Prestashop index.php Compromised: Symptoms, Causes & Fixes
Index.php is the landing page of your PrestaShop store. Hence, no doubt, this is one of the most visited pages of your website. However, this also implies that index.php is actively targeted by attackers. If the attackers are successful in doing PrestaShop index.php hack in your website, the results can be disastrous. The attackers can use it to serve malware, deface your site or steal credit card info of the customers of your PrestaShop store. According to a report published by riskiq.com,
Pro Tip: The Index.php file of Prestashop can also be used to secure the module files from unauthorized access? Click here to know more!
Symptoms: PrestaShop index.php Hack
Index.php can be injected with malicious code by hackers to accomplish a number of malicious tasks. Detecting the index.php hack in Prestashop is not easy. However, a few symptoms to look out for are:
- Users visiting your Prestashop store are being redirected to malicious sites.
- Defacement of the index.php page.
- Multiple pop-ups or malicious adverts appear on the index.php page.
- The index.php page is asking users to install malware.
- Gibberish content appears on the index.php page or something appears to be broke.
- The index.php page becomes bulky and loads slowly.
Causes: PrestaShop index.php Hack
Vulnerable Upload Module
Upload modules allow users to upload certain files to your Prestashop stores like .txt or .pdf invoices. Beware, this could be a security risk. In order to prevent code execution, most of the modules allow only certain filetypes like .png, .txt, etc to be uploaded. However, poorly coded upload modules can allow .php files to be uploaded to the server leading to code execution. One such example is shown in the image below.
These are the logs of a real hacked site. The logs clearly show that the vulnerable modules first allowed the attackers to upload a malicious x.php file. Thereafter, the permission was set to (0644/-rw-r–r–) to allow code execution leading to a hacked index.php.
Weak or default passwords to services like FTP can open doors of your site to the hackers. Hackers can use these credentials to log into your site and edit the contents of index.php. There may be a few services running on various ports of your server which have hardcoded credentials. You may be unaware of these services but the hackers use special scanners to detect them and inject index.php with malicious code.
Weak File Permissions
PrestaShop allows editing of sensitive files like index.php to specified users only. However, if these file permissions are not set properly, anyone can edit your index.php file. Moreover, if the root directory listing is enabled, the attackers can read sensitive files of your PrestaShop store. The can then use the info obtained from those files to inject index.php with malicious code.
Outdated Modules and Files
PrestaShop releases updates frequently to patch various bugs. Most of the times these bugs are security related which can be checked from the changelog. However, if you fail to you updated your core files and modules, it is an open invitation to attackers. At times while updating, the index.php file may be renamed to index.php.old and left out on the server. The attackers can detect such files and used it to inject malware into index.php.
Remedies: PrestaShop index.php Hack
- Firstly, put your Prestashop site into maintenance mode before repairing index.php.
- Change all the passwords to random and secure ones.
- Look for malicious code inside the index.php file. If you are unable to figure out what the code does, simply comment it out or contact experts.
- Look for base64encoded code inside the index.php file and decrypt it using online tools.
- Remove the malicious code in the index.php file and any other files.
- Set the permissions in Prestashop to 755 for folders and 644 for files 664
- Remove any suspicious or unreputed Prestashop modules, there are plenty of alternatives available.
- Make sure to update to the latest version of Prestashop.
- Finally, take your Prestashop store out of maintenance mode.
Last but not least investing in a continuous & comprehensive security solution can protect your website immensely. There are plenty of solutions in the market. But, only a few of them are trusted, and Astra Website Security is one of them. Astra secures your crucial files like index.php from any kind of malicious activity with its firewall. In addition to that, it leverages continuous monitoring to your website. You can sit back and relax while Astra does everything security for you. Go! Give it a try!