PrestaShop admin hack is more common than you think. By hacking into your PrestaShop store’s admin panel, an attacker gains complete control over your PrestaShop Store.
The attacker can extract sensitive information of customers, modify products to show illegal & banned items, manipulate pricing, insert card skimmers, divert payments to their bank accounts, inject malware into visitors’ systems, inject spam, defame your business, and whatnot!
PrestaShop, as you know, is a popular e-commerce solution with over 250000 active online stores, and growing. A typical PrestaShop store has enormous data that is highly desirable by hackers. Moreover, vulnerabilities in PrestaShop add-ons, core, and other store extensions give hackers an easy way to get in.
This makes PrestaShop security a big concern for all PrestaShop users.
With this article, we try to prepare you against a potential Prestashop admin hack. In this blog post, we will answer questions like:
- How to detect if your admin panel is hacked?
- How to prevent attacks on the admin panel?
- What to do in case of a Prestashop admin hack?
- How to secure your store against such hacks?
How to detect a Prestashop admin hack?
Administrative anomalies and an ill-working admin panel could be a sign of the Prestashop admin hack. However, there are other symptoms as well:
- Privilege escalation for lower-level account users.
- You are facing trouble in accessing your website.
- New admin accounts appear overnight.
- Your store is blacklisted by search engines.
- Malicious code injections found in important files.
- Site accessed by multiple unknown IPs.
- Your account is suspended by your hosting provider.
- The website is defaced.
- Customers complain of card abuse.
- You notice modifications in the product tables.
- The database has been tampered with, etc.
See the following PrestaShop admin hack example:
Not able to login to your store backend is a classic example of a PrestaShop admin hack.
How to Remove the Prestashop Admin Hack?
Now, let’s see how you can remove the PrestaShop Admin hack from your website.
1. Take the store offline
Before you do any changes to your website you should take it offline to assess the extent of the damage done. Taking the website offline could save your customers from having a bumpy experience. Turning the maintenance mode on also means no flagging by Google crawlers. We need not mention how getting flagged by Google sharply reduces your SEO rankings. This way you can be freer while making changes without risk.
This is how you can put your website in maintenance mode as the first step to Prestashop admin hack:
- Go to Shop Parameters → General
- Choose Maintenance tab
- Under the maintenance section make the following changes:
(a). Disable website for visitors
(b). Fill in your security agent’s IP in the Maintenance IPs tab. This would allow your security engineers to access your website.
(c). Compose a custom maintenance message that will be visible to your visitors.
- Save changes.
2. Backup all data
Backing up data is a good idea before making any modifications to your website. It involves two things- copying files and backing up databases.
File back up is easy. Connect to your server with an FTP or SSH connection. Copy the files in another location and download them to your computer. You can compress your files before copying. Use the following command in SSH to compress your files.
tar -czf <file_name>.tar <folder_to_save>
To backup Prestashop database, use mysqldump command in Linux terminal.
mysqldump yourdbname > dump.sql
This creates a file dump.sql with database structure and data of the database whose name is yourdbname
More details about backup & recoveries with MySQL binaries can be found in the official documentation.
3. Get expert’s advice
When so much is at stake, as during a Prestashop admin hack, I recommend you to consult experts before making any changes. You could save a lot of precious time and re-establish your store much sooner.
Security experts at Astra are committed to making the e-commerce industry safer for all stakeholders. They provide 24 x 7 support and guidance for Prestashop users and can help you secure your website from any future attacks. For immediate help, get in touch with Prestashop security experts with the help of the chat widget.
4. Run a malware scan
Running a malware scan points out suspicious programs and codes that might have been injected by the hacker. The task of finding and removing malware is of utmost priority. The scan would give us the extent of the infection and detail of the type of malware that has been injected. This would hasten the remediation process.
Prestashop malware scanner should not only detect hidden malware but also hidden backdoors. Most malware scanners use signature matching to find malware. A heuristic approach to malware scanning provides additional security.
Experts at Astra have developed a malware scanner tailored especially for Prestashop websites. One scan would give you a detailed, graphical report of the attack.
Further, the “Login Activity” tab inside the Astra dashboard logs all login attempts. In fact, it blocks all malicious and bot attempts to log into your PrestaShop store.
5. Look for modified files
To carry out the Prestashop admin hack, an attacker might have modified some core files to gain access or create backdoors on your website. You can find these files by looking for file modifications.
