Prestashop redirect hack

How to fix Prestashop Hacked Redirect

Prestashop is widely used for e-commerce over the internet. Being so popular, Prestashop is also frequently targeted by hackers. As a result, the customers may face issues like Prestashop hacked redirect wherein the users are redirected to malicious sites. Some other consequences include being blacklisted by search engines, malicious adverts, etc. Often users infected with Prestashop hacked redirect or any other hack resort to forums for help. This is because there is a lack of information on how to get rid of these PrestaShop hacks. The ones that are available are not very reliable, so to say. In such an event, forums seem like the only good resource there is. For example, see the pictures below:

Type caption (optional)
Type caption (optional)

Today, with this article, we aim to provide a one-stop knowledge resource to Prestashop redirect hack. We will discuss in detail its symptoms, common hack areas and remediation steps.

Symptoms of a PrestaShop Redirect Hack

Some common symptoms of a Prestashop hacked redirect are:

  • Malicious pop-ups appear on the site which redirects users to spammy domains.
  • The site becomes slow and unresponsive.
  • There is a sudden spike in the site bounce rate.
  • Search engines like Google blacklist your website.
  • The hosting provider may suspend your account.
  • Adblockers are blocking your website.

Some files are commonly targeted by attackers during a Prestashop hacked redirect. These are:

  • Index.php.
  • Config.php.
  • .htaccess file.
  • Functions.php.
  • Buggy template files.
  • Footer and Header of theme files.

How to fix PrestaShop Hacked Redirect

Step 1: Prerequisites

The first step would be to take a backup of the Prestahop store in case something breaks while removing malware. To do so, follow this article in the official documentation. Also, in case you use a hosting service, you can request them for a backup of your site.The next thing would be to put your Prestashop store in maintenance mode. Doing so will prevent customers from placing orders on your store while you are working to remove the malware. To do so:

  1. Login to your Prestashop Dashboard.
  2. For Prestashop 1.7, navigate to Shop Parameters>Mainetnance.
  3. Now here, change enable shop to No and click on Save.
Type caption (optional)

Step 2: Detection

Now try to locate the source of Prestashop hacked redirect infection. In case the site has been blacklisted by Google, the security tab can help in finding the source of infection. You can use online malware scanners to search for infected files like the one here. If you are still unable to trace the source of Prestashop hacked redirect infection, look for any suspicious files or any new administrator accounts. Also, search for suspicious links in the source code of the files.

Step 3: Cleanup

If one of your core files is infected, replace it from the official repository of Prestashop. For database infection, try dropping the infected tables or if you already have a backup then restore it from there. Delete suspicious files that are not part of core Prestashop. Remove any suspicious plugins, themes, etc. Moreover, change all the passwords (Dashboard, FTP, etc.).Finally, when the infection is resolved make sure to turn off the maintenance mode. Sometimes the infection may reappear after cleaning. Or you are unable to spot the infection in the first place.

PrestaShop Security Measures

  • Make sure the password to the Prestashop dashboard is a secure and random one. If possible, use an addon that provides two-factor authentication while logging in.
  • Ensure that the permissions for folders are set to 755 in Prestashop and 644 for files.
  • Avoid using null themes or modules. They may come free but are often injected with malware which can cause Prestashop hacked redirect issues. Also, avoid using the ones which are not reputed as they may contain security bugs.
  • Use a security solution or firewall of some sort.
  • Keep your Prestashop store up to date as updates contain important security improvements that can be verified using the changelogs.
  • Use CAPTCHA modules to prevent spam on the Prestashop store.
  • In case you suspect that your website is injected with Prestashop hacked redirect, scan it online and determine the cause.
  • If your Prestashop store is hosted on Apache server, use .htaccess to block access to sensitive directories. To do so create a .htaccess file in them and add the following code to it:
Order Deny,Allow
Deny from all
Allow from 22.33.44.55

Conclusion

As evident from the article, there are multiple ways in which the Prestashop hacked redirect can occur. For an average user of Prestashop, it may be next to impossible to prevent it in any manner. Although covering the basics mentioned in this article can provide you some security, nevertheless the redirect hack can still occur. To prevent such a scenario, a security audit and penetration testing of your Prestashop website are important. The security audit will try to uncover loopholes while the penetration test will try to exploit them. This would emulate a real-world scenario where the hacker would try all this. Doing so will help you find the security issues with your Prestashop store and patch them.

Leave a Comment