Searching for malicious code in modules
When you install, configure, or improve a PrestaShop webshop, you won't code all your modules. You will probably buy modules or download free ones. In all cases, it's always good to read the code of these modules. In this section, I will show you some of the common tricks I encountered while I was working on PrestaShop modules. However, keep in mind that this list is not exhaustive.
Just one last thing before starting: do not worry!
I will make a summary of all the malicious code I encountered on PrestaShop modules, but it concerns only a very small percent of all the modules I worked on.
Checking for unusual e-mail sending
Some modules use the mail
function to track which shop is using it. So, you may find this kind of code:
$message = "A new shop is using my module!\n"; $message .= $_SERVER["HTTP_HOST"]."\n"; mail("sheldon.cooper@fabulous-world.com", "New Shop", $message);
This is not very harmful...