Havouza Posted September 2 Posted September 2 After 7 years we have had our shop hacked. How I have no clue about but it is a fact Looking for suspicious files I find 97271 .htaccess. And many many other. So that shop has to be rebuilt, not an easy task with 1600 products. We have 2 shops on the same server but the other one seems ok Just a warning
30knees Posted September 2 Posted September 2 I hope the recovery goes well and that you have a recent backup. Please share if you find out how this happened.
wakabayashi Posted September 2 Posted September 2 While this is very stressful, I would still first try to find out, where the security hole is. Otherwise they might be around soon again. 1
Havouza Posted September 2 Author Posted September 2 (edited) I have a 12 hour old backup but that is no use, Its also infected. The hack happened 20-08 it seems, that is the date of all the htaccess files. But I think we have found the security hole, its a module called simpleimportproduct from prestaworks. It has not been updated and when I asked the developer he say that our version has security problem. Unfortunately It was to late to update. The best thing now seems to be to delete the shop and start fresh. lesson learnned Edited September 2 by Havouza
Yabber Posted September 2 Posted September 2 There are a lot of modules for prestashop with security vulnerabilities: https://security.friendsofpresta.org/ Before installing any module, you need to check it for security vulnerabilities.
the.rampage.rado Posted September 2 Posted September 2 Sorry to hear that! 😞 https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-simpleimportproduct.md Unfortunately this happens, no system is 100% secure. The remedy is regular updates of core and all modules to the latest versions.
30knees Posted September 2 Posted September 2 6 hours ago, the.rampage.rado said: Sorry to hear that! 😞 https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-simpleimportproduct.md Unfortunately this happens, no system is 100% secure. The remedy is regular updates of core and all modules to the latest versions. It would be great if the shop could automatically check against the security advisories. Would this be possible? 1
the.rampage.rado Posted September 2 Posted September 2 Nearly everything is possible - matter of manpower and money. 😞 1
Havouza Posted September 3 Author Posted September 3 Anyone knowif there is any other modules out there that do the same job. Even the latest version dont feel very safe now
30knees Posted September 3 Posted September 3 2 hours ago, Havouza said: Anyone knowif there is any other modules out there that do the same job. Even the latest version dont feel very safe now Perhaps you could install/uninstall the module as needed?
Havouza Posted September 3 Author Posted September 3 @30knees what do you mean? The module is uninstaled and scrapped from the system. Thats why I ask for a similar one without security flaws. Inporting csv files is not really an alternative
30knees Posted September 3 Posted September 3 I meant using the latest version but uninstalling/installing if there's no alternative and you don't trust the latest version. Maybe you can find something that you need here: https://myprestamodules.com/category/prestashop-modules/
Havouza Posted September 3 Author Posted September 3 22 minutes ago, 30knees said: I meant using the latest version but uninstalling/installing if there's no alternative and you don't trust the latest version. Maybe you can find something that you need here: https://myprestamodules.com/category/prestashop-modules/ Why should I buy the culprit module one more time. Even if it is updated it is still not safe
datakick Posted September 3 Posted September 3 2 minutes ago, Havouza said: Even if it is updated it is still not safe There was a critical security bug in the old version of the module, but it was discovered and fixed. Author of the module cooperated with the security advisory team and released a patch in timely manner. There's no reason to think that the new version is not safe -- the security team most likely tested it to verify the 'fix'. I obviously understand that you don't want to buy it again because of your bad experience with previous version. I'm just saying that there's no reason to think the product is unsafe. I would personally consider it more 'safe' now since it obviously went through a couple of hard breech-tests. Module author released security patch on 2023-11-15. There was some time for you to update to safe version of module, and prevent this whole issue. It's very important to keep the store (both core and modules) updated. 1
Havouza Posted September 3 Author Posted September 3 If you read the advisory board statement they still say there is security issues with it. Then I dont buy the way it is sold. No updates even under the short 3 months support. never again Choose a license: Regular module 99.00 € 3 months of free support module installation included upgrades and future features Advanced License recommend 135.00 € 12 months of free support module installation included upgrades and future features
datakick Posted September 3 Posted September 3 28 minutes ago, Havouza said: If you read the advisory board statement they still say there is security issues with it. Can you point me to the place where it says that? I didn't see it anywhere. I found 4 CVE's related to this module, all 4 has been addressed and fixed already 28 minutes ago, Havouza said: Then I dont buy the way it is sold. No updates even under the short 3 months support. never again Sure, that's fair. Hopefully you will find something that you can use instead.
Havouza Posted September 3 Author Posted September 3 https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-simpleimportproduct.md Note : The author has moved its exposed ajax script which suffers a critical issue, to the front controller under an unpredictable token. It's no longer a critical vulnerability issue, but be warned that it remains a high vulnerability issue with a CVSS 3.1 score 7.2/10
Havouza Posted September 3 Author Posted September 3 Before we bought this one we used one called BA. When update shop to 1.4 the module stoppe working and there was no update for the module. Now there is so we will buy that instead.
datakick Posted September 3 Posted September 3 4 minutes ago, Havouza said: https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-simpleimportproduct.md Note : The author has moved its exposed ajax script which suffers a critical issue, to the front controller under an unpredictable token. It's no longer a critical vulnerability issue, but be warned that it remains a high vulnerability issue with a CVSS 3.1 score 7.2/10 Yes, but since that note was written, the proper fix was released -- see the patch. That note is no longer relevant. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now