Be carefull with hackers who can destroy a work of life!
Be careful with hackers who can destroy a work of life!
However, you do not have to panic, there are a few things that you can do to protect your site in from them. The security of your site must be the most important thing. Think about it for a bit, how much time have you spent so far on creating the perfect site? - and I mean from start until today. I'm sure you wouldn't be very happy if it got deleted from one day to the next or if you lost all control over it.
Nowadays there are more and more problems with these cybercriminals. We had seen entire sites deleted from their servers or some that were turned into phishing sites to stealing-passwords and credit card information. We have to mention that standard PrestaShop does not have any vulnerabilities, the problems always come from modules and themes.
There are a few modules that we know are not safe at all, we'd like to draw your attention to delete them as quickly as possible to reduce the uncertainty on your site.
The first one is the Attribute Wizard Pro module which was discovered to be an easy way for hackers to gain control of your website.
Another module that can cause you serious problems is the Send to a Friend module. In our opinion, all users should delete this module as quickly as possible, it is not enough just to disable, it should be deleted!
The third module is Abandoned Cart Reminder Pro module that was created by Addons but it's vulnerable. Just like the modules above, this one can be accessed by hackers. As long as you have it, even if it's disabled, it can cause huge problems.
The fourth module that needs to be mentioned is Advanced Theme Configurator & Css Magician module which is known to cause a lot of trouble.
If you have any of the modules listed above, we advise you to uninstall them as soon as possible and to check if you are infected already or not.
Each site is different, but the security defects are largely the same. The most effective way to fight with hackers is to have a back-up of your current files and database or upgrade to the newest version of PrestaShop.
There are some ways to recover the full security of the site:
- Restoring a pre-hack backup
- You must delete all files and use PrestaShop archived files
Besides cleaning files and replacing them with a backup, you should:
-Change the BackOffice password and other administrator accounts
- Check employee pages to ensure that no new ones have been created
- Changing the SQL, FTP password
-Modify the username and password of your bank modules if you use them.
In these moments, no one can offer a way to protect your site 100% in from hackers. But you can reduce their ways of reaching your site by choosing modules that you have the most confidence in. If they get to your site, you have to be prepared to reduce the loss caused by these guys.
PS: In our next post you will be able to read about PrestaShop themes that may contain severe vulnerabilities.