandler->handleException(Object(Symfony in /var/www/clients/client6/web114/web/app/bootstrap.php.cache on line 3231, referer: https://********.it/***********/index.php/module/manage?_token=QmCkpOIcZKEgO5smDIgcI9RnYFw-qSn1c2z466iYRkA Thanks in advance What is your PrestaShop version and your PHP version? Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted July 23, 2019 Posted July 23, 2019 @linoolmostudio I did not manage to reproduce your warning. Can you send me a copy of your htaccess file in a private message? Share this post Link to post Share on other sites More sharing options...
linoolmostudio Posted July 23, 2019 Posted July 23, 2019 21 minutes ago, MathiasReker said: @linoolmostudio I did not manage to reproduce your warning. Can you send me a copy of your htaccess file in a private message? Just sent a private message. thx Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted July 23, 2019 Posted July 23, 2019 4 minutes ago, linoolmostudio said: Just sent a private message. thx I send a msg. I think it should be solve by that solution. If you need anymore help, please let me know 🙂 Share this post Link to post Share on other sites More sharing options...
marcosaso Posted July 26, 2019 Posted July 26, 2019 Hello Mathias, This link doesn't work: Download it here (v. 2.0.0): securitylite.zip Do you have another alternative link to download it? Thanks, Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted July 26, 2019 Posted July 26, 2019 @marcosaso please try again, the link works fine in my end :) Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted July 26, 2019 Posted July 26, 2019 @marcosaso try this link insteaed: https://github.com/MathiasReker/Security-Lite/releases/download/2.0.0/securitylite.zip Share this post Link to post Share on other sites More sharing options...
marcosaso Posted July 27, 2019 Posted July 27, 2019 Thanks Mathias, Now both links are working. Do you have a discount code to buy a security pro? Regards, Marcos Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted August 3, 2019 Posted August 3, 2019 Hello Marcos, The price is already adjusted, so everyone gets the discount. You can buy the module here: https://addons.prestashop.com/en/website-security-access/44413-security-pro.html Best regards Mathias Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted August 29, 2019 Posted August 29, 2019 New Pro version released: https://addons.prestashop.com/en/website-security-access/44413-security-pro.html Share this post Link to post Share on other sites More sharing options...
mr_absinthe Posted September 4, 2019 Posted September 4, 2019 Hi, does your module support range IP block? If so, do I use 192.168.0.* or 192.168.0.1/24? Also, are blocked IPs listed in searchable table? Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted September 11, 2019 Posted September 11, 2019 On 9/4/2019 at 2:50 PM, mr_absinthe said: Hi, does your module support range IP block? If so, do I use 192.168.0.* or 192.168.0.1/24? Also, are blocked IPs listed in searchable table? Maybe I will support IP range in next version. Are you on free or pro version? Share this post Link to post Share on other sites More sharing options...
mr_absinthe Posted September 11, 2019 Posted September 11, 2019 Currently trying the free version 1 Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted September 11, 2019 Posted September 11, 2019 3 minutes ago, mr_absinthe said: Currently trying the free version Okay. I will see how much work it takes. Maybe I will include IP ranges. Share this post Link to post Share on other sites More sharing options...
larrson Posted September 12, 2019 Posted September 12, 2019 sorry to disturb you. same problem as linoolmostudio The installation went fine, fatal error in configuration. PrestaShop version: 1.7.2.4 security lite: 2.00 best regards Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted September 12, 2019 Posted September 12, 2019 15 minutes ago, larrson said: sorry to disturb you. same problem as linoolmostudio The installation went fine, fatal error in configuration. PrestaShop version: 1.7.2.4 security lite: 2.00 best regards Can you send me a screenshot, then I will get a clue how to fix it, because I am not able to reproduce the error. Share this post Link to post Share on other sites More sharing options...
mr_absinthe Posted September 12, 2019 Posted September 12, 2019 20 hours ago, MathiasReker said: Okay. I will see how much work it takes. Maybe I will include IP ranges. That would be certainly good feature to have, also if those banned IPs are listed below each other, such as: 123.12.12.11 123.11.11.13 etc. so we can search them unlike it is done on the maintenance settings. On my two servers, I noticed "Some features in Security Pro might not work on your setup, because your .htaccess file is not used! (Apache)" however on both the .htaccess is present in root. Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted September 12, 2019 Posted September 12, 2019 1 minute ago, mr_absinthe said: That would be certainly good feature to have, also if those banned IPs are listed below each other, such as: 123.12.12.11 123.11.11.13 etc. so we can search them unlike it is done on the maintenance settings. On my two servers, I noticed "Some features in Security Pro might not work on your setup, because your .htaccess file is not used! (Apache)" however on both the .htaccess is present in root. Are you on a Apache, nginx or litespeed? Share this post Link to post Share on other sites More sharing options...
mr_absinthe Posted September 12, 2019 Posted September 12, 2019 (edited) first one: Server information Linux #1 SMP Tue May 14 21:24:32 UTC 2019 x86_64 Server software version: Apache, PHP version: 7.2.22 second one: Apache, CGI with Apache Worker or another webserver, PHP version: 7.2.22 Both running PrestaShop version: 1.7.6.1 Edited September 12, 2019 by mr_absinthe (see edit history) Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted September 12, 2019 Posted September 12, 2019 4 minutes ago, mr_absinthe said: first one: Server information Linux #1 SMP Tue May 14 21:24:32 UTC 2019 x86_64 Server software version: Apache, PHP version: 7.2.22 second one: Apache, CGI with Apache Worker or another webserver, PHP version: 7.2.22 Both running PrestaShop version: 1.7.6.1 Can you try to clear your cache and check if that message is still displayed? Share this post Link to post Share on other sites More sharing options...
mr_absinthe Posted September 12, 2019 Posted September 12, 2019 Cache cleared browser + ps and it is still the same on both. Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted September 12, 2019 Posted September 12, 2019 1 minute ago, mr_absinthe said: Cache cleared browser + ps and it is still the same on both. Okay, I will make some additional checks. I release a new version soon Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted September 12, 2019 Posted September 12, 2019 37 minutes ago, larrson said: sorry to disturb you. same problem as linoolmostudio The installation went fine, fatal error in configuration. PrestaShop version: 1.7.2.4 security lite: 2.00 best regards It might be, that your htaccess file is not writeable. Can you please check? Share this post Link to post Share on other sites More sharing options...
larrson Posted September 12, 2019 Posted September 12, 2019 8 hours ago, MathiasReker said: It might be, that your htaccess file is not writeable. Can you please check? Unfortunately, it's still doesn't work. I tried everything. 0655, 0755, and even 0777. best regards Share this post Link to post Share on other sites More sharing options...
mr_absinthe Posted September 20, 2019 Posted September 20, 2019 Just to let you know, if I enable Debug mode and run on PS v 1.7.5.1 and security lite: 2.00 I receive this error popup: Warning on line 159 in file /home/xsxsxsxsxs/public_html/modules/securitylite/securitylite.php [2] chmod(): Operation not permitted Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted September 20, 2019 Posted September 20, 2019 2 hours ago, mr_absinthe said: Just to let you know, if I enable Debug mode and run on PS v 1.7.5.1 and security lite: 2.00 I receive this error popup: Warning on line 159 in file /home/xsxsxsxsxs/public_html/modules/securitylite/securitylite.php [2] chmod(): Operation not permitted You get this error because you do not have permission to use chmod(). Ask your hosting administrator to grant you that permission. Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted September 20, 2019 Posted September 20, 2019 On 9/12/2019 at 10:05 PM, larrson said: Unfortunately, it's still doesn't work. I tried everything. 0655, 0755, and even 0777. best regards Please send me a screenshot of the error. Share this post Link to post Share on other sites More sharing options...
mr_absinthe Posted September 20, 2019 Posted September 20, 2019 As a test, I have manually changed permissions an a directory to 777 using FileZilla. With debug disabled, I run the fix using your module, permissions are changed back to 755 and success message "Permissions updated!" is received. Do you still think that I do not have permission to use chmod()? Share this post Link to post Share on other sites More sharing options...
Giovanni - HexaNet Posted December 2, 2019 Posted December 2, 2019 Well it doesnt work Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted December 3, 2019 Posted December 3, 2019 14 hours ago, Giovanni - HexaNet said: Well it doesnt work please let me know what does not work, and I will apply a fix. Share this post Link to post Share on other sites More sharing options...
fitgura Posted December 4, 2019 Posted December 4, 2019 where to buy the pro version? can you provide a link please?? Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted December 4, 2019 Posted December 4, 2019 16 minutes ago, fitgura said: where to buy the pro version? can you provide a link please?? You can buy Pro version here: https://addons.prestashop.com/en/website-security-access/44413-security-pro.html Share this post Link to post Share on other sites More sharing options...
mr_absinthe Posted December 4, 2019 Posted December 4, 2019 (edited) Hi, did you manage to have a look at the issue mentioned above: "On my two servers, I noticed "Some features in Security Pro might not work on your setup, because your .htaccess file is not used! (Apache)" however on both servers the .htaccess is present in root." ? Edited December 4, 2019 by mr_absinthe (see edit history) Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted December 4, 2019 Posted December 4, 2019 2 minutes ago, mr_absinthe said: Hi, did you manage to have a look at the issue mentioned above: "On my two servers, I noticed "Some features in Security Pro might not work on your setup, because your .htaccess file is not used! (Apache)" however on both servers the .htaccess is present in root." ? It is solved in the pro version. I will fix it it lite version in this week. Thank you. Share this post Link to post Share on other sites More sharing options...
spacestar Posted December 4, 2019 Posted December 4, 2019 Hi Mathias, I'm testing to Free module but the file permissions doesn't solve my problem. Sorry the text is in Dutch but you can understand it I think. :>) Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted December 5, 2019 Posted December 5, 2019 21 hours ago, spacestar said: Hi Mathias, I'm testing to Free module but the file permissions doesn't solve my problem. Sorry the text is in Dutch but you can understand it I think. :>) Can you show me a screenshot where you see this message? Share this post Link to post Share on other sites More sharing options...
spacestar Posted December 5, 2019 Posted December 5, 2019 This is/was😁 the screenshot. Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted December 5, 2019 Posted December 5, 2019 Just now, spacestar said: This is/was😁 the screenshot. Please show a full shreenshot with all content on the page. You can send me a private message. Share this post Link to post Share on other sites More sharing options...
spacestar Posted December 5, 2019 Posted December 5, 2019 I can't find the PM, so I hope this is OK Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted December 19, 2019 Posted December 19, 2019 New version. All reported bugs fixed. Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted January 8, 2020 Posted January 8, 2020 You should all consider to download my new module, that fix the critical security issue reported by Prestashop today. Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted May 12, 2020 Posted May 12, 2020 On 5/5/2019 at 12:05 PM, Soyons Solidaire said: zapalm Your module error [PrestaShop] Fatal error in module file :/home/.../../classes/module/Module.php(1361) : eval()'d code:syntax error, unexpected 'zapalm' (T_STRING), expecting \\ (T_NS_SEPARATOR) PS 1.6.1.23 The module is now compatible with 1.6.1.x + Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted May 12, 2020 Posted May 12, 2020 (edited) On 9/4/2019 at 2:50 PM, mr_absinthe said: Hi, does your module support range IP block? If so, do I use 192.168.0.* or 192.168.0.1/24? Also, are blocked IPs listed in searchable table? The module does now support IP ranges. 🙂 Both formats are supported. Edited May 12, 2020 by MathiasReker (see edit history) Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted July 27, 2020 Posted July 27, 2020 Demo of the module: https://addons.prestashop.com/demo/BO34450.html Username: [email protected] Password: demodemo Share this post Link to post Share on other sites More sharing options...
num47 Posted February 10, 2021 Posted February 10, 2021 Does your module add a reCaptcha in newsletter subscription section? If not, you can consider adding the option. Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted April 1, 2021 Posted April 1, 2021 On 2/10/2021 at 6:53 PM, num47 said: Does your module add a reCaptcha in newsletter subscription section? If not, you can consider adding the option. Hello No, it does not. The pro version can however remove most bots from the firewall. 🙂 The Pro version is available here: https://addons.prestashop.com/en/website-security-access/44413-security-pro-all-in-one.html Share this post Link to post Share on other sites More sharing options...
REGE Posted April 1, 2021 Posted April 1, 2021 Hello, Would it be possible to integrate the module with AbuseIPDB in the near future? Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted April 2, 2021 Posted April 2, 2021 I just checked AbuselPDB and pretty much everyone feature is already included in Security Pro. 🙂 Share this post Link to post Share on other sites More sharing options...
ecommX Posted April 2, 2021 Posted April 2, 2021 This looks like an interesting module, but I'm not so sure about it's functionality. The reCaptcha v2 doesn't work in the free version in PS 1.7.7.2 I enabled it and added the keys but there's no visible Captcha box on the Contact Us page, Account creation page or the Login page. Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted April 2, 2021 Posted April 2, 2021 (edited) Hello reCaptcha v2 is used by the firewall of the module. reCaptcha v3 is used on registration page and contact us page. Demo of v3 here: https://reker.dk/demo/en/login To trick the firewall, try to press F5 until you get blocked then you will see the use of v2. 🙂 Edited April 2, 2021 by MathiasReker (see edit history) Share this post Link to post Share on other sites More sharing options...
num47 Posted April 2, 2021 Posted April 2, 2021 On 4/1/2021 at 5:30 PM, MathiasReker said: Hello No, it does not. The pro version can however remove most bots from the firewall. 🙂 The Pro version is available here: https://addons.prestashop.com/en/website-security-access/44413-security-pro-all-in-one.html This is not only about bots, brother. If your newsletter field is open without any security measure then hacker DDOS attacker can disrupt your system by submitting random email address there. Two ways it's gonna hamper your system. One - If you enabled email to confirm the subscription then it's gonna keep sending emails to those random emails and consuming your email per day or hour quota and gonna keep your email system busy. And, second, it's gonna make your database enormously big and eventually crack your system. So, reCaptcha Check it kinda necessary in most of the field where users has a chance to exploit it. Like, if the quantity of a product if out of stock then Prestashop gives an option to the visitor to submit their email to know when the product is available again. This is also potentially exploitable. Share this post Link to post Share on other sites More sharing options...
REGE Posted April 4, 2021 Posted April 4, 2021 On 4/2/2021 at 2:36 PM, MathiasReker said: I just checked AbuselPDB and pretty much everyone feature is already included in Security Pro. 🙂 Thanks for the clarification 😀 Share this post Link to post Share on other sites More sharing options...
REGE Posted April 6, 2021 Posted April 6, 2021 I am testing the module all the time and I have a few comments: The Hide server information option does not work for me. The server still returns the Server, Powered-By headers. The Force secure connection with HSTS option should only be available for HTTPS protocol. When I check my domain on hstspreload.org I get a warning: Quote Warning: Unnecessary HSTS header over HTTP The HTTP page at ************** sends an HSTS header. This has no effect over HTTP, and should be removed. All the best 🙂 Share this post Link to post Share on other sites More sharing options...
RabbitZzZ Posted April 7, 2021 Posted April 7, 2021 Hi, I get this error on installation / configuration: [PrestaShop] Fatal error in module file :/.../modules/securitylite/securitylite.php: Uncaught Error: Call to undefined method SecurityLite::displayInformation() in /.../modules/securitylite/securitylite.php:624 Stack trace: #0 /.../controllers/admin/AdminModulesController.php(868): SecurityLite->getContent() #1 /.../controllers/admin/AdminModulesController.php(1117): AdminModulesControllerCore->postProcessCallback() #2 /.../classes/controller/Controller.php(178): AdminModulesControllerCore->postProcess() #3 /.../override/classes/Dispatcher.php(277): ControllerCore->run() #4 /.../override/classes/Dispatcher.php(45): Dispatcher->dispatch_16() #5 /.../admin/index.php(58): Dispatcher->dispatch() #6 {main} thrown Or with disabled overrides: [PrestaShop] Fatal error in module file :/.../modules/securitylite/securitylite.php: Uncaught Error: Call to undefined method SecurityLite::displayInformation() in /.../modules/securitylite/securitylite.php:624 Stack trace: #0 /.../controllers/admin/AdminModulesController.php(868): SecurityLite->getContent() #1 /.../controllers/admin/AdminModulesController.php(1117): AdminModulesControllerCore->postProcessCallback() #2 /.../classes/controller/Controller.php(178): AdminModulesControllerCore->postProcess() #3 /.../classes/Dispatcher.php(367): ControllerCore->run() #4 /.../admin/index.php(58): DispatcherCore->dispatch() #5 {main} thrown PS 1.6.1.24 PHP 7.2.34 Share this post Link to post Share on other sites More sharing options...
REGE Posted April 7, 2021 Posted April 7, 2021 I found a solution to Unnecessary HSTS header over HTTP warning problem. To fix it you need to change the code in line 12874 in the file securitypro.php from: if (true === (bool) Configuration::get('PRO_STRICT_TRANSPORT_SECURITY')) { to: if (true === (bool) Configuration::get('PRO_STRICT_TRANSPORT_SECURITY') && ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') || (isset($_SERVER['REQUEST_SCHEME']) && $_SERVER['REQUEST_SCHEME'] === 'https') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')) ) { ...but i am still looking for a solution to Hide server information. Share this post Link to post Share on other sites More sharing options...
MathiasReker Posted April 13, 2021 Posted April 13, 2021 On 4/7/2021 at 6:55 PM, REGE said: I found a solution to Unnecessary HSTS header over HTTP warning problem. To fix it you need to change the code in line 12874 in the file securitypro.php from: if (true === (bool) Configuration::get('PRO_STRICT_TRANSPORT_SECURITY')) { to: if (true === (bool) Configuration::get('PRO_STRICT_TRANSPORT_SECURITY') && ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') || (isset($_SERVER['REQUEST_SCHEME']) && $_SERVER['REQUEST_SCHEME'] === 'https') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')) ) { ...but i am still looking for a solution to Hide server information. This is not the right way to solve the problem. You must solve serve your content over a secure connection instead. Share this post Link to post Share on other sites
Recommended Posts