[FREE MODULE] Fix Major Security Vulnerability on PrestaShop Websites

[MathiasReker]

Major Security Vulnerability on PrestaShop Websites

A newly found exploit could allow remote attackers to take control of your shop

Read more about it here: https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites/.

This module can scan your website for vulnerability and help you get a safe environment.

The module is also designed to remove malware from infected websites!

Step 1: Download the latest version of the module: https://github.com/MathiasReker/blmvuln/releases/latest

(Or direct: blmvuln.zip)

Step 2: Install the module on your PrestaShop website.

Step 3. Open the module and click on "Run the cleaning process"

That's it!

The module requires PrestaShop 1.6.1+ and PHP 7.0.

Edited September 16, 2022 by MathiasReker (see edit history)

[MathiasReker]

Fixes: CVE-2022-31101

[travisdk]

Dear Mathias,

Any chance you could do a 1.6.x compatible version? - or give me some hints to do this myself?
Many thanks anyway for your effort!!

Regards

Henrik

Edited July 25, 2022 by travisdk (see edit history)

[MathiasReker]

26 minutes ago, travisdk said:

Dear Mathias,

Any chance you could do a 1.6.x compatible version? - or give me some hints to do this myself?
Many thanks anyway for your effort!!

Regards

Henrik

Hello Henrik

I have added the feature request to the backlog.

Best regards
Mathias

[jeremiezip]

Hello Mathias,
Thank you for your module. 

I looked at the code of your module and I installed it on several sites: useful! 

Bye

[MathiasReker]

2 hours ago, jeremiezip said:

Hello Mathias,
Thank you for your module. 

I looked at the code of your module and I installed it on several sites: useful! 

Bye

Thank you for your feedback! 🙂

[MathiasReker]

The module is now compatible with PrestaShop 1.6.1+

[MathiasReker]

6 hours ago, MathiasReker said:

Hello Henrik

I have added the feature request to the backlog.

Best regards
Mathias

The module is now compatible with PrestaShop 1.6.1+ 🙂

[travisdk]

1 hour ago, MathiasReker said:

The module is now compatible with PrestaShop 1.6.1+ 🙂

Thanks a lot Mathias, 
Does this effectively close the security hole or is this still pending further investigation??
Regards Henrik

[bnadauld]

Any idea what's going on? I get this on module install. PS 1.6.1.3

I tried turning off cashe and dropping in the zip to the modules dir and extracting it from my hosting but still same issue.

I mod'd this in smarty.config.inc.php:

/* Fixes: CVE-2022-31101

if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') {
    include(_PS_CLASS_DIR_.'/SmartyCacheResourceMysql.php');
    $smarty->caching_type = 'mysql';
}
*/

 

Will that fix it?

Edited July 26, 2022 by bnadauld (see edit history)

[MathiasReker]

2 hours ago, bnadauld said:

Any idea what's going on? I get this on module install. PS 1.6.1.3

I tried turning off cashe and dropping in the zip to the modules dir and extracting it from my hosting but still same issue.

I mod'd this in smarty.config.inc.php:

/* Fixes: CVE-2022-31101

if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') {
    include(_PS_CLASS_DIR_.'/SmartyCacheResourceMysql.php');
    $smarty->caching_type = 'mysql';
}
*/

 

Will that fix it?

Hello. I guess you are running PHP 5.6. The minimum PHP version for this module is PHP 7.0

[MathiasReker]

12 hours ago, travisdk said:

Thanks a lot Mathias, 
Does this effectively close the security hole or is this still pending further investigation??
Regards Henrik

Hello Henrik

Yes, this module closes the security hole.

 

Best regards

Mathias

[bnadauld]

1 hour ago, MathiasReker said:

Hello. I guess you are running PHP 5.6. The minimum PHP version for this module is PHP 7.0

I am running 5.6. Damn it.

 

If i remove:

if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') {
    include(_PS_CLASS_DIR_.'/SmartyCacheResourceMysql.php');
    $smarty->caching_type = 'mysql';
}

 

Will that stop the hack if i haven't already been hit?

Edited July 26, 2022 by bnadauld (see edit history)

[NSN]

vor 23 Minuten schrieb bnadauld:

I am running 5.6. Damn it.

I used PrestaShop 1.6.1.4 and the shop worked smoothly with php 7.0 (without any modification). I don't think that there is a huge difference between 1.6.1.3 and 1.6.1.4 so give php 7.0 a try and you will also benefit from better performance.

