Prestashop Security

Prestashop Pharma Hack: Symptoms, Causes and Fixes

Published on: May 29, 2020

Prestashop Pharma Hack: Symptoms, Causes and Fixes

Prestashop pharma hack is a widespread attack on PrestaShop stores and other websites that are left unattended. During your browsing experience, you might have come across a web address or page title that displays products unrelated to that particular website. A classic example is where the suspicious advert promises quickly available pharmacy drugs. Such an attack can cause significant damages to the e-commerce store you have worked so hard to maintain. Therefore, it is crucial to understand the PrestaShop pharma hacks, examples as well as how to identify and get rid of them.

What is a Pharma Hack?

A Prestashop pharma hack is when fraudsters exploit the vulnerabilities on your store to show pharmaceutical products along with your actual webpages or products in the search engine results.

Examples of Pharma hack

PrestaShop pharma hack frequently includes banned or illegal pharmaceutical products. A PrestaShop pharma infection is a Black hat SEO technique and injures your organic Google rank, eventually causing your store to get blacklisted.

Why do spammers do this?

The reason behind this is that online search provides valuable referrals to businesses. Therefore, SEO hacks allow them to achieve this quickly without much sweating. Remember that search engines don’t fancy shady websites. By hijacking an innocent but ranking website, hackers can have a spot in the top SERP. They are notorious in using terms such as Cialis and Viagra, or some other popular drug.

Examples of a PrestaShop Pharma Hack

The internet is bustling with Pharma hack examples on all sorts of domains. Pharma hack is one of the most common spam hack techniques a hacker uses to divert your organic traffic and steal your SEO juice to the hacker’s domain.

One of the easiest ways to look up PrestaShop pharma hacks is – a quick Google search. Just type in terms like – buy Viagra online, buy Levitra online, and buy Cialis online in the search box, and Google will render thousands of results. Only a few of those results are legitimate.

On examining the second-level domains you can easily spot Pharma hack examples. For examples, see the following results I found after running the mentioned search query:

For search query – buy levitra online

PrestaShop Pharma Hack

In this case, the highlighted domain belongs to a cancer awareness organization. The URL, as you can see, directs to the newsletter signup page, which the hackers have redirected to spammy domain selling cheap Levitra drug. More examples of the Levitra hack are given below:

For search query – buy cialis online

Here, the highlighted domain – amityfoundation.[org] belongs to a Chinese organization working towards the welfare of Chinese people. If you notice the URL, it in no way hints at a product page for Pharmaceuticals like Cialis. Clearly infected.

More such examples of Cialis hack are given below:

Cialis hack examples

For search query – buy viagra online

Viagra hack examples

Again, the URL of the highligted domain – businessinsider.[in] directs to the list of the articles and not to a product’s page. Another victim of the Viagra hack.

More Viagra hack examples below:

Viagra hack examples

Bad players can add posts, links or even the complete pages to lure visitors away from your website. Usually, they re-direct your traffic to their websites, where they can do the conning.

Is Your Website Suffering from PrestaShop Pharma Hack?

As a webmaster or user of a website, you may find it difficult to detect SEO spams. Hackers make it a point to hide their spamming in a process known as ‘Cloaking’. However, you can examine your website to check for any incidences of pharma attack using the following means:

1. Google search to find out

Google search engine may display a list of affected websites when you type in words like ‘Viagra’ followed by website pages. Due to Google’s webmaster policies, the affected websites may be on the 2nd or higher pages of search results. If your site doesn’t come up in the search, you are a victim. The list includes both the infected websites and fake pages.

You can check for Viagra SEO spam by typing into the google search one of the pharmaceutical terms such as “viagra” followed by your domain, i.e., viagra

Sometimes, only a few web pages of your store are infected with the PrestaShop Pharma Hack. The search will reveal all such pages. Sometimes these pages redirect to online pharmacies selling these drugs, other times, they load on the same page.

2. Check with a Malware Scanner

Alternatively, you can also use an advanced Malware scanner to identify infected pages on your PrestaShop store. An intelligent malware scanner like Astra’s will not only locate the hack but also provide an easy review of those infected files and pages. You can remove the links with just a click of a button from the Astra dashboard itself.

Malicious text flagged by the Astra Malware Scanner

3. Impersonate Google Bot

In the case of a sophisticated PrestaShop Pharma hack case, search engines may not catch these spam pages. However, Googlebot and some other user agents can smoke them out. Looking up your website’s page as the Google bot sees it might do the trick. For this, you will need to switch your browser in a Google bot to fetch the spam pages.

The User-Agent Switcher browser will help here:

  • Install the special browser
  • Go to your web pages
  • Edit the user-agent string to-
  1. Mozilla/5.0 (compatible; Googlebot/2.1; +
  2. Googlebot /2.1 (+
  • View the source of the page by right-clicking on it. You will be able to view the redirect.

Remember to deactivate the User-Agent Switcher after finishing the check. Otherwise, Google may block or blacklist your website as it will appear as Googlebot to them.

Step-wise Removal of PrestaShop Pharma Hack

1. Backup the database and the website files

Compress the files of your website and download it to your local device. Alternatively, ask the company that hosts your website to keep your files’ backup.

2. Examine search console

Go to your Google search console and see if there are new users. Also, check for the security tab and any recent link submissions. Additionally, conduct a live test to the spam URLs connected to your site.

3. Check the page as a Googlebot

As mentioned earlier, only certain user-agents like Googlebot can see a Prestashop pharma hack. The User-Agent Switcher extension/addon is available for various browsers. Follow the previously mentioned steps to identify the Prestashop pharma hack.

4. Scan and delete the PrestaShop pharma hack malware

The hackers are storing malware in the site core, theme files and plugins through the pharma hack. Scan the directories.

  • Scan the theme file, plugins and .htaccess file for any modified code and strange filenames. You can make a comparison with your website’s backup copy.
  • Compare the main files with their fresh copies, after downloading them from the PrestaStop store. You can use an online difference checker tool to compare these files.
  • Scan your database to see if it has malicious entries.

5. Remove spam links and establish solid-rock security measures

  • Submit spam links for removal via Google webmaster
  • Change your password for the database, FTP and admin
  • Utilize Astra WAF to secure your e-commerce against any possible PrestaShop pharma hack or other attacks in real-time.


Prestashop pharma hacks can be a nasty headache to your eCommerce. They can steal your hard-earned traffic, lower your ranking in search engines, and give your business an ugly reputation. Therefore, if you experience such SEO spams, you need to identify and remove them immediately. Our security tools and a team of professionals can help you with this. After you have removed the PrestaShop pharma hack, don’t forget to secure your store with a rock-solid firewall to ensure such hacks and others don’t repeat in the future.

Was this post helpful?

Jinson Varghese

Jinson Varghese Behanan is an Information Security Analyst at Astra. Passionate about Cybersecurity from a young age, Jinson completed his Bachelor's degree in Computer Security from Northumbria University. When he isn’t glued to a computer screen, he spends his time reading InfoSec materials, playing basketball, learning French and traveling. You can follow him on Medium or visit his Website for more stories about the various Security Audits he does and the crazy vulnerabilities he finds.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany