fmoreira86

Hello Krystian, Thank you for your response. I would like to highlight a simple logical point, not a theory. You state that no code vulnerability was identified. I accept that. If the root cause is not in PrestaShop's code, and not in third-party modules, then by elimination the common denominator has to be leaked credentials. There is no other explanation for how attackers gained authenticated access to multiple independent stores.. The question then becomes simple: where did those credentials leak from? I am not speculating. I am reading PrestaShop's own official security alert, which states: "Change the passwords for your various accesses (back office, database, FTP, SSH, and don't forget to update the database access in the PrestaShop config file)." This recommendation comes from PrestaShop itself, not from this thread. And it only makes sense in the context of a credential compromise. If the attack vector were a code vulnerability, rotating FTP and SSH passwords would be irrelevant advice. I am not accusing. I am following the logic that PrestaShop's own official communication leads to. If the leak did not originate from PrestaShop's systems, please help the community understand what the common vector was. That is the only information merchants actually need right now.

If it turns out that this wave of compromised stores was caused by leaked credentials from the PrestaShop Marketplace, then the lack of clear communication is deeply concerning. Not stating this explicitly only creates confusion and speculation within the community. When security incidents happen, transparency is essential, otherwise, uncertainty is simply pushed onto merchants and partners.

In my opinion, Prestashop, sending this kind of alert without any additional context doesn’t make much sense. Information like the investigation status, when the next update will be released and the known attack vectors is essential for users to act effectively. An alert without these details can cause confusion and doesn’t allow users to address the root cause, especially when the origin could be a module, stolen credentials, or another part of the ecosystem.

Raising this alert is not bad at all, but it is incomplete. First, if there is no clue about the origin of the vulnerability, only a forensic analysis of an infected environment could help conclude what led to the compromise. If PrestaShop has a network of partners, it is time for them to actually work together and share information properly. A situation like this is not a joke. It is not simply a matter of changing the malicious lines of code and moving on. Real information should be provided to users. What is being done? When will the next update about this issue be released? Etc.

C’est la question à un million de dollars. Toutefois, je soupçonne qu’un ensemble de boutiques a dû être compromis et que ni PrestaShop ni les partenaires qui les assistent ne savent exactement où se situe la vulnérabilité. Mais oui… je suis d’accord avec toi. Corriger deux lignes de code malveillant ne sert à rien si l’on ignore simplement comment ces lignes sont arrivées là.

I hope so...

You've to read it compeletly / watch the video... (... )even though this version after the release of 8.1, is not really maintained anymore when it comes to bug fixes, SECURITY FIXES and so on" This was the first red flag... The second: "if you want to make sure that you are receiving all the security fixes (...), make sure to upgrade to Prestashop 8.1"

I use maria db (with caching enabled)

Hi all! I just watched this video: I'm still on 1.7.8.x branch and I'll quote some sentences from this video: - " as part of the extended securitysupport period we released 1.7.8.10 (...) we decided to also release the security for this version as well, even though this version after the release of 8.1, is not really maintained anymore when it comes to bug fixes, SECURITY FIXES and so on" - "if you want to make sure that you are receiving all the security fixes (...), make sure to upgrade to Prestashop 8.1" My feeling about this video (and this is maybe the speaker is not native english speaker (?)) is that prestashop is slowly forgetting the guidelines that they wrote some time ago: " this means that patch releases of PrestaShop 1.7.8 will only be published if critical bugs are reported or if security fixes are needed.", "This maintenance period will end when PrestaShop 9.0.0 is released. When this day comes, PrestaShop 1.7 will not be maintained anymore." Source: https://build.prestashop-project.org/news/2023/178-in-extended-support-phase/ A security fix should ALWAYS be read as something important, so I don't understand this "favor" that the development team did to us... if there's a commitment to provide SEVERE bug fixes and SECURITY bug fixes, this should be honored. Any software project (paid or "free") should stick to the plan having a straight and clear communication. Am I the only one who got confused? Any thoughts?

Based on the module description: So, if we don't use any of these, it's probably safe to truncate I would say...

Thank you! So it's perfectly safe to truncate from times to times right with the store in maintenance mode, right?

Thanks for your reply! What's the goal of this table?

Based on PS official demo: Database information MySQL version: 10.5.19-MariaDB-0+deb11u2

I have the same question... Can someone please explain if it's ok to truncate this table from times to times?

Thanks for your reply! There's not a great amount of "reds". There's also some recommendations. What would you suggest based on the config I shared?