[MathiasReker]

7 hours ago, NSN said:

I used PrestaShop 1.6.1.4 and the shop worked smoothly with php 7.0 (without any modification). I don't think that there is a huge difference between 1.6.1.3 and 1.6.1.4 so give php 7.0 a try and you will also benefit from better performance.

Thank you for the info

[MathiasReker]

8 hours ago, bnadauld said:

I am running 5.6. Damn it.

 

If i remove:

if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') {
    include(_PS_CLASS_DIR_.'/SmartyCacheResourceMysql.php');
    $smarty->caching_type = 'mysql';
}

 

Will that stop the hack if i haven't already been hit?

You can do this as a hotfix. It is not a patch. I recommend upgrading to PHP 7.0 anyway.

[MathiasReker]

New version (2.0.0): https://github.com/MathiasReker/blmvuln

[travisdk]

On 7/25/2022 at 11:29 AM, MathiasReker said:

Dear Mathias,

I get below error when installing v. 2.0.0 (on Presta v 1.6.1.24)

Previous version worked bar some false positive on infected files (clean non-public system).
Regards

Henrik


 

 

 

 

 

[travisdk]

Dear Mathias,
You seem to be using a class (PhpEncryption) which isn't present in an Prestashop 1.6 installation AFAIK!?
Could it be fixed?
Regards

Henrik
 

[MathiasReker]

1 hour ago, travisdk said:

Dear Mathias,
You seem to be using a class (PhpEncryption) which isn't present in an Prestashop 1.6 installation AFAIK!?
Could it be fixed?
Regards

Henrik
 

Hello, I will look into this now.

[MathiasReker]

2 hours ago, travisdk said:

Dear Mathias,
You seem to be using a class (PhpEncryption) which isn't present in an Prestashop 1.6 installation AFAIK!?
Could it be fixed?
Regards

Henrik
 

I have fixed it. https://github.com/MathiasReker/blmvuln/releases/latest

Edited July 26, 2022 by MathiasReker (see edit history)

[MathiasReker]

2 hours ago, travisdk said:

Dear Mathias,
You seem to be using a class (PhpEncryption) which isn't present in an Prestashop 1.6 installation AFAIK!?
Could it be fixed?
Regards

Henrik
 

You are right. I overlooked this 😕

What exact version of PrestaShop are you using?

[MathiasReker]

2 hours ago, travisdk said:

 

 

 

 

Fixed in latest version.

[travisdk]

48 minutes ago, MathiasReker said:

You are right. I overlooked this 😕

What exact version of PrestaShop are you using?

Hi again, 1.6.1.24 (last official version there was)

[MathiasReker]

4 minutes ago, travisdk said:

Hi again, 1.6.1.24 (last official version there was)

To revert the bad change, download and replace the file with the original:

classes/SmartyCacheResourceMysql.php

Download 1.6.1.24 here: https://www.prestashop.com/en/system/files/ps_releases/prestashop_1.6.1.24.zip

 

[mr_absinthe]

Thanks for the module, slightly different approach than the patch suggested by PrestaShop team. I've fixed permissions yesterday and a new warning came up today:

The following file/folder permissions is insecure. They will be fixed by running the cleaning process:

/home/xxx/public_html/var/cache/prod/smarty/compile/36
/home/xxx/public_html/var/cache/prod/smarty/compile/36/38
/home/xxx/public_html/var/cache/prod/smarty/compile/36/38/e5
/home/xxx/public_html/var/cache/prod/smarty/compile/f3
/home/xxx/public_html/var/cache/prod/smarty/compile/f3/87
/home/xxx/public_html/var/cache/prod/smarty/compile/f3/87/c0
/home/xxx/public_html/var/cache/prod/smarty/compile/6b
/home/xxx/public_html/var/cache/prod/smarty/compile/6b/07
etc.
etc....
Not sure if that if fixable and if not, perhaps you can skip the check on the /var folder?

 

[MathiasReker]

31 minutes ago, mr_absinthe said:

Thanks for the module, slightly different approach than the patch suggested by PrestaShop team. I've fixed permissions yesterday and a new warning came up today:

The following file/folder permissions is insecure. They will be fixed by running the cleaning process:

/home/xxx/public_html/var/cache/prod/smarty/compile/36
/home/xxx/public_html/var/cache/prod/smarty/compile/36/38
/home/xxx/public_html/var/cache/prod/smarty/compile/36/38/e5
/home/xxx/public_html/var/cache/prod/smarty/compile/f3
/home/xxx/public_html/var/cache/prod/smarty/compile/f3/87
/home/xxx/public_html/var/cache/prod/smarty/compile/f3/87/c0
/home/xxx/public_html/var/cache/prod/smarty/compile/6b
/home/xxx/public_html/var/cache/prod/smarty/compile/6b/07
etc.
etc....
Not sure if that if fixable and if not, perhaps you can skip the check on the /var folder?

 

Hello

This is already fixed in the latest version 🙂

[MathiasReker]

New version: https://github.com/MathiasReker/blmvuln

[travisdk]

16 hours ago, MathiasReker said:

I have fixed it. https://github.com/MathiasReker/blmvuln/releases/latest

Hi Mathias, 
Is it fair to say your solution has gone from patching the SmartyCacheResourceMysql.php file to disabling the usage of the Smarty/MySQL caching feature altogether?
Regards

Henrik

[MathiasReker]

17 minutes ago, travisdk said:

Hi Mathias, 
Is it fair to say your solution has gone from patching the SmartyCacheResourceMysql.php file to disabling the usage of the Smarty/MySQL caching feature altogether?
Regards

Henrik

Hello

Yes, patching the file is not a good solution as there are too many differences between the versions.

Also, caching on filesystem is faster than caching on mysql for the Smarty cache.

[bnadauld]

5 minutes ago, MathiasReker said:

Hello

Yes, patching the file is not a good solution as there are too many differences between the versions.

Also, caching on filesystem is faster than caching on mysql for the Smarty cache.

sorry im a bit confused. does the new version of this plugin 'just' disable the sql smarty cashe now? I dont use that feature and its always been turned off. can i still be exploited?

Thanks for your help!

[MathiasReker]

Just now, bnadauld said:

sorry im a bit confused. does the new version of this plugin 'just' disable the sql smarty cashe now? I dont use that feature and its always been turned off. can i still be exploited?

Thanks for your help!

There are more into this than just disable the feature. You must remove some lines of code from the smarty configuration file. The modules does this automatically.

The module scans the website for infected files and secure file permissions.

[bnadauld]

I appreciate your great work and understand that the module checks for infection. Personally, im not infected. Is it possible to share the lines of code in the config file that needs to be removed

Edited July 27, 2022 by bnadauld (see edit history)

[MathiasReker]

2 minutes ago, bnadauld said:

I appreciate your great work and understand that the module checks for infection. Personally, im not infected. Is it possible to share the lines of code in the config file that needs to be removed

Read more about it here: https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites/.

[Rayna Butler]

Thanks for your work Mathias, much appreciated. Do you know there will be any patch fix for the blockwishlist module (v1.3.2) in PS 1.6.1.24 or is disabling the only option?

cheers

Dirk

[MathiasReker]

5 hours ago, Rayna Butler said:

Thanks for your work Mathias, much appreciated. Do you know there will be any patch fix for the blockwishlist module (v1.3.2) in PS 1.6.1.24 or is disabling the only option?

cheers

Dirk

The SQLi vulnerability is only present in the v.2.0.0-2.1.0 of the module. 🙂

[Rayna Butler]

Ahh, that's great. But then "Your website is vulnerable. You must upgrade the following modules manually:blockwishlist" is misleading for the 1.32 module on PS 1.6.1.24 🙂

cheers

Dirk

[MathiasReker]

53 minutes ago, Rayna Butler said:

Ahh, that's great. But then "Your website is vulnerable. You must upgrade the following modules manually:blockwishlist" is misleading for the 1.32 module on PS 1.6.1.24 🙂

cheers

Dirk

Thanks, I will fix this!

[Pianetasvapo]

Need response please:

 

Hi i've got the module but today i've received a mail from malware alert:

Unfortunately, following a recent backup we detected malware on your site www.pianetasvapo.com on Thursday, July 28, 2022.

If you're running a CMS like Wordpress, Joomla or Drupal, you should restore your data prior to the latest backup date when malware was identified so you can have your website running up again. After restoring your data, please update it to the latest version and update everything related to it like themes, plugins, modules, libraries and such. If there are any websites running on the same hosting account, please update them as well.

