Jump to content

Card hack...


Recommended Posts

Hi there, I am using 1.7.6.1 Prestashop version and at the bottom of order page there is a strange block asking for payment information... while it should not look like that.
Avast even noticed a malware with js/TudkM.js and a customer got robbed bank card information.

I deleted that file and it was solved, but what to do if I don't want that to happen again.
Update Prestashop ? Really ? Scarry...
Any idea is welcomed!

thanks

Link to comment
Share on other sites

Hello
1. nstall pc antivirus
2. change all passwords, website, ftp, hosting
3. save database
4. delete all files from ftp
5. install newest prestashop version
6. install security modules

  • Like 1
Link to comment
Share on other sites

Our FileStasis Attack Surface Monitor(ASM) + Restore for PrestaShop module will 1) build vault of mission critical files 2) monitor and report when file changes/additions/deletions are found, allows you to commit trusted change to vault or restore untrusted change from vault.

The most important part of detecting hack is knowing which files changed, that is the purpose of this module.

https://prestaheroes.com/products/prestavault-malware-trojan-virus-protection?variant=40653346635983

Edited by PrestaHeroes USA (see edit history)
  • Like 1
Link to comment
Share on other sites

On 6/7/2022 at 5:49 PM, El Patron said:

Hi we are just in the process of releasing our paid modules to PS Free Module section.

Our PrestaVault module will monitor and alert you of changes to your PS file system.  Has restore capability and many other features.

 

 

Thanks but the module doesn't protect the website from any attack, right ?
It only shows you system modules changes ?

 

Link to comment
Share on other sites

5 hours ago, PF22 said:

Thanks but the module doesn't protect the website from any attack, right ?
It only shows you system modules changes ?

 

Yes, it protects any files that you have not specifically told it to ignore.  I don't develop half ass solutions.  Also you could have found this out yourself by installing, it's free and well vetted.

Edited by El Patron (see edit history)
Link to comment
Share on other sites

5 hours ago, PF22 said:

Thanks but the module doesn't protect the website from any attack, right ?

An attack is only protected if you monitor your site. SQL Injection is within the biggest thread.

  • Haha 1
Link to comment
Share on other sites

Just now, Nickz said:

An attack is only protected if you monitor your site. SQL Injection is within the biggest thread.

it's not the biggest threat, corrupting code or adding code to do sql injection is root cause.  get with it man

Link to comment
Share on other sites

9 hours ago, El Patron said:

Yes, it protects any files that you have not specifically told it to ignore.  I don't develop half ass solutions.  Also you could have found this out yourself by installing, it's free and well vetted.

thanks for the answer, I prefer to ask before testing because I had some many problems installing new module on Prestashop before...
Last question, no need to have the latest Prestahsop version? I am using 1.7.6.1 and here again some many problem when updating.

Link to comment
Share on other sites

4 hours ago, PF22 said:

thanks for the answer, I prefer to ask before testing because I had some many problems installing new module on Prestashop before...
Last question, no need to have the latest Prestahsop version? I am using 1.7.6.1 and here again some many problem when updating.

The important part you are not doing is having a copy of your production shop to test things before moving to production.   Every PS admin should be doing this.  Go learn to build a copy of your shop there is plenty of information on how to do so.  Then you can admin with confidence.  

  • Thanks 1
Link to comment
Share on other sites

1 hour ago, El Patron said:

The important part you are not doing is having a copy of your production shop to test things before moving to production.   Every PS admin should be doing this.  Go learn to build a copy of your shop there is plenty of information on how to do so.  Then you can admin with confidence.  

Thank for your answer, I don't see the link with my post, but of course I have a copy of my production shop...

Link to comment
Share on other sites

1 hour ago, PF22 said:

Thank for your answer, I don't see the link with my post, but of course I have a copy of my production shop...

then get to it, it's annoying when people ask dev nicky questions to put them on the hook for 'what if', use the test system ask dev then if you have questions, so boring.

I can certainly understand your lack of confidence in modules etc.  that is not because of our works, the best of us gets thrown in with the mediocre.

Link to comment
Share on other sites

  • 3 weeks later...
On 6/16/2022 at 6:36 PM, PF22 said:

Same problem again.
A new js file in my main js folder...

