Jump to content

herfix? email legit?

etrfl

By etrfl
in Online sales and SEO

 Share

Recommended Posts

etrfl Newbie

etrfl

Posted
Posted

I just recieved an email from [email protected] with this being the general idea of the email:

 

Last night, the PrestaShop’s official website, prestashop.com, was hacked, resulting in the misappropriation of a script intended for transcribing news information in the Back Office of PrestaShop stores.

 

The entire PrestaShop team dedicated ourselves to identifying and fixing this issue as quickly as possible. That fix has been completed.

 

 

Has my shop been infected?

 

This only affects PrestaShop versions 1.4/1.4.1/1.4.2/1.4.3/1.4.4, but not all shops using these versions are necessarily affected

 

If you use one of these versions, please check for any of the following symptoms:

 

A her.php file is at the root of /modules folder

A .php file different from index.php is in the upload and download folders

Your footer.tpl file has been modified

Your tools/smartyv2 folder is missing

 

 

If you fulfill one of these conditions, your shop may have been infected. However, it is easy to fix just by following the instructions listed below.

 

 

What should I do?

 

1.Change your database password (or contact your webhost if you do not know how to do it). Once you have done that, open the settings.inc.php file in your /config folder and replace your old password with the new one. See below:

2.Download the fix published by PrestaShop available on http://addons.prestashop.com/fr/herfix/

3.Upload it to the root folder of your shop with your FTP client (Filezilla, Transmit…)

4.Go to the url http://www.myshop.com/herfix.php

5.The fix is now applied. Please do not forget to delete the herfix.php file previously uploaded at the root of your shop

6.Rename the admin folder

7.Change the password of all admins of your shop

 

 

 

If you need any help or have any additional questions, you can email us at [email protected]. You will receive an answer at the soonest.

 

The whole PrestaShop team wants to deeply thank the community for its help in identifying this issue.

Link to comment
Share on other sites
AKJV Newbie

AKJV

Posted
Posted

The security issue is found in all 1.4.x versions and thus the patch should be applied to all 1.4.x installations.

 

Upgrading to 1.4.4 means that your old prestashop files (with or without the patch) will be overwritten with the original 1.4.4 files. Thus I would advise to reapply the patch afer upgrading. It won't do any harm anyway.

 

Perhaps the Prestashop developers will update the PS 1.4.4 download link from their website with the fix. But if you're not in a rush, you could wait till they release a new version (should be soon I suspect) that will surely include the fix.

Link to comment
Share on other sites
moviemaniac Newbie

moviemaniac

Posted
Posted

ouf,

I received the email and I went through the instructions to fix my local installation.

 

As soon as I finished, i started being paranoid! It's the very first time I follow the instructions contained in an email without verifying the source. Luckily the email was legit :D

 

I do not know if my website had the problem. What I can say is that yesterday I was working on my local installation (I am preparing an upgrade from the old 1.0.5 but I am reworking the old template to make it fully compatible with the latest release) when I accessed the backoffice and I checked the option not to display the flash movie that appears in the main page, then I went to modify the "home page text editor" to add some lines of text, and as soon as I saved the site become inaccessible. Neither front-office nor back-office.

 

Luckily I had my php editor open with footer.tpl in it and as soon as the backoffice got unaccessible, it notified me that the footer.tpl had been changed by an external application and asked me if I wanted to reload. I said yes and I noticed that some javascript code had been added before the end of the file {literal}Some javascript code here{/literal}. I thought that prestashop added it in order not to load the movie and that it might be related with the website inaccessibility, so I deleted the code.

The site was still unaccessible so I I made further investigations and I took a look at the apache server's logs to discover that smarty_v2 was missing, the folder was empty. All the files had got somehow deleted.

 

Today I received the email, no her.php file was in my website's folder, anyhow I recognized two of the symptoms: footer.tpl modified, smarty_v2 folder empty, so I decided to apply the patch.

The fact that I removed the code in the footer.tpl file before accessing the front-office might explain why there was neither her.php file in the modules folder nor any other of the files mentioned in the email.

 

I told you the story just in case the developers can find some clue in it to understand where the problem comes from.

 

One thing I could suggest: in the email change www.myshop.com with something else, since this website really exists :D

 

Bye

Link to comment
Share on other sites
AKJV Newbie

AKJV

Posted
Posted

Thanks for the reply. Just wanting to verify. I am on version 1.4.2.5 if I upgrade later to 1.4.4 will I need to apply this fix then too?

 

I just discovered that the download link for the latest Prestashop version is updated to 1.4.4.1 (which includes the security fix). So if you want to upgrade your shop, just use this new version so you don't have to worry about applying the fix afterwards.

Link to comment
Share on other sites
Carl Favre Newbie

Carl Favre

Posted
Posted

To be 100% clear

 

If you have no previous PrestaShop version installed and you install for the first time the 1.4.4.1 version, there is no need to apply the fix.

 

If you update to 1.4.4.1 and your 1.4.x has been infected, you still need to use the fix first.

Link to comment
Share on other sites
gkontos Newbie

gkontos

Posted
Posted

To be 100% clear

 

If you have no previous PrestaShop version installed and you install for the first time the 1.4.4.1 version, there is no need to apply the fix.

 

If you update to 1.4.4.1 and your 1.4.x has been infected, you still need to use the fix first.

Just a clarification. If the patch has been applied do we still need to upgrade to 1.4.4.1 from 1.4.4.0 ?

 

Thanks

Link to comment
Share on other sites
AKJV Newbie

AKJV

Posted
Posted

Hi,

sorry for the question, but my shops are not showing the described behavior. Have I to apply the provided file? Is it a patch to apply to all Prestashop before 1.4.4.1 or it's only useful to clean the system?

 

Regards,

 

 

Yes, the patch works to fix affected Prestashop sites but also as a measure of prevention. So the advise would be to apply the fix to any PS 1.4 versions (infected or uninfected) before version 1.4.4.1.

 

Probably best to ask any further questions regarding this issue in this topic:

http://www.prestashop.com/forums/topic/126114-please-read-security-procedure/

 

That topic is specifically created for dealing with this issue and thus you'll have a better chance of getting your questions answered quickly.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...