PrestaShop Caught in Spam Exploit: Fake Account Creation, Comments, Content Stealing – Fixed
PrestaShop, needless to say, is one of the big names in the e-commerce industry. This free open-source CMS is currently being used by 250,000 online stores worldwide and is maintained and regulated by an efficient team of more than a hundred members, says Wikipedia. However, we still cannot vouch for its immunity to cyber attacks. After being affected by spam last year, Prestashop is again hit in the same place. If you are running a website on PrestaShop then there is a reason for you to worry. According to PrestaShop, it is under massive spam exploit. Further, in this article, we will discuss PrestaShop Spam in detail and the ways you can protect yourself.
What has happened so far in the PrestaShop Spam?
PrestaShop confessed of this through an article which was published on its website only a day ago. It talked about exactly how the spammers are abusing its account creation forms. Which, in turn, resulted in strings of illegitimate emails sent to its users. You can read the whole article here.
So, the case is, the account creation forms at the front-offices of stores are exploited by inserting malicious URL(s) as the first name and/or the last name. Further, it warned that the exploit is not limited to some specific versions, instead, it might affect other versions too, if it hasn’t yet.
The primary aim of the spammers might either be to send the users to his spammy/advertising pages or this exploit could be used for phishing.
Update to the newest versions
After PrestaShop had provided the users with an immediate solution for this exploit. And we also pressed you for performing the below-mentioned quick fixes without delay.
- Getting rid of the spam accounts from your mailing lists
- Going to the Customers page of your back office and selecting all these accounts
- Clicking on delete and checking the option “I want my customers to be able to register again with the same email address. All data will be removed from the database.”
In addition to the above, PrestaShop had also promised of launching new versions for the affected ones. And, it looks like PrestaShop sincerely cares about its customers as it has made the versions 126.96.36.199 in place of 1.7 and 188.8.131.52 in place of 1.6 live for installation in a nick of time. However, the only problem users might face is that apart from URLs & URL like texts, it also restricts inputs in which a dot is immediately followed by a letter. For instance, “Rob N.Stark” will be stopped but “Rob N. Stark” will be allowed. Besides this, the new patch is designed to protect you from many such spams.
Go ahead and install them.
Use reCAPTCHA to prevent PrestaShop Spam
Well, we all know the old adage “Precaution is better than cure”. Don’t we? So, to make sure you never have your shop land in this mess again block all the automated attempts by malicious bots and crawlers. And the best way you can block this is by using reCAPTCHA module.
If you find these quick fixes too mind-numbing, drop us a message in the chat widget, and we will be glad to help.
How Astra Stops Fake User Account Creation?
Fake user account creation is generally a bot activity which tries to create several accounts at the same time. Astra’s Firewall detects patterns of these bots and if it detects it to be anomalous to human behavior it promptly blocks such IPs. Most importantly, our firewall keeps on learning and evolving on its own with each hacking attempt.
How Astra Stops Content Scraping?
In Content Scraping, hackers create many fake pages of the original site having similar content, thus affecting your website SEO and page rankings. The best solution to this is a continuous monitoring system which identifies bad bot and their signatures. Astra’s Firewall stops bad actors from stealing and duplicating content from a website.
More about the matter- Look here to know the symptoms of Content Scraping in PrestaShop.
How Astra Stops Bad Bot Attacks?
There are bots and crawlers lurking around in the cyber space. These bots use the hit and trial method to get past the security structure of a website. Installing a firewall will help you greatly to detect and block these automated attempts.
Our Firewall is highly tailored for Prestashop and assures that your website remains protected from all cyber threats like Bad Bots, SQL Injection, XSS, CSRF, LFI, RFI, Content Scraping, Keyword Hack and 100+ security threats and that too in real time. It is highly modular and does everything automatically to safeguard your Prestashop store.