Prestashop Security

Prestashop Admin Hack: What Should Be Your Plan of Action?

Published on: May 29, 2020

Prestashop Admin Hack: What Should Be Your Plan of Action?

PrestaShop admin hack is more common than you think. By hacking into your PrestaShop store’s admin panel, an attacker gains complete control over your PrestaShop Store.

The attacker can extract sensitive information of customers, modify products to show illegal & banned items, manipulate pricing, insert card skimmers, divert payments to their bank accounts, inject malware into visitors’ systems, inject spam, defame your business, and whatnot!

PrestaShop, as you know, is a popular e-commerce solution with over 250000 active online stores, and growing. A typical PrestaShop store has enormous data that is highly desirable by hackers. Moreover, vulnerabilities in PrestaShop add-ons, core, and other store extensions give hackers an easy way to get in.

This makes PrestaShop security a big concern for all PrestaShop users.

With this article, we try to prepare you against a potential Prestashop admin hack. In this blog post, we will answer questions like:

  • How to detect if your admin panel is hacked?
  • How to prevent attacks on the admin panel?
  • What to do in case of a Prestashop admin hack?
  • How to secure your store against such hacks?

How to detect a Prestashop admin hack?

Administrative anomalies and an ill-working admin panel could be a sign of the Prestashop admin hack. However, there are other symptoms as well:

  • Privilege escalation for lower-level account users.
  • You are facing trouble in accessing your website.
  • New admin accounts appear overnight.
  • Your store is blacklisted by search engines.
  • Malicious code injections found in important files.
  • Site accessed by multiple unknown IPs.
  • Your account is suspended by your hosting provider.
  • The website is defaced.
  • Customers complain of card abuse.
  • You notice modifications in the product tables.
  • The database has been tampered with, etc.

See the following PrestaShop admin hack example:

Prestashop admin hack example

Not able to login to your store backend is a classic example of a PrestaShop admin hack.

If you have been hacked with the PrestaShop admin hack or notice suspicious activity on your admin panel, follow this PrestaShop hack removal guide or get in touch with experts immediately.

How to Remove the Prestashop Admin Hack?

Now, let’s see how you can remove the PrestaShop Admin hack from your website.

1. Take the store offline

Before you do any changes to your website you should take it offline to assess the extent of the damage done. Taking the website offline could save your customers from having a bumpy experience. Turning the maintenance mode on also means no flagging by Google crawlers. We need not mention how getting flagged by Google sharply reduces your SEO rankings. This way you can be freer while making changes without risk.

This is how you can put your website in maintenance mode as the first step to Prestashop admin hack:

  1. Go to Shop Parameters → General
  2. Choose Maintenance tab
  3. Under the maintenance section make the following changes:
    (a). Disable website for visitors
    (b). Fill in your security agent’s IP in the Maintenance IPs tab. This would allow your security engineers to access your website.
    (c). Compose a custom maintenance message that will be visible to your visitors.
  4. Save changes.

2. Backup all data

Backing up data is a good idea before making any modifications to your website. It involves two things- copying files and backing up databases.

File back up is easy. Connect to your server with an FTP or SSH connection. Copy the files in another location and download them to your computer. You can compress your files before copying. Use the following command in SSH to compress your files.

tar -czf <file_name>.tar <folder_to_save>

To backup Prestashop database, use mysqldump command in Linux terminal.

mysqldump yourdbname > dump.sql

This creates a file dump.sql with database structure and data of the database whose name is yourdbname

More details about backup & recoveries with MySQL binaries can be found in the official documentation.

3. Get expert’s advice

When so much is at stake, as during a Prestashop admin hack, I recommend you to consult experts before making any changes. You could save a lot of precious time and re-establish your store much sooner.

Security experts at Astra are committed to making the e-commerce industry safer for all stakeholders. They provide 24 x 7 support and guidance for Prestashop users and can help you secure your website from any future attacks. For immediate help, get in touch with Prestashop security experts with the help of the chat widget.

4. Run a malware scan

Running a malware scan points out suspicious programs and codes that might have been injected by the hacker. The task of finding and removing malware is of utmost priority. The scan would give us the extent of the infection and detail of the type of malware that has been injected. This would hasten the remediation process.

Prestashop malware scanner should not only detect hidden malware but also hidden backdoors. Most malware scanners use signature matching to find malware. A heuristic approach to malware scanning provides additional security.

Experts at Astra have developed a malware scanner tailored especially for Prestashop websites. One scan would give you a detailed, graphical report of the attack.

Malware scanner for prestashop
Astra malware scanner

Further, the “Login Activity” tab inside the Astra dashboard logs all login attempts. In fact, it blocks all malicious and bot attempts to log into your PrestaShop store.

Login Protection by Astra

5. Look for modified files

To carry out the Prestashop admin hack, an attacker might have modified some core files to gain access or create backdoors on your website. You can find these files by looking for file modifications.

To pinpoint changes in core files, you can compare the files with a freshly downloaded Prestashop folder. To compare the content of the two, follow these steps:

  1. Download the Prestashop version that you are using from PrestaShop.com. Let’s call this directory $BASE.
  2. Download the core files of your website. Let’s call this directory $YOUR.
  3. Compare $BASE to $YOUR. This will show you changes in core.
cd $BASE
for i in `find . -type f`
do
diff -q $i $YOUR/$i
done

Do the same thing in reverse, to find files that have been added to your installation that are not in $BASE.

cd $YOUR
for i in `find . -type f`
do
diff -q $i $BASE/$i 2>>/tmp/newfiles
done

Now the file /tmp/newfiles will show list of additions that were made in your installation.

To find files modified in the last 24 hours use the following command:

find -type f -ctime -0 

The type f tells to look for files only not directories. The ctime tells the processor to locate files changed in the last (n+1)*24 hours. Therefore, 0 means within the last 24 hours, 1 means between 24 and 48 hours ago, 2 means between 48 and 72 hours ago, etc. Refer to this document for more details on ctime value.

6. Find common backdoors

Some common backdoor are present in all versions of Prestashop. These are functions that allow better customization of user experience. Unfortunately, these are very frequently exploited by hackers to gain access to your website and carry out the Prestashop admin hack and other hacks alike. Here are some commonly found backdoor in Prestashop:

  • grep -ri “eval” [path]
  • grep -ri “base64_decode” [path]
  • find uploads -name “*.php” -print

7. Clean the Prestashop admin hack

Lastly, take action on the findings from all the above steps. Delete all the infected files and replace them with fresh ones. However, exercise caution! Some files like .htaccess are crucial to the working of the server. So, consult experts before making any changes.

How to prevent the Prestashop admin attack?

1. Update

Keep your CMs up to date. Vulnerabilities in older versions of Prestashop are public knowledge. Thus, having an older version of CMS is putting your website at unnecessary risk. Furthermore, developers at Prestashop regularly release security patches for recently surfaced vulnerabilities. Therefore, turn on automatic updates on Prestashop.

2. Enable HTTPS

Use a secure connection. Enable and update your SSL certificates. The secure https connection not only improves security but also boosts your SEO rankings. The green lock beside the https:// also builds trust among your customers.

secure ssl certificate
enabled https

3. Rename admin folder

The PrestaShop back office is the administration area of your store to manage the different aspects of your PrestaShop site. By default, the folder is named admin. Renaming the admin folder can deter hackers from gaining access to the folders by brute force attacks.

  1. Go to cPanel file manager
  2. Select admin folder
  3. Click on rename icon
  4. Pick a unique name and click on the rename button to save changes.

4. Delete install folder

Install folder is required only during the installation of Prestashop and has no later use. You can delete the install folder (if you haven’t already). Use the following steps:

  1. Go to cPanel file manager
  2. Select install folder
  3. Click on the delete icon

5. Restrict access to Back Office folder

Back Office folder is a default folder. Therefore, the admin URL is public knowledge. This makes it crucial for security. Here are steps to set up basic authentication for the back office folder.

  1. Create a .htaccess file and .htpasswd file or You can generate both files on PrestaShop htaccess generator:
  2. Place the two files in the root folder /var/www/prestashop/admin123456
  3. For additional security, you are recommended to put this file into a directory that is inaccessible to your web applications

6. Block direct access to the template

Third-party modules and templates could act as gateways for fraudsters. Use secure and trust-worthy modules. Keep the number of modules as low as possible. You can disallow access to your theme’s files/templates, using a .htaccess file with the following content:

<FilesMatch ".tpl$">
order deny,allow
deny from all
</FilesMatch>

6. Use Active Security solution tailored for Prestashop

60% of SMBs are unable to resume business after facing a cyberattack. Instead of waiting for the disaster to happen, prepare yourself beforehand. Have an active security solution in place to protect your Prestashop website.

There are many security solutions available for e-commerce security. How to find which one is most suitable for you? Here is what you should look for in your website security system:

  1. Optimized to seamlessly blend with the Prestashop working environment.
  2. Provides an active web application firewall
  3. Conduct regular Malware scanning
  4. Facilitates malware removal
  5. Provision to conduct a regular vulnerability assessment and penetration testing
  6. Blacklist monitoring
  7. Provides protection against spam
  8. Easy to use and understand
  9. Backed by a strong and reliable support team

Astra Security has combined all the above features and added many more to provide you with the most cost-effective and efficient security solution. Get an Astra demo today.

Was this post helpful?

Ananda Krishna

Ananda Krishna is the co-founder & CTO of Astra Security, a SaaS suite that secures businesses from cyber threats. He has been acknowledged by the Indian Navy, Microsoft, United Airlines, etc. for finding critical security vulnerabilities in their systems. Winner of the Best Security Product at Global Conference on Cyberspace 2017 (awarded by Narendra Modi, Prime Minister of India) & French Tech Ticket, Paris (awarded by François Hollande, former President of France).At Astra he's building an intelligent security ecosystem - web application firewall (WAF), malware detection & analysis, large scale SaaS applications, APIs & more. He's actively involved in the cybersecurity community and shared his knowledge at various forums & invited talks.
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany