Hikashop Vulnerability

  • Posts: 87
  • Thank you received: 2
8 months 1 week ago #343344

-- HikaShop version -- : 4.6.1
-- Joomla version -- : 3.10.9
-- PHP version -- : 7.3.33
-- Browser(s) name and version -- : ALL
-- Error-message(debug-mod must be tuned on) -- : Frontend "you do not have access to this page!"

Good Day Awesome Hikashop Team!
Twice now I have had this message on the Front End of a website I manage with Hikashop Starter.
Previously I restored a backup and it started working again.
This time I re-installed Hiksahop and the problem went away.

I have since found this thread :
This person and another experienced the same
Is there a Vulnerability in Hikashop?

Please Log in or Create an account to join the conversation.

  • Posts: 78303
  • Thank you received: 12368
8 months 1 week ago #343345


That error message is not in HikaShop.

What indicates the information you provided and the information on that thread of the Joomla forum is that the file /administrator/components/com_hikashop/helpers/helper.php has been modified by an attacker.
But that doesn't necessarily means that the attacker went through HikaShop to attack your website. It could be any other extension out there.
Once the attacker has access your website with enough priviledge, it can change anything in there. For example, if the attacker found the password of your super admin account, they can install their own extension which can do anything to the files of your website.
Reinstalling HikaShop will remove the modification in the helper.php file but if the attacker still has access to the website via another way, he will be able to add back his modified helper.php file easily. So while reinstalling HikaShop is a short time fix for that error message, it's not a solution.

So unfortunately, it's hard to conclude on anything with the information provided so far.
What I can say for now is that there are no known vulnerabilities in HikaShop at the moment.

I would recommend you install RS Firewall or a similar security extension on your website:
With it, you'll be able to protect your website while at the same time getting information on how the attacker is able to infiltrate your website.
There are also security services like sucuri.net/website-security-platform/help-now/
They can analyze the situation and sort it out for you. It's more costly but they do everything for you.

Please Log in or Create an account to join the conversation.

Time to create page: 0.055 seconds
Powered by Kunena Forum