by | 24 Oct 2016

PrestaShop is the New Black for hackers

Is your PrestaShop site secure from hackers? eCommerce security should be one of your top concerns, because in the end it can cost you everything. Over the last few weeks, over 100 security breaches have been discovered in PrestaShop sites and it does not look like it is slowing down yet. In this article, you will see why PrestaShop sites are the New Black for hackers, and solutions to easily secure your website before it is too late.

Hackers targeting PrestaShop’s website backend

In a matter of hours, small eCommerce sites can have dozens of credit card numbers stolen and used by attackers on other websites around the world. We used to stop hackers stealing customer credit card numbers, but last week Sucuri discovered that attackers was firstly targeting CMS credentials on PrestaShop websites.

To proceed, the attacker is place a malicious code on the targeted website:

prestashop-hack-securityAs we can see on this malicious code provided by Sucuri, the attacker got the PrestaShop backend credentials of the administrator. These information are sent directly to the hacker by email (« bajatax121@gmail » on this screenshot).

With stolen credentials, hackers can have full control on the PrestaShop backend interface of its victim. Allowing the attacker to change your homepage, implement malware, download your database, etc…

7 steps to make your PrestaShop site more secure

As PrestaShop is one of the most popular eCommerce platform in Europe, it comes under the greatest number of attacks from hackers who would love to get inside your online shop to steal your customers information and credit card details,  spam your customers and conduct phishing campaigns on your behalf.

We have seen dozen of sites totally deleted from their servers, sites that look and act fine, but have backdoors present, we have seen others that have been converted into phishing sites for stealing passwords and credit card information.

To break up this trend, I urge you to read the article 7 tips to make your PrestaShop site more secure for anyone looking to protect their PrestaShop from hackers. On the menu:

  1. Never use your PrestaShop admin password for anything else
  2. Require a TLS / SSL certificate for your PrestaShop login pages
  3. Make sure that your PrestaShop is upgraded to the latest version
  4. Don’t forget to apply the Security Patch Module for your PrestaShop
  5. Only use trusted PrestaShop extensions
  6. Make sure to backup your PrestaShop regularly
  7. Use a magic solution for PrestaShop vulnerability assessment

A cybersecurity solution for PrestaShop sites

Hackers are finding new PrestaShop modules everyday that can be hacked. With the time and cost involved in checking all of the PrestaShop modules it is simply impossible to do at this point. For example, a new vulnerability has been detected this week-end in the VTEM Skitter module of Prestashop CMS. One more vulnerability and how many victims more?

Hopefully, there is a good online tool from OZON to assess your PrestaShop site risk level for free. At the end of the test you will see the security report and be able to patch discovered vulnerabilities.  This 360 cybersecurity solution makes your online shop really secure and safe from sophisticated cyberattacks.

And last but not least, OZON just released a free anti-fraud PrestaShop module that enables every eCommerce and mCommerce to detect sophisticated fraud and fraudulent transactions. But what are the features of the OZON PrestaShop module? Discover it now!