To pinpoint changes in core files, you can compare the files with a freshly downloaded Prestashop folder. To compare the content of the two, follow these steps:
- Download the Prestashop version that you are using from PrestaShop.com. Let’s call this directory $BASE.
- Download the core files of your website. Let’s call this directory $YOUR.
- Compare $BASE to $YOUR. This will show you changes in core.
cd $BASE for i in `find . -type f` do diff -q $i $YOUR/$i done
Do the same thing in reverse, to find files that have been added to your installation that are not in $BASE.
cd $YOUR for i in `find . -type f` do diff -q $i $BASE/$i 2>>/tmp/newfiles done
Now the file /tmp/newfiles will show list of additions that were made in your installation.
To find files modified in the last 24 hours use the following command:
find -type f -ctime -0
The type f tells to look for files only not directories. The ctime tells the processor to locate files changed in the last (n+1)*24 hours. Therefore, 0 means within the last 24 hours, 1 means between 24 and 48 hours ago, 2 means between 48 and 72 hours ago, etc. Refer to this document for more details on ctime value.
6. Find common backdoors
Some common backdoor are present in all versions of Prestashop. These are functions that allow better customization of user experience. Unfortunately, these are very frequently exploited by hackers to gain access to your website and carry out the Prestashop admin hack and other hacks alike. Here are some commonly found backdoor in Prestashop:
- grep -ri “eval” [path]
- grep -ri “base64_decode” [path]
- find uploads -name “*.php” -print
7. Clean the Prestashop admin hack
Lastly, take action on the findings from all the above steps. Delete all the infected files and replace them with fresh ones. However, exercise caution! Some files like .htaccess are crucial to the working of the server. So, consult experts before making any changes.
How to prevent the Prestashop admin attack?
Keep your CMs up to date. Vulnerabilities in older versions of Prestashop are public knowledge. Thus, having an older version of CMS is putting your website at unnecessary risk. Furthermore, developers at Prestashop regularly release security patches for recently surfaced vulnerabilities. Therefore, turn on automatic updates on Prestashop.
2. Enable HTTPS
Use a secure connection. Enable and update your SSL certificates. The secure https connection not only improves security but also boosts your SEO rankings. The green lock beside the https:// also builds trust among your customers.
3. Rename admin folder
The PrestaShop back office is the administration area of your store to manage the different aspects of your PrestaShop site. By default, the folder is named admin. Renaming the admin folder can deter hackers from gaining access to the folders by brute force attacks.
- Go to cPanel file manager
- Select admin folder
- Click on rename icon
- Pick a unique name and click on the rename button to save changes.
4. Delete install folder
Install folder is required only during the installation of Prestashop and has no later use. You can delete the install folder (if you haven’t already). Use the following steps:
- Go to cPanel file manager
- Select install folder
- Click on the delete icon
5. Restrict access to Back Office folder
Back Office folder is a default folder. Therefore, the admin URL is public knowledge. This makes it crucial for security. Here are steps to set up basic authentication for the back office folder.
- Create a .htaccess file and .htpasswd file or You can generate both files on PrestaShop htaccess generator:
- Place the two files in the root folder /var/www/prestashop/admin123456
- For additional security, you are recommended to put this file into a directory that is inaccessible to your web applications
6. Block direct access to the template
Third-party modules and templates could act as gateways for fraudsters. Use secure and trust-worthy modules. Keep the number of modules as low as possible. You can disallow access to your theme’s files/templates, using a .htaccess file with the following content:
<FilesMatch ".tpl$"> order deny,allow deny from all </FilesMatch>
6. Use Active Security solution tailored for Prestashop
60% of SMBs are unable to resume business after facing a cyberattack. Instead of waiting for the disaster to happen, prepare yourself beforehand. Have an active security solution in place to protect your Prestashop website.
There are many security solutions available for e-commerce security. How to find which one is most suitable for you? Here is what you should look for in your website security system:
- Optimized to seamlessly blend with the Prestashop working environment.
- Provides an active web application firewall
- Conduct regular Malware scanning
- Facilitates malware removal
- Provision to conduct a regular vulnerability assessment and penetration testing
- Blacklist monitoring
- Provides protection against spam
- Easy to use and understand
- Backed by a strong and reliable support team
Astra Security has combined all the above features and added many more to provide you with the most cost-effective and efficient security solution. Get an Astra demo today.