Also, we strongly recommend you change all your passwords for FTP/SFTP and shell access.

If you're running a custom system or you would like additional information, please take a look at our Support Center.

Below is the malware report we generated:

{HEX}php.malware.magento.582 : home/...../public_html/modules/blmvuln/bin/1.7.3.3/
{HEX}php.malware.magento.585 : home/...../public_html/modules/blmvuln/src/resources/config/Config.php

[MathiasReker]

3 hours ago, Pianetasvapo said:

Need response please:

 

Hi i've got the module but today i've received a mail from malware alert:

Unfortunately, following a recent backup we detected malware on your site www.pianetasvapo.com on Thursday, July 28, 2022.

If you're running a CMS like Wordpress, Joomla or Drupal, you should restore your data prior to the latest backup date when malware was identified so you can have your website running up again. After restoring your data, please update it to the latest version and update everything related to it like themes, plugins, modules, libraries and such. If there are any websites running on the same hosting account, please update them as well.

Also, we strongly recommend you change all your passwords for FTP/SFTP and shell access.

If you're running a custom system or you would like additional information, please take a look at our Support Center.

Below is the malware report we generated:

{HEX}php.malware.magento.582 : home/...../public_html/modules/blmvuln/bin/1.7.3.3/
{HEX}php.malware.magento.585 : home/...../public_html/modules/blmvuln/src/resources/config/Config.php

Hello @pianetasvapo

The reports from codeguard are false positives.

`{HEX}php.malware.magento.582 : home/....../public_html/modules/blmvuln/bin/[1.7.3.3/classes/module/Module.php](http://1.7.3.3/classes/module/Module.php)
`
This is a original file from PrestaShop 1.7.3.3. If I remove this file from the software package the module will no longer be compatible with PrestaShop 1.7.3.3.

`{HEX}php.malware.magento.585 : home/------/public_html/modules/blmvuln/src/resources/config/Config.php`
This file includes payloads to find the malware: https://github.com/MathiasReker/blmvuln/blob/develop/src/resources/config/Config.php#L170
If these are removed, the module will no longer be able to find it.

You can uninstall the module after running it once, but these warnings cannot be fixed.

[Pianetasvapo]

I was sure of it but I wanted confirmation from you. What do you advise me to do? Can codeguard be reported as a false positive?

Or trivially can I ignore the report of codeguard? 

 

If I unistall the module Could my site be under attack again?

Thank you

[MathiasReker]

2 minutes ago, Pianetasvapo said:

I was sure of it but I wanted confirmation from you. What do you advise me to do? Can codeguard be reported as a false positive?

Or trivially can I ignore the report of codeguard? 

 

If I unistall the module Could my site be under attack again?

Thank you

Hello

Codeguard can report false-positives.

The module does not work in real-time. It works when you run the scanner. In general the module does only need to be run once. 🙂

You can uninstall the module and install it again if you would ever need it again

 

[babyewok]

Can you confirm please what this module does? I see that it find and remove infected files, but does it make changes so that the site cannot be attacked again? i.e. of my site has not been affected, will running this module prevent an attack in the future and resolve the security issue?

[jeremiezip]

2 hours ago, babyewok said:

Can you confirm please what this module does? I see that it find and remove infected files, but does it make changes so that the site cannot be attacked again? i.e. of my site has not been affected, will running this module prevent an attack in the future and resolve the security issue?

Dont worry. This module works well and everything is fine...

The module find and replace infected files. Then he removes in Prestashop the problematic little part of code.

 

 

Edited July 28, 2022 by jeremiezip (see edit history)

[Zohaib-fk]

Hi,

Thanks for the module.

I see the message config/smarty.confic.inc.php file needs correction, I feel it is part of the website code. I run the cleaning process and it works fine. I was worried the cleaning process would not create a problem because if any file gets deleted then it might create an error like 500 (internal server) on the website.

I think once in a month or weeks, I need to run the cleaning process again or the module will block future attacks on the website, please advise.

Attached is a screenshot for reference.

 

 

[MathiasReker]

11 hours ago, babyewok said:

Can you confirm please what this module does? I see that it find and remove infected files, but does it make changes so that the site cannot be attacked again? i.e. of my site has not been affected, will running this module prevent an attack in the future and resolve the security issue?

1) The files fixes the vulnerability, so you cannot get attacked from this attack.

2) If any infected files are found it will be solved.

3) If any permissions is insecure it will be solved.

