jjmmortiz Posted August 20, 2017 Share Posted August 20, 2017 I recently I received a malicious email from www.domainwebcentral.org in my back office, in the "customer service" area in Prestashop 1.7.1.2. The message was sent by [email protected] and some how introduced in the internal messaging system in Prestashop 1.7 Customer Service, an area reserved (I thought) only for communication between authorized employees and registered customers. Any help to prevent these messages would be highly appreciated. I attach a copy of the message. Thanks for your help: Disclaimer: We are not responsible for any financial loss, data loss, downgrade in search engine rankings, missed customers, undeliverable email or any other damages that you may suffer upon the expiration of www.dcbestmovers.com. For more information please refer to section 17.c.1a of our User Agreement. This is your final notice to renew www.dcbestmovers.com: https://domainwebcentral.org/?n=www.dcbestmovers.com&r=c In the event that www.dcbestmovers.com expires, we reserve the right to offer your listing to competing businesses in the same niche and region after 3 business days on an auction basis. This is the final communication that we are required to send out regarding the expiration of www.dcbestmovers.com Secure Online Payment: https://domainwebcentral.org/?n=www.dcbestmovers.com&r=c All services will be automatically restored on www.dcbestmovers.com if payment is received in full before expiration. Thank you for your cooperation. Link to comment Share on other sites More sharing options...
selectshop.at Posted August 20, 2017 Share Posted August 20, 2017 Can you please add this to the bugtracker. This bug is available since years on Prestashop. Messaging forms are stolen/abused by third party. See here my report for PS 1.6. versions, and also for PS 1.4. and 1.5. versions this bug was available. http://forge.prestashop.com/browse/PSCSX-9132 Please add there a new report specially for the PS 1.7. version. Thank you. Only on bugtracker the bugs were eliminated in next versions. Developers rarely are reading in here. Link to comment Share on other sites More sharing options...
jjmmortiz Posted August 20, 2017 Author Share Posted August 20, 2017 SelectShop.at I already reported it as you suggested. Here is the link: http://forge.prestashop.com/browse/BOOM-3677 Any suggestion on steps I should take to avoid any security concerns in prestashop 1.7.1.2? Please note this is a fresh, out the box installation, with no customization done to any files, only a module Installation done named Delete Order from MyPresta.eu. Thanks for your help. Link to comment Share on other sites More sharing options...
selectshop.at Posted August 21, 2017 Share Posted August 21, 2017 Prestashop 1.7. is still beta in development, I do not suggest you use in production. If you are not a developer and can recode, than you have still to wait for debugging of Prestashop. If you are seller or mounting a page for third parties than take the latest PS 1.6. Se here also discussion about 1.7.: https://www.prestashop.com/forums/topic/566115-prestashop-17-is-now-available/ and https://www.prestashop.com/forums/topic/480580-want-to-know-more-about-17/page-12 Link to comment Share on other sites More sharing options...
jjmmortiz Posted August 22, 2017 Author Share Posted August 22, 2017 selectshop.at, Are you saying we should install PS 1.7.1.2 only for testing purposes, that is not reliable to go live? Thanks Link to comment Share on other sites More sharing options...
selectshop.at Posted August 22, 2017 Share Posted August 22, 2017 See the discussions I've linked. If your shop is new than you can give a try. If you are already using Prestashop on lower version, than stay with it or upgrade to latest PS 1.6. PS 1.7. is still in development and has many of bugs. Link to comment Share on other sites More sharing options...
jjmmortiz Posted August 22, 2017 Author Share Posted August 22, 2017 selectshop.at, My shop is new, fresh installation, no products have been loaded yet. I am testing it and security is a concern. How can a scam message get into the customer admin area in this version, how to prevent it? I am posting it to let the prestashop community know of the problem. I have 4 other sites in prestshop 1.6, I have never seen a scam message finds its way to the internal messaging system. Thanks for your help. Link to comment Share on other sites More sharing options...
selectshop.at Posted August 22, 2017 Share Posted August 22, 2017 Sorry, in this case I cannot help with code snippet, as I'm not a coder. My world are networks (network security) and servers. In this case you have three options: wait for debug of Prestashop team, use PS 1.6. or find a developer which can help you to improve the problem. Link to comment Share on other sites More sharing options...
jjmmortiz Posted August 22, 2017 Author Share Posted August 22, 2017 selectshop.at, Thank for your fast response. Will a coder know where the security hole/source of the problem is and fix it? Thanks. Link to comment Share on other sites More sharing options...
selectshop.at Posted August 22, 2017 Share Posted August 22, 2017 It should be somebody knowing Prestashop 1.7. in special.... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now