Please did you solve it? We have the same problem, after deleting the hacked files, updating prestashop + changing all passwords and again a week later the same problem + we cannot log in to the admin panel at the same time. Viruses detected on the server /classes/db/Db.php - /classes/Hook.php - /controllers/admin/AdminLoginController.php - /classes/Dispatcher.php - /classes/Hook.php and inserts file /app/Mage. php
But we still don't know where it's rooted so that the same problem doesn't keep coming back to us.
well thank you

  • Like 1
Link to comment
Share on other sites

34 minutes ago, Maxflor said:

Please did you solve it? We have the same problem, after deleting the hacked files, updating prestashop + changing all passwords and again a week later the same problem + we cannot log in to the admin panel at the same time. Viruses detected on the server /classes/db/Db.php - /classes/Hook.php - /controllers/admin/AdminLoginController.php - /classes/Dispatcher.php - /classes/Hook.php and inserts file /app/Mage. php
But we still don't know where it's rooted so that the same problem doesn't keep coming back to us.
well thank you

Unfortunately I did not find any solution so far.
One thing to notice, it seems there is a problem on our VPS, that could be the first problem of the hacked files.
Hope it could help...

Link to comment
Share on other sites

  • 2 weeks later...

There are basically two ways to inject messy and creapy files to a server. One is using a FTP account, and the other is a file uploader other than FTP.

If you have been under attacks, you should check for the source that the file is bening uploaded to your server, if it is a FTP account it is too scary, you should ask your hosting for a guide. If it is not FTP, so there might be some corrupted modules that you have installed which they open a backdoor for the hackers to upload more files. Just like the JS file that you have mentioned. A best practice is to monitor your files, and get alerted if any changes happens which are not from your side. The other thing is, you better keep multiple backups in series. Some times hackers just put a backdoor, wait for a while until all your old backups are replaced with new, corrupted backups, and then do the nasty stuff.

  • Thanks 1
Link to comment
Share on other sites

34 minutes ago, stifler97 said:

There are basically two ways to inject messy and creapy files to a server. One is using a FTP account, and the other is a file uploader other than FTP.

If you have been under attacks, you should check for the source that the file is bening uploaded to your server, if it is a FTP account it is too scary, you should ask your hosting for a guide. If it is not FTP, so there might be some corrupted modules that you have installed which they open a backdoor for the hackers to upload more files. Just like the JS file that you have mentioned. A best practice is to monitor your files, and get alerted if any changes happens which are not from your side. The other thing is, you better keep multiple backups in series. Some times hackers just put a backdoor, wait for a while until all your old backups are replaced with new, corrupted backups, and then do the nasty stuff.

Thanks a lot @stifler97 ! At least a clear answer that explains what is the problem and ideas to find a solution ! Great help !

Link to comment
Share on other sites

On 6/7/2022 at 5:49 PM, El Patron said:

Hi we are just in the process of releasing our paid modules to PS Free Module section.

Our PrestaVault module will monitor and alert you of changes to your PS file system.  Has restore capability and many other features.

 

 

 El Patron, where is your PrestVault Addon to download?

I couldnt find it.

Link to comment
Share on other sites

@El Patron

why has the module just now become chargeable? Yesterday it was free and now - after a massive problem was detected - it can only be purchased. Your module was available for free for years.
I have nothing against good paid modules. But as soon as a massive problem occurs, to make a module chargeable... is a NoGo for me, sorry.

Link to comment
Share on other sites

1 hour ago, Netagent said:

@El Patron

why has the module just now become chargeable? Yesterday it was free and now - after a massive problem was detected - it can only be purchased. Your module was available for free for years.
I have nothing against good paid modules. But as soon as a massive problem occurs, to make a module chargeable... is a NoGo for me, sorry.

Because those that downloaded for free are not very appreciative of the work.  Not one like, thanks, use fake emails only to realize they need link sent to them. Not much satisfaction on my side for to provide free works.  I never developed modules for money but for my own shops and my clients.

No go?  Don't care and you are good example why I won't be offering free works.  

You can guess what I'd really like to tell you.

Link to comment
Share on other sites

As I already wrote: I have nothing against good paid modules. And also there I recognize the performance AND even help with problems. But either I give a module for free or I sell a module directly commercially.  Making a module chargeable only from the time when obviously many need it - while it was just free for years before - is not the fine way.
What you want to tell me, I can already guess...
But that doesn't change my attitude.

Link to comment
Share on other sites

  • 1 year later...
On 6/7/2022 at 10:49 AM, PrestaHeroes USA said:

Our FileStasis Attack Surface Monitor(ASM) + Restore for PrestaShop module will 1) build vault of mission critical files 2) monitor and report when file changes/additions/deletions are found, allows you to commit trusted change to vault or restore untrusted change from vault.

The most important part of detecting hack is knowing which files changed, that is the purpose of this module.

https://prestaheroes.com/products/prestavault-malware-trojan-virus-protection?variant=40653346635983

Just an update to make people aware of our module that will provide notifications of filesystem changes, restore them....but most importantly know what files have been changed.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...