hampersandpampers Posted June 1, 2015 Share Posted June 1, 2015 Hi, I have been on prestshop for a while now and been promoting it many friends and family. However I am a bit concerned. Today the site was attacked and showed an error UDP Flood. The entire site was not accessible and I had to contact my hosting provider who rectified the problem and furthermore told me it was prestashop security which allowed the attack. I lost a few customer orders as they emailed me directly. Can anyone from prestashop security team please provide me with some guidance or any further information. the file has been chmodded to 666 read/write but not execute. Not sure how they detected it was this file but i need to be satisfied this will not happen again. This is what my hosting provider has sent to me below; We have requested assistance from our administrators and they have informed us that your script has been hacked. The attack index which was displayed was served from Prestashop`s cache, or smarty. Apparently the script has been probed for security holes, and once such were found it has been attacked. We have disabled the cached index and now the page is displaying properly, but we suggest that you contact Prestashop security expert to examine the page and provide ways to prevent the page being hit again. Here is some of the information that we managed to discover:Location of hacked index hampersandpampers.co.uk/cache/class_index.php.hacked (renamed to .hacked and chmodded so that it cannot be executed). Suspicious activity collected from our system logs:hampersandpampers.co.uk 184.72.52.29 - - [25/May/2015:17:07:56 +0000] "GET /assets/plugins/jquery-file-upload/server/php/index.php HTTP/1.0" 301 - "-" "-" {103:254,80936}hampersandpampers.co.uk 184.72.52.29 - - [25/May/2015:17:07:56 +0000] "GET /js/lib/jquery-file-upload/server/php/index.php HTTP/1.0" 301 - "-" "-" {95:261,97298}hampersandpampers.co.uk 184.72.52.29 - - [25/May/2015:17:07:57 +0000] "GET /super_admin/assets/plugins/jquery-file-upload/server/php/index.php HTTP/1.0" 301 - "-" "-" {115:266,99865}hampersandpampers.co.uk 184.72.52.29 - - [25/May/2015:17:07:57 +0000] "GET /wp-content/plugins/use-your-drive/includes/jquery-file-upload/server/php/index.php HTTP/1.0" 301 - "-" "-" {131:282,87418}hampersandpampers.co.uk 184.72.52.29 - - [25/May/2015:17:07:58 +0000] "GET /app/webroot/js/jquery-file-upload/server/php/index.php HTTP/1.0" 301 - "-" "-" {103:254,92947} goes on and on.... the ip is the same for every string... points to some thai massage site lol! I only upgraded to 1.6.0.14 about a week or two ago so not sure if that is the problem or whether i should turn ccc off and use the traditional css... need some urgent advice.... thanks in advance guys. Link to comment Share on other sites More sharing options...
Recommended Posts