MathiasReker Posted July 24, 2022 Share Posted July 24, 2022 (edited) Major Security Vulnerability on PrestaShop Websites A newly found exploit could allow remote attackers to take control of your shop Read more about it here: https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites/. This module can scan your website for vulnerability and help you get a safe environment. The module is also designed to remove malware from infected websites! Step 1: Download the latest version of the module: https://github.com/MathiasReker/blmvuln/releases/latest (Or direct: blmvuln.zip) Step 2: Install the module on your PrestaShop website. Step 3. Open the module and click on "Run the cleaning process" That's it! The module requires PrestaShop 1.6.1+ and PHP 7.0. Edited September 16, 2022 by MathiasReker (see edit history) 2 6 Link to comment Share on other sites More sharing options...
MathiasReker Posted July 24, 2022 Author Share Posted July 24, 2022 Fixes: CVE-2022-31101 Link to comment Share on other sites More sharing options...
travisdk Posted July 25, 2022 Share Posted July 25, 2022 (edited) Dear Mathias, Any chance you could do a 1.6.x compatible version? - or give me some hints to do this myself? Many thanks anyway for your effort!! Regards Henrik Edited July 25, 2022 by travisdk (see edit history) Link to comment Share on other sites More sharing options...
MathiasReker Posted July 25, 2022 Author Share Posted July 25, 2022 26 minutes ago, travisdk said: Dear Mathias, Any chance you could do a 1.6.x compatible version? - or give me some hints to do this myself? Many thanks anyway for your effort!! Regards Henrik Hello Henrik I have added the feature request to the backlog. Best regards Mathias 1 Link to comment Share on other sites More sharing options...
jeremiezip Posted July 25, 2022 Share Posted July 25, 2022 Hello Mathias, Thank you for your module. I looked at the code of your module and I installed it on several sites: useful! Bye Link to comment Share on other sites More sharing options...
MathiasReker Posted July 25, 2022 Author Share Posted July 25, 2022 2 hours ago, jeremiezip said: Hello Mathias, Thank you for your module. I looked at the code of your module and I installed it on several sites: useful! Bye Thank you for your feedback! 🙂 Link to comment Share on other sites More sharing options...
MathiasReker Posted July 25, 2022 Author Share Posted July 25, 2022 The module is now compatible with PrestaShop 1.6.1+ 1 2 Link to comment Share on other sites More sharing options...
MathiasReker Posted July 25, 2022 Author Share Posted July 25, 2022 6 hours ago, MathiasReker said: Hello Henrik I have added the feature request to the backlog. Best regards Mathias The module is now compatible with PrestaShop 1.6.1+ 🙂 1 Link to comment Share on other sites More sharing options...
travisdk Posted July 25, 2022 Share Posted July 25, 2022 1 hour ago, MathiasReker said: The module is now compatible with PrestaShop 1.6.1+ 🙂 Thanks a lot Mathias, Does this effectively close the security hole or is this still pending further investigation?? Regards Henrik 1 Link to comment Share on other sites More sharing options...
bnadauld Posted July 26, 2022 Share Posted July 26, 2022 (edited) Any idea what's going on? I get this on module install. PS 1.6.1.3 I tried turning off cashe and dropping in the zip to the modules dir and extracting it from my hosting but still same issue. I mod'd this in smarty.config.inc.php: /* Fixes: CVE-2022-31101 if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') { include(_PS_CLASS_DIR_.'/SmartyCacheResourceMysql.php'); $smarty->caching_type = 'mysql'; } */ Will that fix it? Edited July 26, 2022 by bnadauld (see edit history) Link to comment Share on other sites More sharing options...
MathiasReker Posted July 26, 2022 Author Share Posted July 26, 2022 2 hours ago, bnadauld said: Any idea what's going on? I get this on module install. PS 1.6.1.3 I tried turning off cashe and dropping in the zip to the modules dir and extracting it from my hosting but still same issue. I mod'd this in smarty.config.inc.php: /* Fixes: CVE-2022-31101 if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') { include(_PS_CLASS_DIR_.'/SmartyCacheResourceMysql.php'); $smarty->caching_type = 'mysql'; } */ Will that fix it? Hello. I guess you are running PHP 5.6. The minimum PHP version for this module is PHP 7.0 Link to comment Share on other sites More sharing options...
MathiasReker Posted July 26, 2022 Author Share Posted July 26, 2022 12 hours ago, travisdk said: Thanks a lot Mathias, Does this effectively close the security hole or is this still pending further investigation?? Regards Henrik Hello Henrik Yes, this module closes the security hole. Best regards Mathias 1 Link to comment Share on other sites More sharing options...
bnadauld Posted July 26, 2022 Share Posted July 26, 2022 (edited) 1 hour ago, MathiasReker said: Hello. I guess you are running PHP 5.6. The minimum PHP version for this module is PHP 7.0 I am running 5.6. Damn it. If i remove: if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') { include(_PS_CLASS_DIR_.'/SmartyCacheResourceMysql.php'); $smarty->caching_type = 'mysql'; } Will that stop the hack if i haven't already been hit? Edited July 26, 2022 by bnadauld (see edit history) Link to comment Share on other sites More sharing options...
NSN Posted July 26, 2022 Share Posted July 26, 2022 vor 23 Minuten schrieb bnadauld: I am running 5.6. Damn it. I used PrestaShop 1.6.1.4 and the shop worked smoothly with php 7.0 (without any modification). I don't think that there is a huge difference between 1.6.1.3 and 1.6.1.4 so give php 7.0 a try and you will also benefit from better performance. Link to comment Share on other sites More sharing options...
MathiasReker Posted July 26, 2022 Author Share Posted July 26, 2022 7 hours ago, NSN said: I used PrestaShop 1.6.1.4 and the shop worked smoothly with php 7.0 (without any modification). I don't think that there is a huge difference between 1.6.1.3 and 1.6.1.4 so give php 7.0 a try and you will also benefit from better performance. Thank you for the info Link to comment Share on other sites More sharing options...
MathiasReker Posted July 26, 2022 Author Share Posted July 26, 2022 8 hours ago, bnadauld said: I am running 5.6. Damn it. If i remove: if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') { include(_PS_CLASS_DIR_.'/SmartyCacheResourceMysql.php'); $smarty->caching_type = 'mysql'; } Will that stop the hack if i haven't already been hit? You can do this as a hotfix. It is not a patch. I recommend upgrading to PHP 7.0 anyway. Link to comment Share on other sites More sharing options...
MathiasReker Posted July 26, 2022 Author Share Posted July 26, 2022 New version (2.0.0): https://github.com/MathiasReker/blmvuln 1 Link to comment Share on other sites More sharing options...
travisdk Posted July 26, 2022 Share Posted July 26, 2022 On 7/25/2022 at 11:29 AM, MathiasReker said: Dear Mathias, I get below error when installing v. 2.0.0 (on Presta v 1.6.1.24) Previous version worked bar some false positive on infected files (clean non-public system). Regards Henrik Link to comment Share on other sites More sharing options...
travisdk Posted July 26, 2022 Share Posted July 26, 2022 Dear Mathias, You seem to be using a class (PhpEncryption) which isn't present in an Prestashop 1.6 installation AFAIK!? Could it be fixed? Regards Henrik Link to comment Share on other sites More sharing options...
MathiasReker Posted July 26, 2022 Author Share Posted July 26, 2022 1 hour ago, travisdk said: Dear Mathias, You seem to be using a class (PhpEncryption) which isn't present in an Prestashop 1.6 installation AFAIK!? Could it be fixed? Regards Henrik Hello, I will look into this now. Link to comment Share on other sites More sharing options...
MathiasReker Posted July 26, 2022 Author Share Posted July 26, 2022 (edited) 2 hours ago, travisdk said: Dear Mathias, You seem to be using a class (PhpEncryption) which isn't present in an Prestashop 1.6 installation AFAIK!? Could it be fixed? Regards Henrik I have fixed it. https://github.com/MathiasReker/blmvuln/releases/latest Edited July 26, 2022 by MathiasReker (see edit history) 1 Link to comment Share on other sites More sharing options...
MathiasReker Posted July 26, 2022 Author Share Posted July 26, 2022 2 hours ago, travisdk said: Dear Mathias, You seem to be using a class (PhpEncryption) which isn't present in an Prestashop 1.6 installation AFAIK!? Could it be fixed? Regards Henrik You are right. I overlooked this 😕 What exact version of PrestaShop are you using? Link to comment Share on other sites More sharing options...
MathiasReker Posted July 26, 2022 Author Share Posted July 26, 2022 2 hours ago, travisdk said: Fixed in latest version. Link to comment Share on other sites More sharing options...
travisdk Posted July 26, 2022 Share Posted July 26, 2022 48 minutes ago, MathiasReker said: You are right. I overlooked this 😕 What exact version of PrestaShop are you using? Hi again, 1.6.1.24 (last official version there was) Link to comment Share on other sites More sharing options...
MathiasReker Posted July 26, 2022 Author Share Posted July 26, 2022 4 minutes ago, travisdk said: Hi again, 1.6.1.24 (last official version there was) To revert the bad change, download and replace the file with the original: classes/SmartyCacheResourceMysql.php Download 1.6.1.24 here: https://www.prestashop.com/en/system/files/ps_releases/prestashop_1.6.1.24.zip Link to comment Share on other sites More sharing options...
mr_absinthe Posted July 27, 2022 Share Posted July 27, 2022 Thanks for the module, slightly different approach than the patch suggested by PrestaShop team. I've fixed permissions yesterday and a new warning came up today: The following file/folder permissions is insecure. They will be fixed by running the cleaning process: /home/xxx/public_html/var/cache/prod/smarty/compile/36 /home/xxx/public_html/var/cache/prod/smarty/compile/36/38 /home/xxx/public_html/var/cache/prod/smarty/compile/36/38/e5 /home/xxx/public_html/var/cache/prod/smarty/compile/f3 /home/xxx/public_html/var/cache/prod/smarty/compile/f3/87 /home/xxx/public_html/var/cache/prod/smarty/compile/f3/87/c0 /home/xxx/public_html/var/cache/prod/smarty/compile/6b /home/xxx/public_html/var/cache/prod/smarty/compile/6b/07 etc. etc.... Not sure if that if fixable and if not, perhaps you can skip the check on the /var folder? Link to comment Share on other sites More sharing options...
MathiasReker Posted July 27, 2022 Author Share Posted July 27, 2022 31 minutes ago, mr_absinthe said: Thanks for the module, slightly different approach than the patch suggested by PrestaShop team. I've fixed permissions yesterday and a new warning came up today: The following file/folder permissions is insecure. They will be fixed by running the cleaning process: /home/xxx/public_html/var/cache/prod/smarty/compile/36 /home/xxx/public_html/var/cache/prod/smarty/compile/36/38 /home/xxx/public_html/var/cache/prod/smarty/compile/36/38/e5 /home/xxx/public_html/var/cache/prod/smarty/compile/f3 /home/xxx/public_html/var/cache/prod/smarty/compile/f3/87 /home/xxx/public_html/var/cache/prod/smarty/compile/f3/87/c0 /home/xxx/public_html/var/cache/prod/smarty/compile/6b /home/xxx/public_html/var/cache/prod/smarty/compile/6b/07 etc. etc.... Not sure if that if fixable and if not, perhaps you can skip the check on the /var folder? Hello This is already fixed in the latest version 🙂 1 Link to comment Share on other sites More sharing options...
MathiasReker Posted July 27, 2022 Author Share Posted July 27, 2022 New version: https://github.com/MathiasReker/blmvuln 1 Link to comment Share on other sites More sharing options...
travisdk Posted July 27, 2022 Share Posted July 27, 2022 16 hours ago, MathiasReker said: I have fixed it. https://github.com/MathiasReker/blmvuln/releases/latest Hi Mathias, Is it fair to say your solution has gone from patching the SmartyCacheResourceMysql.php file to disabling the usage of the Smarty/MySQL caching feature altogether? Regards Henrik Link to comment Share on other sites More sharing options...
MathiasReker Posted July 27, 2022 Author Share Posted July 27, 2022 17 minutes ago, travisdk said: Hi Mathias, Is it fair to say your solution has gone from patching the SmartyCacheResourceMysql.php file to disabling the usage of the Smarty/MySQL caching feature altogether? Regards Henrik Hello Yes, patching the file is not a good solution as there are too many differences between the versions. Also, caching on filesystem is faster than caching on mysql for the Smarty cache. 1 Link to comment Share on other sites More sharing options...
bnadauld Posted July 27, 2022 Share Posted July 27, 2022 5 minutes ago, MathiasReker said: Hello Yes, patching the file is not a good solution as there are too many differences between the versions. Also, caching on filesystem is faster than caching on mysql for the Smarty cache. sorry im a bit confused. does the new version of this plugin 'just' disable the sql smarty cashe now? I dont use that feature and its always been turned off. can i still be exploited? Thanks for your help! Link to comment Share on other sites More sharing options...
MathiasReker Posted July 27, 2022 Author Share Posted July 27, 2022 Just now, bnadauld said: sorry im a bit confused. does the new version of this plugin 'just' disable the sql smarty cashe now? I dont use that feature and its always been turned off. can i still be exploited? Thanks for your help! There are more into this than just disable the feature. You must remove some lines of code from the smarty configuration file. The modules does this automatically. The module scans the website for infected files and secure file permissions. Link to comment Share on other sites More sharing options...
bnadauld Posted July 27, 2022 Share Posted July 27, 2022 (edited) I appreciate your great work and understand that the module checks for infection. Personally, im not infected. Is it possible to share the lines of code in the config file that needs to be removed Edited July 27, 2022 by bnadauld (see edit history) Link to comment Share on other sites More sharing options...
MathiasReker Posted July 27, 2022 Author Share Posted July 27, 2022 2 minutes ago, bnadauld said: I appreciate your great work and understand that the module checks for infection. Personally, im not infected. Is it possible to share the lines of code in the config file that needs to be removed Read more about it here: https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites/. 1 Link to comment Share on other sites More sharing options...
Rayna Butler Posted July 27, 2022 Share Posted July 27, 2022 Thanks for your work Mathias, much appreciated. Do you know there will be any patch fix for the blockwishlist module (v1.3.2) in PS 1.6.1.24 or is disabling the only option? cheers Dirk Link to comment Share on other sites More sharing options...
MathiasReker Posted July 27, 2022 Author Share Posted July 27, 2022 5 hours ago, Rayna Butler said: Thanks for your work Mathias, much appreciated. Do you know there will be any patch fix for the blockwishlist module (v1.3.2) in PS 1.6.1.24 or is disabling the only option? cheers Dirk The SQLi vulnerability is only present in the v.2.0.0-2.1.0 of the module. 🙂 Link to comment Share on other sites More sharing options...
Rayna Butler Posted July 27, 2022 Share Posted July 27, 2022 Ahh, that's great. But then "Your website is vulnerable. You must upgrade the following modules manually:blockwishlist" is misleading for the 1.32 module on PS 1.6.1.24 🙂 cheers Dirk Link to comment Share on other sites More sharing options...
MathiasReker Posted July 27, 2022 Author Share Posted July 27, 2022 53 minutes ago, Rayna Butler said: Ahh, that's great. But then "Your website is vulnerable. You must upgrade the following modules manually:blockwishlist" is misleading for the 1.32 module on PS 1.6.1.24 🙂 cheers Dirk Thanks, I will fix this! 1 Link to comment Share on other sites More sharing options...
Pianetasvapo Posted July 28, 2022 Share Posted July 28, 2022 Need response please: Hi i've got the module but today i've received a mail from malware alert: Unfortunately, following a recent backup we detected malware on your site www.pianetasvapo.com on Thursday, July 28, 2022. If you're running a CMS like Wordpress, Joomla or Drupal, you should restore your data prior to the latest backup date when malware was identified so you can have your website running up again. After restoring your data, please update it to the latest version and update everything related to it like themes, plugins, modules, libraries and such. If there are any websites running on the same hosting account, please update them as well. Also, we strongly recommend you change all your passwords for FTP/SFTP and shell access. If you're running a custom system or you would like additional information, please take a look at our Support Center. Below is the malware report we generated: {HEX}php.malware.magento.582 : home/...../public_html/modules/blmvuln/bin/1.7.3.3/ {HEX}php.malware.magento.585 : home/...../public_html/modules/blmvuln/src/resources/config/Config.php Link to comment Share on other sites More sharing options...
MathiasReker Posted July 28, 2022 Author Share Posted July 28, 2022 3 hours ago, Pianetasvapo said: Need response please: Hi i've got the module but today i've received a mail from malware alert: Unfortunately, following a recent backup we detected malware on your site www.pianetasvapo.com on Thursday, July 28, 2022. If you're running a CMS like Wordpress, Joomla or Drupal, you should restore your data prior to the latest backup date when malware was identified so you can have your website running up again. After restoring your data, please update it to the latest version and update everything related to it like themes, plugins, modules, libraries and such. If there are any websites running on the same hosting account, please update them as well. Also, we strongly recommend you change all your passwords for FTP/SFTP and shell access. If you're running a custom system or you would like additional information, please take a look at our Support Center. Below is the malware report we generated: {HEX}php.malware.magento.582 : home/...../public_html/modules/blmvuln/bin/1.7.3.3/ {HEX}php.malware.magento.585 : home/...../public_html/modules/blmvuln/src/resources/config/Config.php Hello @pianetasvapo The reports from codeguard are false positives. `{HEX}php.malware.magento.582 : home/....../public_html/modules/blmvuln/bin/[1.7.3.3/classes/module/Module.php](http://1.7.3.3/classes/module/Module.php) ` This is a original file from PrestaShop 1.7.3.3. If I remove this file from the software package the module will no longer be compatible with PrestaShop 1.7.3.3. `{HEX}php.malware.magento.585 : home/------/public_html/modules/blmvuln/src/resources/config/Config.php` This file includes payloads to find the malware: https://github.com/MathiasReker/blmvuln/blob/develop/src/resources/config/Config.php#L170 If these are removed, the module will no longer be able to find it. You can uninstall the module after running it once, but these warnings cannot be fixed. 1 Link to comment Share on other sites More sharing options...
Pianetasvapo Posted July 28, 2022 Share Posted July 28, 2022 I was sure of it but I wanted confirmation from you. What do you advise me to do? Can codeguard be reported as a false positive? Or trivially can I ignore the report of codeguard? If I unistall the module Could my site be under attack again? Thank you Link to comment Share on other sites More sharing options...
MathiasReker Posted July 28, 2022 Author Share Posted July 28, 2022 2 minutes ago, Pianetasvapo said: I was sure of it but I wanted confirmation from you. What do you advise me to do? Can codeguard be reported as a false positive? Or trivially can I ignore the report of codeguard? If I unistall the module Could my site be under attack again? Thank you Hello Codeguard can report false-positives. The module does not work in real-time. It works when you run the scanner. In general the module does only need to be run once. 🙂 You can uninstall the module and install it again if you would ever need it again 1 Link to comment Share on other sites More sharing options...
babyewok Posted July 28, 2022 Share Posted July 28, 2022 Can you confirm please what this module does? I see that it find and remove infected files, but does it make changes so that the site cannot be attacked again? i.e. of my site has not been affected, will running this module prevent an attack in the future and resolve the security issue? Link to comment Share on other sites More sharing options...
jeremiezip Posted July 28, 2022 Share Posted July 28, 2022 (edited) 2 hours ago, babyewok said: Can you confirm please what this module does? I see that it find and remove infected files, but does it make changes so that the site cannot be attacked again? i.e. of my site has not been affected, will running this module prevent an attack in the future and resolve the security issue? Dont worry. This module works well and everything is fine... The module find and replace infected files. Then he removes in Prestashop the problematic little part of code. Edited July 28, 2022 by jeremiezip (see edit history) 1 Link to comment Share on other sites More sharing options...
Zohaib-fk Posted July 29, 2022 Share Posted July 29, 2022 Hi, Thanks for the module. I see the message config/smarty.confic.inc.php file needs correction, I feel it is part of the website code. I run the cleaning process and it works fine. I was worried the cleaning process would not create a problem because if any file gets deleted then it might create an error like 500 (internal server) on the website. I think once in a month or weeks, I need to run the cleaning process again or the module will block future attacks on the website, please advise. Attached is a screenshot for reference. Link to comment Share on other sites More sharing options...
MathiasReker Posted July 29, 2022 Author Share Posted July 29, 2022 11 hours ago, babyewok said: Can you confirm please what this module does? I see that it find and remove infected files, but does it make changes so that the site cannot be attacked again? i.e. of my site has not been affected, will running this module prevent an attack in the future and resolve the security issue? 1) The files fixes the vulnerability, so you cannot get attacked from this attack. 2) If any infected files are found it will be solved. 3) If any permissions is insecure it will be solved. Link to comment Share on other sites More sharing options...
MathiasReker Posted July 29, 2022 Author Share Posted July 29, 2022 59 minutes ago, Zohaib-fk said: Hi, Thanks for the module. I see the message config/smarty.confic.inc.php file needs correction, I feel it is part of the website code. I run the cleaning process and it works fine. I was worried the cleaning process would not create a problem because if any file gets deleted then it might create an error like 500 (internal server) on the website. I think once in a month or weeks, I need to run the cleaning process again or the module will block future attacks on the website, please advise. Attached is a screenshot for reference. You just have to run the module once and then you can uninstall it 🙂 Link to comment Share on other sites More sharing options...
Zohaib-fk Posted July 29, 2022 Share Posted July 29, 2022 Thanks for answers I think files and folder permissions on the hosting web account are set by module. I will keep it and run it once a month so that any file not part of PrestaShop or related found will be detected and removed. I know one Wordpress plugin that sends an email to the owner or webmaster if any file, is not part of the website or suspicious found or any file or folder has wrong permissions like 777. This email notification makes the process automatic and helpful. If we could have a similar module then it would be good. Link to comment Share on other sites More sharing options...
MathiasReker Posted July 29, 2022 Author Share Posted July 29, 2022 2 hours ago, Zohaib-fk said: Thanks for answers I think files and folder permissions on the hosting web account are set by module. I will keep it and run it once a month so that any file not part of PrestaShop or related found will be detected and removed. I know one Wordpress plugin that sends an email to the owner or webmaster if any file, is not part of the website or suspicious found or any file or folder has wrong permissions like 777. This email notification makes the process automatic and helpful. If we could have a similar module then it would be good. Hello Cool feature, I will note this. But it is out of scope for this module. 🙂 Link to comment Share on other sites More sharing options...
larentia Posted August 2, 2022 Share Posted August 2, 2022 Hello Mathias, I ran your module yesterday, it managed to correct some files but it doesn't do the job for these ones... I ran the module 3 times but it is always the same message. Could you please help me ? thanks Larentia Link to comment Share on other sites More sharing options...
DNK-LUIFER Posted August 2, 2022 Share Posted August 2, 2022 hace 24 minutos, larentia dijo: Hello Mathias, I ran your module yesterday, it managed to correct some files but it doesn't do the job for these ones... I ran the module 3 times but it is always the same message. Could you please help me ? thanks Larentia Try this module to correct file and folder permissions: https://github.com/MathiasReker/filepermissions/releases/tag/1.0.2 Otherwise you would have to correct the permissions manually. Directories with 755 Files with 644 Grettings. Link to comment Share on other sites More sharing options...
MathiasReker Posted August 2, 2022 Author Share Posted August 2, 2022 35 minutes ago, larentia said: Hello Mathias, I ran your module yesterday, it managed to correct some files but it doesn't do the job for these ones... I ran the module 3 times but it is always the same message. Could you please help me ? thanks Larentia Somehow the modules does not have permission to change the files. You can ignore this problem as this is just tpl files. You are all good 🙂 Link to comment Share on other sites More sharing options...
larentia Posted August 2, 2022 Share Posted August 2, 2022 1 hour ago, MathiasReker said: Somehow the modules does not have permission to change the files. You can ignore this problem as this is just tpl files. You are all good 🙂 Thank you very much for your answer... in addition I checked in FTP.... I don't find these files ...strange... Link to comment Share on other sites More sharing options...
rafalecito Posted August 2, 2022 Share Posted August 2, 2022 (edited) Hello Mathias, Thank You for a great job. I have an additional question, is it safe to delete these two files? Thanks Rafal Edited August 2, 2022 by rafalecito (see edit history) Link to comment Share on other sites More sharing options...
MathiasReker Posted August 2, 2022 Author Share Posted August 2, 2022 3 hours ago, rafalecito said: Hello Mathias, Thank You for a great job. I have an additional question, is it safe to delete these two files? Thanks Rafal Yes, it is safe. Link to comment Share on other sites More sharing options...
MathiasReker Posted August 2, 2022 Author Share Posted August 2, 2022 5 hours ago, larentia said: Thank you very much for your answer... in addition I checked in FTP.... I don't find these files ...strange... You must be looking the wrong place 🙂 Link to comment Share on other sites More sharing options...
NSN Posted August 5, 2022 Share Posted August 5, 2022 @MathiasReker After deinstallation and deleting the module, the link on the menu does remain. Not a big issue, but (imho) when the module gets deinstalled the link should be removed too. Link to comment Share on other sites More sharing options...
MathiasReker Posted August 5, 2022 Author Share Posted August 5, 2022 5 hours ago, NSN said: @MathiasReker After deinstallation and deleting the module, the link on the menu does remain. Not a big issue, but (imho) when the module gets deinstalled the link should be removed too. Hello @NSN This is a known issue. There is a workaround. Please read this: https://github.com/MathiasReker/blmvuln/issues/4 This is only a problem in PrestaShop 1.6. In PrestaShop 1.7 it works. I don't rioritize debugging this as there is a workaround, but I have left an open issue for anyone else to solve this. 🙂 1 Link to comment Share on other sites More sharing options...
MathiasReker Posted August 7, 2022 Author Share Posted August 7, 2022 FYI: The module can be uninstalled after use. 🙂 Link to comment Share on other sites More sharing options...
Prestafan1234 Posted September 16, 2022 Share Posted September 16, 2022 Hi Mathias, The link to the module is no longer active, where can I download it for PS 1.6? Link to comment Share on other sites More sharing options...
HaCos Posted September 16, 2022 Share Posted September 16, 2022 The project on github is down? Link to comment Share on other sites More sharing options...
MathiasReker Posted September 16, 2022 Author Share Posted September 16, 2022 11 minutes ago, HaCos said: The project on github is down? My GitHub account has been flagged for unknown reasons. I have contacted GitHub about this. I have attached the latest version of the module to the post. 1 Link to comment Share on other sites More sharing options...
MathiasReker Posted September 16, 2022 Author Share Posted September 16, 2022 4 hours ago, Prestafan1234 said: Hi Mathias, The link to the module is no longer active, where can I download it for PS 1.6? Hello. I have uploaded the newest version here on PrestaShop Forum in the post. I have some problems with my GitHub account atm. 2 Link to comment Share on other sites More sharing options...
juanmlg Posted October 7, 2022 Share Posted October 7, 2022 I am trying to install the module ( 1.6.1.18 PHP 7.1 ) , but I am getting this error: [PrestaShop] Fatal error in module file :/home/******/public_html/******/shop/modules/blmvuln/blmvuln.php: require_once(): Failed opening required '/home/****/public_html/****/shop/modules/blmvuln/vendor/autoload.php' (include_path='/home/****/public_html/********/shop/tools/htmlpurifier/standalone:.:/opt/cpanel/ea-php71/root/usr/share/pear') Link to comment Share on other sites More sharing options...
MathiasReker Posted October 10, 2022 Author Share Posted October 10, 2022 On 10/7/2022 at 4:15 PM, juanmlg said: I am trying to install the module ( 1.6.1.18 PHP 7.1 ) , but I am getting this error: [PrestaShop] Fatal error in module file :/home/******/public_html/******/shop/modules/blmvuln/blmvuln.php: require_once(): Failed opening required '/home/****/public_html/****/shop/modules/blmvuln/vendor/autoload.php' (include_path='/home/****/public_html/********/shop/tools/htmlpurifier/standalone:.:/opt/cpanel/ea-php71/root/usr/share/pear') Can you try to manually upload the module by FTP/SFTP overriding the old files? I guess a file is missing or corrupted. Link to comment Share on other sites More sharing options...
MathiasReker Posted October 10, 2022 Author Share Posted October 10, 2022 The GitHub link is working again: https://github.com/MathiasReker/blmvuln/releases/latest Link to comment Share on other sites More sharing options...
Viitali Posted February 7, 2023 Share Posted February 7, 2023 Hi Mathias. A few files have been fixed for me. Big thanks. Frontend also looks good. But I can't get into the backend anymore. HTTP ERROR 500 Any ideas? PS 1.6.1.15 Link to comment Share on other sites More sharing options...
Viitali Posted February 7, 2023 Share Posted February 7, 2023 vor 1 Stunde schrieb Viitali: Hi Mathias. A few files have been fixed for me. Big thanks. Frontend also looks good. But I can't get into the backend anymore. HTTP ERROR 500 Any ideas? PS 1.6.1.15 Ok, I think I have it. AdminLoginController.php public function viewAccess($disable = false) was replaced by public function viewAccess() but how can I get else acess? IP control? Link to comment Share on other sites More sharing options...
MathiasReker Posted February 7, 2023 Author Share Posted February 7, 2023 1 hour ago, Viitali said: Ok, I think I have it. AdminLoginController.php public function viewAccess($disable = false) was replaced by public function viewAccess() but how can I get else acess? IP control? I don't understand the question Link to comment Share on other sites More sharing options...
Armondz Posted February 7, 2023 Share Posted February 7, 2023 Hey @MathiasReker, thanks for the module. I've installed it got two issues: 1. It shows me the volnurability of the files which I cannot find on FTP. For example - themes/default/img/process-icon-save-and-stay.png while I don't have a degault theme in the themes folder. 2. When I hit the 'run the cleaning process' button - nothing happens. Thanks! Link to comment Share on other sites More sharing options...
Viitali Posted February 8, 2023 Share Posted February 8, 2023 vor 20 Stunden schrieb MathiasReker: I don't understand the question ok, sorry. I will try again. After clearing process, I can not reach the Admin Login page. Only get the message "HTTP ERROR 500". Something else. Today the hack was back. The whole "classes" folder was overwritten. I found changes in ModuleFrontController.php file. But I have not yet compared all files. Have replaced the whole folder from the backup. Is the file not monitored by you? Link to comment Share on other sites More sharing options...
MathiasReker Posted February 8, 2023 Author Share Posted February 8, 2023 Hello Please check your errorlog on the server level. It will log the error500. Link to comment Share on other sites More sharing options...
FOCUS ON GROUP Posted February 13, 2023 Share Posted February 13, 2023 when i upload it i get this mod_fcgid: stderr: PHP Fatal error: require_once(): Failed opening required '/var/www/vhosts/coveri.com.gr/httpdocs/modules/blmvuln/vendor/autoload.php' (include_path='/var/www/vhosts/coveri.com.gr/httpdocs/vendor/pear/pear_exception:/var/www/vhosts/coveri.com.gr/httpdocs/vendor/pear/console_getopt:/var/www/vhosts/coveri.com.gr/httpdocs/vendor/pear/pear-core-minimal/src:/var/www/vhosts/coveri.com.gr/httpdocs/vendor/pear/archive_tar:.:/opt/plesk/php/7.2/share/pear') in /var/www/vhosts/coveri.com.gr/httpdocs/modules/blmvuln/blmvuln.php on line 50, referer: https://coveri.com.gr/****** Link to comment Share on other sites More sharing options...
MathiasReker Posted February 15, 2023 Author Share Posted February 15, 2023 On 2/13/2023 at 1:05 PM, FOCUS ON GROUP said: when i upload it i get this mod_fcgid: stderr: PHP Fatal error: require_once(): Failed opening required '/var/www/vhosts/coveri.com.gr/httpdocs/modules/blmvuln/vendor/autoload.php' (include_path='/var/www/vhosts/coveri.com.gr/httpdocs/vendor/pear/pear_exception:/var/www/vhosts/coveri.com.gr/httpdocs/vendor/pear/console_getopt:/var/www/vhosts/coveri.com.gr/httpdocs/vendor/pear/pear-core-minimal/src:/var/www/vhosts/coveri.com.gr/httpdocs/vendor/pear/archive_tar:.:/opt/plesk/php/7.2/share/pear') in /var/www/vhosts/coveri.com.gr/httpdocs/modules/blmvuln/blmvuln.php on line 50, referer: https://coveri.com.gr/****** I cannot reproduce the error. Link to comment Share on other sites More sharing options...
tivicrdotcom Posted March 8, 2023 Share Posted March 8, 2023 Looks awesome, impossible to have it run with PS 1.6.24 and php 5.6? I know, I know, I should be using 1.7 but we have so many custom modules that it would take tons of money to have the developers upgrade them too. Same question also to file permission module. Thanks in advance! Link to comment Share on other sites More sharing options...
mr_absinthe Posted March 8, 2023 Share Posted March 8, 2023 My hosting company wouldn't even allow me to run PHP 5.6 so you should maybe think about changing your host. I wonder how much would it cost to recover and rebuild your shop after it's been hacked...🤔 PHP 5.6 support ended in December 2018, no security patches for years, I wouldn't sleep if I had my store running on such historic PHP version. I'm sure that you'll not be able to run this module but I might be wrong (sure I'm not 😁). Link to comment Share on other sites More sharing options...
tivicrdotcom Posted March 8, 2023 Share Posted March 8, 2023 We run 18 stores on it and so far so good, we just keep healthy copies of each site in case they get hacked we can be restored in 10 seconds, not the best practice and could be time consuming but it works until we can sit down to upgrade them all. We will be upgrading sometime this year to a dedicated server so there we may upgrade. Funny enough we just have random issues with sites being hosted through its domain www.store.com, the ones that get forwarded to directories inside a domain store.com/shopname, get ignored by hacking bots, no clue why. Link to comment Share on other sites More sharing options...
mr_absinthe Posted March 8, 2023 Share Posted March 8, 2023 Lucky you, I can start my PC in 10 sec but certainly not restore a complete shop and database! Link to comment Share on other sites More sharing options...
tivicrdotcom Posted March 8, 2023 Share Posted March 8, 2023 I agree, is definitely not the best practice, we will upgrade sometime, someday 😅 Link to comment Share on other sites More sharing options...
roland2022 Posted March 20, 2023 Share Posted March 20, 2023 (edited) link for latest version please 😄 Edited March 20, 2023 by roland2022 (see edit history) Link to comment Share on other sites More sharing options...
MathiasReker Posted March 22, 2023 Author Share Posted March 22, 2023 On 3/20/2023 at 1:22 PM, roland2022 said: link for latest version please 😄 Hi. The link is in the description: https://github.com/MathiasReker/blmvuln/releases/latest Link to comment Share on other sites More sharing options...
NoroHadzi Posted June 28, 2023 Share Posted June 28, 2023 Hello, Thank you for module. What i found out, this part of smarty.config.inc.php will slow down loading speed of prestashop a lot: $smarty->caching = false; if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') { include(_PS_CLASS_DIR_.'/SmartyCacheResourceMysql.php'); $smarty->caching_type = 'mysql'; Is this needed to avoid malwares? Thank you Link to comment Share on other sites More sharing options...
Luigi Donato Posted July 13, 2023 Share Posted July 13, 2023 Thank you for this work, is it also compatible with PrestaShop 8? Link to comment Share on other sites More sharing options...
MathiasReker Posted July 14, 2023 Author Share Posted July 14, 2023 On 7/13/2023 at 11:32 AM, Luigi Donato said: Thank you for this work, is it also compatible with PrestaShop 8? No it is not compatible with PrestaShop. PrestaShop 8 does not have the vulnerability. 1 Link to comment Share on other sites More sharing options...
MathiasReker Posted July 14, 2023 Author Share Posted July 14, 2023 On 6/28/2023 at 10:25 AM, NoroHadzi said: Hello, Thank you for module. What i found out, this part of smarty.config.inc.php will slow down loading speed of prestashop a lot: $smarty->caching = false; if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') { include(_PS_CLASS_DIR_.'/SmartyCacheResourceMysql.php'); $smarty->caching_type = 'mysql'; Is this needed to avoid malwares? Thank you Hello Yes, this is the patch. This is a work around to secure your site. Alternative, you can upgrade your PrestaShop to latest version to solve the problem. Link to comment Share on other sites More sharing options...
Issman Posted July 17, 2023 Share Posted July 17, 2023 Thanks for this very useful module @MathiasReker, I have tried to install it but I do get a fatal error. Any idea what it could be? PS 1.7.8.4 PHP 7.4.33 Thanks! Link to comment Share on other sites More sharing options...
lubaa Posted July 21, 2023 Share Posted July 21, 2023 Hello, I have PrestaShop 1.7.6.7 and when I click run the cleaning process nothing will happen. I still see filepermissions are insecure. Any idea? Thanks Link to comment Share on other sites More sharing options...
Prestag0od Posted November 25 Share Posted November 25 On 7/25/2022 at 1:40 AM, MathiasReker said: Major Security Vulnerability on PrestaShop Websites A newly found exploit could allow remote attackers to take control of your shop Read more about it here: https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites/. This module can scan your website for vulnerability and help you get a safe environment. The module is also designed to remove malware from infected websites! Step 1: Download the latest version of the module: https://github.com/MathiasReker/blmvuln/releases/latest (Or direct: blmvuln.zip) Step 2: Install the module on your PrestaShop website. Step 3. Open the module and click on "Run the cleaning process" That's it! The module requires PrestaShop 1.6.1+ and PHP 7.0. Hello! 2.2.1 version still says 2.2.0 in prestashop back order. I check also the code and says 2.2.0 also. So you forgot to change the version or there is some other link where we can download the last version? 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now