Can’t login as admin to Prestashop 1.7.8.6

First of all, it is very important to keep you shop engine up to date exept if there are serious vulnerabilities in that version what you are going to upgrade into. When you reach the version that is stable, maybe it’s better to wait couple of versions before upgrading to newest version, just in case. This way you’ll know if new versions have any problems before you upgrade your online shop. It might save you from lot of trouble. I’m glad I have just done that, because one of the Prestashop versions was vulnerable to malicious injection. This Prestashop version was 1.7.8.6.

I run WHM controlled server and I get messages (tweaks) if something strange is happening in the server files. There is great plugin installed called Imunify what detects malware and viruses from server files. What a great thing! And this morning I had one of those messages in my mailbox waiting when I woke up. Message said something about malicious activity on some server, so I checked it out as soon as I could. (NOTE: not anything that was online)

Imunify is great because it shows what files are infected. And it really was one Prestashop version which is not online. I had upgraded it a while ago. It still got infected. Very strange. Even when the shop is not online anymore. So I just entered file system and checked these files.

It was not hard to detect malicious code that was injected into the file. It looked like this:

(Injected code in red highlighted area)

Malware code was located at the end of the file and I just deleted it and saved the file. What this code does is that it hijacks your shop. Meaning that admins can’t log into the Back Office, not even superadmin. Originally there were a lot more infected files than this. Luckily all infected files were found and there was also newer version available. Upgrading to new version overwrited (replaced) all infected files. Luckily next versions of Prestashop did not have that ”feature” and for now all shops are safe from this malware. At this point, newest version of Prestashop 1.7. is 1.7.8.8.

If you are merchant and you don’t have access to shop file system or WHM, you need to ask your technical support to upgrade your Prestashop and that will repair your shop. It will help.

Miksi et pääse kirjautumaan Prestashop 1.7.8.6 kauppiaspaneliin?

Ensinnäkin on erittäin tärkeää, että kauppaohjelmisto on ajan tasalla, jollei tiedossa ole haavoittuvaisuutta uusien versioiden kohdalla. Kun asennettuna on stabiili versio, on ehkäpä hyvä pysyä siinä hetken aikaa ennen kuin päivittää käynnissä olevan verkkokaupan uusimpaan versioon, jota ei ole välttämättä testattu uhkilta. Odottamalla hetken, ainakin uhkat tulevat ilmi, ja saatat välttyä niiltä.

Onneksi olin tehnyt näin, koska yhdessä Prestashopin versiossa oli suuremman luokan ongelma, nimittäin kaupan adminit eivät päässeet kirjautumaan kauppiaspaneeliin sisälle. Prestashoppiin oli asentunut jostakin malware joka kaappasi kaupan haltuunsa. Tämä haavoittuvainen versio oli Prestashop 1.7.8.6.

Pidä aina testikauppaa jossa voit testata vaikkapa uusia moduleita ja kokeilla kaikkia pikku muokkauksia.

Can’t login as admin to Prestashop 1.7.8.6 Read More »