High Database Load & Suspicious Log Entries: Troubleshooting PrestaShop Security

View original discussion by Migrate My Shop Expert on GitHub →

Investigating High Database Load and Strange Log Entries in PrestaShop

A PrestaShop merchant reported receiving notifications from their hosting provider about an unusually high number of database requests. Upon inspecting the server logs, they discovered numerous 404 errors and suspicious-looking GET requests, raising concerns about a potential hack or malicious bot activity.

The original poster (JEsc) shared examples of the suspicious log entries:

"GET /recherche?c HTTP/1.1" 200 11857 "https://xxxxxxx/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/xxxxx Safari/xxxxx"
"GET ??????/ps_facetedsearch/views/dist/front.css HTTP/1.1" 404
"GET /mon-compte HTTP/1.1" 302 - "https://www.google.com/search?hl=en&q=testing"
"GET /js/jquery/ HTTP/1.1" 403 199 "https://www.google.com/search?hl=en&q=testing"

They also noted attempts to inject code snippets containing "XOR" and "OR" operators, which were being blocked by the PrestaShop forum's security measures.

Root Cause Analysis and Solutions

A forum user (Mediacom87) identified two potential issues:

  1. Faceted Search Module Bug: A known defect in PrestaShop's native faceted search module can lead to the generation of millions of links, resulting in excessive database requests from both legitimate and malicious bots. The suggested solution is to replace the default module with a third-party alternative, such as AmazzingFilter.
  2. SQL Injection Attempts: The injected code snippets indicate potential SQL injection attempts. Mediacom87 advised that a properly configured Web Application Firewall (WAF) should block these attacks.

Resolution Steps

  1. Faceted Search Module: The user was advised to consider using an alternative to the default faceted search module.
  2. WAF Activation: The original poster discovered that the WAF was not enabled on their hosting account and promptly activated it for all domains and subdomains.
  3. Monitoring: The user was advised to monitor the website's behavior and test URLs to ensure the issues were resolved.

Key Takeaways

  • High database load can be a symptom of underlying issues, such as module bugs or security attacks.
  • The PrestaShop faceted search module can sometimes cause performance problems due to excessive link generation.
  • A properly configured WAF is crucial for protecting against SQL injection and other web application attacks.
  • Regularly monitor server logs for suspicious activity.

This thread highlights the importance of proactive security measures and the value of community knowledge in troubleshooting PrestaShop issues.

See Also:

Previous
Category Visibility Issues After PrestaShop 1.6 to 9.0 Migration: A Solved Case
Next
Hiding Product Descriptions in CMS Blocks: A CSS Solution for PrestaShop 8

Start with the tools

Explore migration tools

See options, compare methods, and pick the path that fits your store.

Explore migration tools