[MathiasReker]

59 minutes ago, Zohaib-fk said:

Hi,

Thanks for the module.

I see the message config/smarty.confic.inc.php file needs correction, I feel it is part of the website code. I run the cleaning process and it works fine. I was worried the cleaning process would not create a problem because if any file gets deleted then it might create an error like 500 (internal server) on the website.

I think once in a month or weeks, I need to run the cleaning process again or the module will block future attacks on the website, please advise.

Attached is a screenshot for reference.

 

 

You just have to run the module once and then you can uninstall it 🙂

[Zohaib-fk]

Thanks for answers

I think files and folder permissions on the hosting web account are set by module. I will keep it and run it once a month so that any file not part of PrestaShop or related found will be detected and removed.

I know one Wordpress plugin that sends an email to the owner or webmaster if any file, is not part of the website or suspicious found or any file or folder has wrong permissions like 777. This email notification makes the process automatic and helpful. If we could have a similar module then it would be good.

[MathiasReker]

2 hours ago, Zohaib-fk said:

Thanks for answers

I think files and folder permissions on the hosting web account are set by module. I will keep it and run it once a month so that any file not part of PrestaShop or related found will be detected and removed.

I know one Wordpress plugin that sends an email to the owner or webmaster if any file, is not part of the website or suspicious found or any file or folder has wrong permissions like 777. This email notification makes the process automatic and helpful. If we could have a similar module then it would be good.

Hello

Cool feature, I will note this.

But it is out of scope for this module. 🙂

 

[larentia]

Hello Mathias,

I ran your module yesterday, it managed to correct some files but it doesn't do the job for these ones... I ran the module 3 times but it is always the same message. Could you please help me ?

thanks

Larentia

 

[DNK-LUIFER]

hace 24 minutos, larentia dijo:

Hello Mathias,

I ran your module yesterday, it managed to correct some files but it doesn't do the job for these ones... I ran the module 3 times but it is always the same message. Could you please help me ?

thanks

Larentia

 

Try this module to correct file and folder permissions:

https://github.com/MathiasReker/filepermissions/releases/tag/1.0.2

Otherwise you would have to correct the permissions manually.
Directories with 755
Files with 644

Grettings.

[MathiasReker]

35 minutes ago, larentia said:

Hello Mathias,

I ran your module yesterday, it managed to correct some files but it doesn't do the job for these ones... I ran the module 3 times but it is always the same message. Could you please help me ?

thanks

Larentia

 

Somehow the modules does not have permission to change the files.

You can ignore this problem as this is just tpl files.

You are all good 🙂

[larentia]

1 hour ago, MathiasReker said:

Somehow the modules does not have permission to change the files.

You can ignore this problem as this is just tpl files.

You are all good 🙂

Thank you very much for your answer... in addition I checked in FTP.... I don't find these files ...strange...

[rafalecito]

Hello Mathias,

Thank You for a great job. I have an additional question, is it safe to delete these two files?

Thanks

Rafal

Edited August 2, 2022 by rafalecito (see edit history)

[MathiasReker]

3 hours ago, rafalecito said:

Hello Mathias,

Thank You for a great job. I have an additional question, is it safe to delete these two files?

Thanks

Rafal

Yes, it is safe.

[MathiasReker]

5 hours ago, larentia said:

Thank you very much for your answer... in addition I checked in FTP.... I don't find these files ...strange...

You must be looking the wrong place 🙂

[NSN]

@MathiasReker After deinstallation and deleting the module, the link on the menu does remain. Not a big issue, but (imho) when the module gets deinstalled the link should be removed too.

[MathiasReker]

5 hours ago, NSN said:

@MathiasReker After deinstallation and deleting the module, the link on the menu does remain. Not a big issue, but (imho) when the module gets deinstalled the link should be removed too.

Hello @NSN

This is a known issue. There is a workaround. Please read this: https://github.com/MathiasReker/blmvuln/issues/4

This is only a problem in PrestaShop 1.6. In PrestaShop 1.7 it works. I don't rioritize debugging this as there is a workaround, but I have left an open issue for anyone else to solve this. 🙂

[MathiasReker]

FYI: The module can be uninstalled after use. 🙂

[Prestafan1234]

Hi Mathias,

The link to the module is no longer active, where can I download it for PS 1.6?

[HaCos]

The project on github is down?

[MathiasReker]

11 minutes ago, HaCos said:

The project on github is down?

My GitHub account has been flagged for unknown reasons. I have contacted GitHub about this. I have attached the latest version of the module to the post.

[MathiasReker]

4 hours ago, Prestafan1234 said:

Hi Mathias,

The link to the module is no longer active, where can I download it for PS 1.6?

Hello. I have uploaded the newest version here on PrestaShop Forum in the post. I have some problems with my GitHub account atm.

[juanmlg]

I am trying to install the module ( 1.6.1.18 PHP 7.1 ) , but I am getting this error: 

 

[PrestaShop] Fatal error in module file :/home/******/public_html/******/shop/modules/blmvuln/blmvuln.php:
require_once(): Failed opening required '/home/****/public_html/****/shop/modules/blmvuln/vendor/autoload.php' (include_path='/home/****/public_html/********/shop/tools/htmlpurifier/standalone:.:/opt/cpanel/ea-php71/root/usr/share/pear')

[MathiasReker]

On 10/7/2022 at 4:15 PM, juanmlg said:

I am trying to install the module ( 1.6.1.18 PHP 7.1 ) , but I am getting this error: 

 

[PrestaShop] Fatal error in module file :/home/******/public_html/******/shop/modules/blmvuln/blmvuln.php:
require_once(): Failed opening required '/home/****/public_html/****/shop/modules/blmvuln/vendor/autoload.php' (include_path='/home/****/public_html/********/shop/tools/htmlpurifier/standalone:.:/opt/cpanel/ea-php71/root/usr/share/pear')

Can you try to manually upload the module by FTP/SFTP overriding the old files? I guess a file is missing or corrupted.

[MathiasReker]

The GitHub link is working again: https://github.com/MathiasReker/blmvuln/releases/latest

[Viitali]

Hi Mathias.

A few files have been fixed for me. Big thanks.
Frontend also looks good.
But I can't get into the backend anymore. 
HTTP ERROR 500

Any ideas?

PS 1.6.1.15

[Viitali]

vor 1 Stunde schrieb Viitali:

Hi Mathias.

A few files have been fixed for me. Big thanks.
Frontend also looks good.
But I can't get into the backend anymore. 
HTTP ERROR 500

Any ideas?

PS 1.6.1.15

Ok, I think I have it.

AdminLoginController.php

public function viewAccess($disable = false) 
was replaced by 
public function viewAccess()

but how can I get else acess? IP control?

 

[MathiasReker]

1 hour ago, Viitali said:

Ok, I think I have it.

AdminLoginController.php

public function viewAccess($disable = false) 
was replaced by 
public function viewAccess()

but how can I get else acess? IP control?

 

I don't understand the question

[Armondz]

Hey @MathiasReker, thanks for the module. I've installed it got two issues:

1. It shows me the volnurability of the files which I cannot find on FTP. For example - themes/default/img/process-icon-save-and-stay.png while I don't have a degault theme in the themes folder. 

2. When I hit the 'run the cleaning process' button - nothing happens. 

 

Thanks!

[Viitali]

vor 20 Stunden schrieb MathiasReker:

I don't understand the question

ok, sorry. I will try again. 

After clearing process, I can not reach the Admin Login page. Only get the message "HTTP ERROR 500".

Something else. Today the hack was back. The whole "classes" folder was overwritten. I found changes in ModuleFrontController.php file. But I have not yet compared all files. Have replaced the whole folder from the backup. Is the file not monitored by you?

[MathiasReker]

Hello

Please check your errorlog on the server level. It will log the error500.

[FOCUS ON GROUP]

when i upload it i get this

mod_fcgid: stderr: PHP Fatal error:  require_once(): Failed opening required '/var/www/vhosts/coveri.com.gr/httpdocs/modules/blmvuln/vendor/autoload.php' (include_path='/var/www/vhosts/coveri.com.gr/httpdocs/vendor/pear/pear_exception:/var/www/vhosts/coveri.com.gr/httpdocs/vendor/pear/console_getopt:/var/www/vhosts/coveri.com.gr/httpdocs/vendor/pear/pear-core-minimal/src:/var/www/vhosts/coveri.com.gr/httpdocs/vendor/pear/archive_tar:.:/opt/plesk/php/7.2/share/pear') in /var/www/vhosts/coveri.com.gr/httpdocs/modules/blmvuln/blmvuln.php on line 50, referer: https://coveri.com.gr/******

[MathiasReker]

On 2/13/2023 at 1:05 PM, FOCUS ON GROUP said:

when i upload it i get this

mod_fcgid: stderr: PHP Fatal error:  require_once(): Failed opening required '/var/www/vhosts/coveri.com.gr/httpdocs/modules/blmvuln/vendor/autoload.php' (include_path='/var/www/vhosts/coveri.com.gr/httpdocs/vendor/pear/pear_exception:/var/www/vhosts/coveri.com.gr/httpdocs/vendor/pear/console_getopt:/var/www/vhosts/coveri.com.gr/httpdocs/vendor/pear/pear-core-minimal/src:/var/www/vhosts/coveri.com.gr/httpdocs/vendor/pear/archive_tar:.:/opt/plesk/php/7.2/share/pear') in /var/www/vhosts/coveri.com.gr/httpdocs/modules/blmvuln/blmvuln.php on line 50, referer: https://coveri.com.gr/******

I cannot reproduce the error.

[tivicrdotcom]

Looks awesome, impossible to have it run with PS 1.6.24 and php 5.6? I know, I know, I should be using 1.7 but we have so many custom modules that it would take tons of money to have the developers upgrade them too. Same question also to file permission module. Thanks in advance!

[mr_absinthe]

My hosting company wouldn't even allow me to run PHP 5.6 so you should maybe think about changing your host. I wonder how much would it cost to recover and rebuild your shop after it's been hacked...🤔
PHP 5.6 support ended in December 2018, no security patches for years, I wouldn't sleep if I had my store running on such historic PHP version.
I'm sure that you'll not be able to run this module but I might be wrong (sure I'm not 😁).

[tivicrdotcom]

We run 18 stores on it and so far so good, we just keep healthy copies of each site in case they get hacked we can be restored in 10 seconds, not the best practice and could be time consuming but it works until we can sit down to upgrade them all. We will be upgrading sometime this year to a dedicated server so there we may upgrade.

Funny enough we just have random issues with sites being hosted through its domain www.store.com, the ones that get forwarded to directories inside a domain store.com/shopname, get ignored by hacking bots, no clue why.

[mr_absinthe]

Lucky you, I can start my PC in 10 sec but certainly not restore a complete shop and database!

[tivicrdotcom]

I agree, is definitely not the best practice, we will upgrade sometime, someday 😅

[roland2022]

link for latest version please 😄

Edited March 20, 2023 by roland2022 (see edit history)

[MathiasReker]

On 3/20/2023 at 1:22 PM, roland2022 said:

link for latest version please 😄

Hi. The link is in the description: https://github.com/MathiasReker/blmvuln/releases/latest

[NoroHadzi]

Hello,

 

Thank you for module.

 

What i found out, this part of smarty.config.inc.php will slow down loading speed of prestashop a lot:

$smarty->caching = false;
if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') {
    include(_PS_CLASS_DIR_.'/SmartyCacheResourceMysql.php');
    $smarty->caching_type = 'mysql';

Is this needed to avoid malwares?

 

Thank you

[Luigi Donato]

Thank you for this work, is it also compatible with PrestaShop 8?

[MathiasReker]

On 7/13/2023 at 11:32 AM, Luigi Donato said:

Thank you for this work, is it also compatible with PrestaShop 8?

No it is not compatible with PrestaShop. PrestaShop 8 does not have the vulnerability.

[MathiasReker]

On 6/28/2023 at 10:25 AM, NoroHadzi said:

Hello,

 

Thank you for module.

 

What i found out, this part of smarty.config.inc.php will slow down loading speed of prestashop a lot:

$smarty->caching = false;
if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') {
    include(_PS_CLASS_DIR_.'/SmartyCacheResourceMysql.php');
    $smarty->caching_type = 'mysql';

Is this needed to avoid malwares?

 

Thank you

Hello

Yes, this is the patch. This is a work around to secure your site.

Alternative, you can upgrade your PrestaShop to latest version to solve the problem.

[Issman]

Thanks for this very useful module @MathiasReker,

I have tried to install it but I do get a fatal error.  Any idea what it could be?

• PS 1.7.8.4
• PHP 7.4.33

Thanks!

[lubaa]

Hello,

I have PrestaShop 1.7.6.7 and when I click run the cleaning process nothing will happen. I still see filepermissions are insecure.

Any idea? Thanks